CVE-2024-10379

A vulnerability classified as problematic was found in ESAFENET CDG 5. Affected by this vulnerability is the function actionViewDecyptFile of the file /com/esafenet/servlet/client/DecryptApplicationService.java. The manipulation of the argument decryptFileId with the input...

CVE-2024-10377

A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. This issue affects the function actionPassDecryptApplication1 of the file /com/esafenet/servlet/client/DecryptApplicationService.java. The manipulation of the argument id leads to sql injection. The attack may be initiate...

PT-2024-16229 · Safenet · Esafenet Cdg

Name of the Vulnerable Software and Affected Versions: ESAFENET CDG version 5 Description: A critical issue affects the actionPassDecryptApplication1 function in the /com/esafenet/servlet/client/DecryptApplicationService.java file. The manipulation of the id argument leads to SQL injection. The...

CVE-2024-10069

A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. Affected by this issue is the function actionPassMainApplication of the file /com/esafenet/servlet/client/MailDecryptApplicationService.java. The manipulation of the argument id leads to sql injection. The attack may be...

EsafeNet CDG SQL注入漏洞

EsafeNet CDG is a document security management system from EsafeNet. EsafeNet CDG V5 version has a SQL injection vulnerability, which originates from the parameter id of the file /com/esafenet/servlet/client/MailDecryptApplicationService.java, which can lead to SQL injection...

CVE-2022-2031

...

CVE-2024-7206 Firmware extraction and Hardware SSL Pinning Bypass

SSL Pinning Bypass in eWeLink Some hardware products allows local ATTACKER to Decrypt TLS communication and Extract secrets to clone the device via Flash the modified firmware...

CVE-2024-7206 Firmware extraction and Hardware SSL Pinning Bypass

SSL Pinning Bypass in eWeLink Some hardware products allows local ATTACKER to Decrypt TLS communication and Extract secrets to clone the device via Flash the modified firmware...

CVE-2024-47121

The goTenna Pro App uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and use it to decrypt all future and past messages sent via...

CVE-2024-47121

The goTenna Pro App uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and use it to decrypt all future and past messages sent via...

CVE-2024-45374

The goTenna Pro ATAK plugin uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and use it to decrypt all future and past messages sent vi...

goTenna Pro 安全漏洞

goTenna Pro is a series of devices from goTenna that create networks for off-grid communications and situational awareness. A security vulnerability exists in the goTenna Pro that stems from the use of a weak cipher for QR broadcast messages. If a QR broadcast message is captured via RF, it can b...

PT-2024-7606

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.58 Description The issue is related to a use-after-free vulnerability in the async decryption function of the Linux kernel's SMB client. This vulnerability can be exploited to impact the confidentiality,...

PT-2024-31616 · Zte · Zte Routers

Name of the Vulnerable Software and Affected Versions: ZTE routers affected versions not specified Description: The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in the rsa decrypt function. This function is an API wrapper for LUA to decrypt RSA encrypted...

CVE-2024-45413

The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in rsadecrypt function. This function is an API wrapper for LUA to decrypt RSA encrypted ciphertext, the decrypted data is stored on the stack without checking its length. An authenticated attacker can get RC...

CVE-2024-45311 Denial of service in quinn-proto when using `Endpoint::retry()`

Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. As of quinn-proto 0.11, it is possible for a server to accept, retry, refuse, or ignore an Incoming connection. However, calling retry on an unvalidated connection exposes the server to a likely panic in th...

CVE-2024-42418

Avtec Outpost uses a default cryptographic key that can be used to decrypt sensitive information...

PT-2024-29935 · Avtec · Avtec Outpost

Name of the Vulnerable Software and Affected Versions: Avtec Outpost affected versions not specified Description: The issue concerns the use of a default cryptographic key in Avtec Outpost, which can be exploited to decrypt sensitive information. Recommendations: At the moment, there is no...

Web Browser Stored Credentials

Microsoft introduced Data Protection Application Programming Interface DPAPI in Windows environments as a method to encrypt and decrypt sensitive data such as credentials using the… Continue reading - Web Browser Stored Credentials...

Medium: containerd

Issue Overview: The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...