162 matches found
CVE-2024-52881
An issue was discovered in AudioCodes One Voice Operations Center OVOC before 8.4.582. Due to the use of a hard-coded key, an attacker is able to decrypt sensitive data such as passwords extracted from the topology file...
AudioCodes One Voice Operations Center 安全漏洞
AudioCodes One Voice Operations Center AudioCodes OVOC is a web-based voice network management solution from AudioCodes, Inc. A security vulnerability exists in AudioCodes One Voice Operations Center OVOC versions prior to 8.4.582 that stems from the use of a hard-coded key that allows an attacke...
Security update for MozillaFirefox
This update for MozillaFirefox to 128.7esr fixes the following issues: MFSA 2025-09 CVE-2025-1009 bmo1936613 Use-after-free in XSLT CVE-2025-1010 bmo1936982 Use-after-free in Custom Highlight CVE-2025-1011 bmo1936454 A bug in WebAssembly code generation could result in a crash CVE-2025-1012...
CP Plus CP-VNR-3104 安全漏洞
The CP Plus CP-VNR-3104 is a network video recorder from CP Plus. A security vulnerability exists in the CP Plus CP-VNR-3104 version B3223P22C02424 that stems from improper handling and storage of certificates, which allows an attacker to decrypt communications or perform man-in-the-middle attack...
Covert Timing Channel
Overview Affected versions of this package are vulnerable to Covert Timing Channel through the decryption process. An attacker can decrypt messages or forge signatures by exchanging a large number of messages with the vulnerable service Marvin Attack. Workaround This vulnerability can be mitigate...
Covert Timing Channel
Overview openssl is a package that wraps the OpenSSL library. Affected versions of this package are vulnerable to Covert Timing Channel through the decryption process. An attacker can decrypt messages or forge signatures by exchanging a large number of messages with the vulnerable service Marvin...
CVE-2024-11308
The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content...
nimbus-jose-jwt: large JWE p2c header value causes Denial of Service
A vulnerability was found in the Nimbus Jose JWT package. By crafting a JWE with an excessively large p2c value, an attacker can trigger significant resource consumption during decryption, potentially leading to application slowdown or unavailability...
jose: resource exhaustion
Jose was found to have an uncontrolled resource consumption vulnerability. Under certain conditions, the user's environment can consume an unreasonable amount of CPU time or memory during JWE decryption operations, leading to a denial of service...
CVE-2024-27159
All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An attacker can decrypt the encrypted files using the hardcoded key. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for th...
CVE-2024-27161
CVE-2024-27161 concerns Toshiba multifunction printers (MFPs) with programs containing a hardcoded key used to encrypt files. The root cause is the use of a hardcoded credential and insecure encryption, allowing an attacker who can access the device to decrypt stored/files by using that key. Seve...
The vulnerability of the OpenSSL Handler component in the IPerf3 network bandwidth measurement tool allows a hacker to access confidential information.
The vulnerability of the OpenSSL Handler component in the IPerf3 network bandwidth measurement tool is related to the use of a secondary synchronization channel during RSA decryption operations. Exploiting this vulnerability can allow a remote attacker to gain access to confidential information...
jose-go: improper handling of highly compressed data
A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti...
jose-go: improper handling of highly compressed data
A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti...
jose-go: improper handling of highly compressed data
A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti...
kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client
An out-of-bounds memory read flaw was found in receiveencryptedstandard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service...
kernel security, bug fix, and enhancement update
An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...
Moderate: Red Hat Security Advisory: kernel-rt security and bug fix update
An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...
UBUNTU-CVE-2024-28176
jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens JWT, JSON Web Signature JWS, JSON Web Encryption JWE, JSON Web Key JWK, JSON Web Key Set JWKS, and more. A vulnerability has been identified in the JSON Web Encryption JWE decryption interfaces...
CVE-2024-28176 jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext
jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens JWT, JSON Web Signature JWS, JSON Web Encryption JWE, JSON Web Key JWK, JSON Web Key Set JWKS, and more. A vulnerability has been identified in the JSON Web Encryption JWE decryption interfaces...