CVE-2024-53614

A hardcoded decryption key in Thinkware Cloud APK v4.3.46 allows attackers to access sensitive data and execute arbitrary commands with elevated privileges...

CVE-2024-41775

IBM Cognos Controller 11.0.0 and 11.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

PT-2024-29559 · Ibm · Ibm Cognos Controller

Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 11.0.0 through 11.0.1 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. Recommendations: For...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Amcsgroup Trux_Waste_Management

CVE-2024-22734 Exploit PoC for CVE-2024-22734 !imageh...

CVE-2024-29146

User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under...

CVE-2024-29978

User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under...

CVE-2024-32151

The CVE-2024-32151 entry concerns Sharp MFPs where passwords are decrypted and stored in memory prior to user login, making decrypted passwords retrievable from core dumps. Multiple connected sources confirm this issue and link it to Sharp/Toshiba MFPs (notably Sharp 2015-2024-era devices). The r...

CVE-2024-32151

User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under...

CVE-2024-29978

CVE-2024-29978 affects Sharp MFPs (multifunction printers). The issue arises from passwords being decrypted and stored in memory before user login, with decrypted passwords retrievable from a core dump. This creates a risk of password exposure if memory contents or core dumps are accessed. Connec...

CVE-2024-29146

User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under...

PT-2024-22764 · Sharp +1 · Multiple Mfps

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves user passwords being decrypted and stored in memory before any user logs in. These decrypted passwords can be retrieved from the...

CVE-2024-41781

IBM PowerVM Platform KeyStore IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60, FW1050.00 through FW1050.20, and FW1060.00 through FW1060.10 functionality can be compromised if an attacker gains service access to the HMC. An attacker that gains service access to the H...

CVE-2024-41781

Summary: CVE-2024-41781 affects IBM PowerVM Hypervisor Platform KeyStore. If an attacker gains service access to the HMC, they can locate and decrypt data in the Platform KeyStore via service procedures. Affected versions : PowerVM Hypervisor FW950.00–FW950.90, FW1030.00–FW1030.60, FW1050.00–FW10...

IBM PowerVM Hypervisor 安全漏洞

IBM PowerVM Hypervisor is an application from International Business Machines IBM, Inc. Providing a secure and scalable virtualized environment, these applications are built on the advanced RAS features and leading performance of the Power Systems platform. A security vulnerability exists in IBM...

MAL-2024-10849 Malicious code in my-wallet-backupt-decryption-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 27ce6fe7581d2cdb10673965b6fefaeef4f33c8ae7f8ab0f45e5e3341065620e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-11308

The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content...

CVE-2024-11308

The CVE-2024-11308 entry concerns TRCore’s DVC, a file-insurance system, which encrypts files with a hardcoded key. The underlying issue is the use of a static cryptographic key, enabling an attacker with local access to decrypt targeted files and recover original content as described in multiple...

TRCore DVC 安全漏洞

TRCore DVC is a file insurance system from TRCore China. TRCore DVC suffers from a trust management issue vulnerability that originates from encrypting a file using a hard-coded key, which can be exploited by an attacker to decrypt the file using the hard-coded key and recover the original conten...

CVE-2024-52519

Nextcloud Server is a self hosted personal cloud system. The OAuth2 client secrets were stored in a recoverable way, so that an attacker that got access to a backup of the database and the Nextcloud config file, would be able to decrypt them. It is recommended that the Nextcloud Server is upgrade...

Progress Telerik Report Server <= 10.2.24.924 Encryption Weakness (CVE-2024-7295)

The version of Progress Telerik Report Server installed on the remote host is affected by an encryption weakness vulnerability: - The encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information. CVE-2024-7295 Note that Nessus has not...