PT-2024-36551 · Unknown · Invoice Ninja

Name of the Vulnerable Software and Affected Versions: Invoice Ninja versions prior to 5.10.43 Description: The issue allows remote code execution from a pre-authenticated route when an attacker knows the APP KEY. This is exacerbated by .env files that have default APP KEY values. The route...

PT-2024-35944 · Unknown · Cpci85 Central Processing/Communication

Name of the Vulnerable Software and Affected Versions: CPCI85 Central Processing/Communication versions prior to V05.30 Description: A vulnerability has been identified in the CPCI85 Central Processing/Communication devices. The affected devices contain a secure element connected via an unencrypt...

cookie-encrypter 安全漏洞

cookie-encrypter is a cookie encryption and decryption library by the individual developer Emmanuel Bourmalo. A security vulnerability exists in cookie-encrypter version v1.0.1, which stems from an issue with the index.js decryptCookie function that allows an attacker to perform a bit flipping...

PT-2024-35742 · Unknown · Cookie-Encrypter

Name of the Vulnerable Software and Affected Versions: cookie-encrypter version 1.0.1 Description: The issue is related to a weakness in the encryption method used, allowing attackers to execute a bit flipping attack, specifically an AES CBC bit flipping attack, by exploiting the decryptCookie...

RUSTSEC-2024-0447 Panics on Malformed Untrusted Input

During a security audit, Radically Open Security discovered several reachable edge cases which allow an attacker to trigger rpgp crashes by providing crafted data. Impact When processing malformed input, rpgp can run into Rust panics which halt the program. This can happen in the following...

CVE-2018-9424

In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2018-9424

In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2018-9411

In decrypt of ClearKeyCasPlugin.cpp there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2018-9424

In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-11308

The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content...

PT-2024-16899 · Trcore · Dvc

Name of the Vulnerable Software and Affected Versions: DVC from TRCore affected versions not specified Description: The issue concerns the use of a hardcoded key for file encryption in the DVC from TRCore. This hardcoded key can be exploited by attackers to decrypt the files and restore their...

OAuth2 client secrets were stored in a recoverable way

None...

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from a security vulnerability that stems from the fact that OAuth2 client secrets are stored in a recoverable manner so that an attacker...

CVE-2024-7295 Hard-coded credentials used for temporary and cache data encryption

In Progress® Telerik® Report Server versions prior to 2024 Q4 10.3.24.1112, the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information...

CVE-2024-46889

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 3. The affected application uses hard-coded cryptographic key material to obfuscate configuration files. This could allow an attacker to learn that cryptographic key material through reverse engineering of the applicati...

CVE-2024-46889

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 3. The affected application uses hard-coded cryptographic key material to obfuscate configuration files. This could allow an attacker to learn that cryptographic key material through reverse engineering of the applicati...

CVE-2024-46889

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 3. The affected application uses hard-coded cryptographic key material to obfuscate configuration files. This could allow an attacker to learn that cryptographic key material through reverse engineering of the applicati...

libgcrypt: vulnerable to Marvin Attack

A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts...

The vulnerability of the decrypt_raw_data() function in the SMB subsystem of the Linux operating system allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the decryptrawdata function in the fs/smb/client/smb2ops.c module of the SMB subsystem of the Linux operating system is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity,...

Yealink Meeting Server 安全漏洞

Yealink YeaLink Meeting Server is a distributed cloud video conferencing infrastructure from China Yealink Yealink. A security vulnerability exists in Yealink Meeting Server versions prior to V26.0.0.67, which originates from allowing an attacker to obtain static key information from a front-end ...