CVE-2024-53857

CVE-2024-53857 concerns the rPGP OpenPGP implementation in Rust. Prior to version 0.14.1, rPGP allows resource-exhaustion (memory/time) when processing crafted messages during general parsing and symmetric-key decryption. The issue can trigger out-of-memory or long computations, potentially affec...

Panics on Malformed Untrusted Input

During a security audit, Radically Open Security discovered several reachable edge cases which allow an attacker to trigger rpgp crashes by providing crafted data. Impact When processing malformed input, rpgp can run into Rust panics which halt the program. This can happen in the following...

Our secret ingredient for reverse engineering

Nowadays, a lot of cybersecurity professionals use IDA Pro as their primary tool for reverse engineering. While IDA is a complex tool that implements a multitude of features useful for dissecting binaries, many reverse engineers use various plugins to add further functionality to this software. W...

PT-2024-35954 · Rpgp · Rpgp

Name of the Vulnerable Software and Affected Versions: rPGP versions prior to 0.14.1 Description: The issue allows attackers to trigger resource exhaustion vulnerabilities in rPGP by providing crafted messages, affecting general message parsing and decryption with symmetric keys. This can cause...

PT-2024-35953 · Rpgp · Rpgp

Name of the Vulnerable Software and Affected Versions: rPGP versions prior to 0.14.1 Description: The issue allows an attacker to trigger crashes in rPGP by providing crafted data. This can occur in various scenarios, including parsing OpenPGP messages, decrypting messages via decrypt with...

CVE-2024-53614

A hardcoded decryption key in Thinkware Cloud APK v4.3.46 allows attackers to access sensitive data and execute arbitrary commands with elevated privileges...

CVE-2024-53614

A hardcoded decryption key in Thinkware Cloud APK v4.3.46 allows attackers to access sensitive data and execute arbitrary commands with elevated privileges...

CVE-2024-53614

A hardcoded decryption key in Thinkware Cloud APK v4.3.46 allows attackers to access sensitive data and execute arbitrary commands with elevated privileges...

Thinkware Cloud APK 安全漏洞

Thinkware Cloud APK is a free Android app from Thinkware that allows easy access to Thinkware Car Recorder. A security vulnerability exists in Thinkware Cloud APK version v4.3.46 that stems from a hard-coded decryption key in the application, which allows an attacker to access sensitive data and...

CVE-2024-53614

Thinkware Cloud APK 4.3.46 is affected by CVE-2024-53614 due to a hardcoded decryption key embedded in the app. This weakness can allow an attacker to access sensitive data and execute arbitrary commands with elevated privileges. Publicly available details (NVD, Red Hat, CNNVD, PT Security, and o...

PT-2024-35791 · Thinkware · Thinkware Cloud Apk

Name of the Vulnerable Software and Affected Versions: Thinkware Cloud APK version 4.3.46 Description: A hardcoded decryption key in the Thinkware Cloud APK allows attackers to access sensitive data and execute arbitrary commands with elevated privileges. Recommendations: For Thinkware Cloud APK...

CVE-2024-41775

IBM Cognos Controller 11.0.0 and 11.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

PT-2024-29559 · Ibm · Ibm Cognos Controller

Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 11.0.0 through 11.0.1 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. Recommendations: For...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Amcsgroup Trux_Waste_Management

CVE-2024-22734 Exploit PoC for CVE-2024-22734 !imageh...

CVE-2024-29978

User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under...

CVE-2024-29146

User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under...

CVE-2024-32151

User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under...

CVE-2024-32151

The CVE-2024-32151 entry concerns Sharp MFPs where passwords are decrypted and stored in memory prior to user login, making decrypted passwords retrievable from core dumps. Multiple connected sources confirm this issue and link it to Sharp/Toshiba MFPs (notably Sharp 2015-2024-era devices). The r...

CVE-2024-29978

CVE-2024-29978 affects Sharp MFPs (multifunction printers). The issue arises from passwords being decrypted and stored in memory before user login, with decrypted passwords retrievable from a core dump. This creates a risk of password exposure if memory contents or core dumps are accessed. Connec...

CVE-2024-29146

User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under...