PT-2024-22764 · Sharp +1 · Multiple Mfps

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves user passwords being decrypted and stored in memory before any user logs in. These decrypted passwords can be retrieved from the...

CVE-2024-41781

IBM PowerVM Platform KeyStore IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60, FW1050.00 through FW1050.20, and FW1060.00 through FW1060.10 functionality can be compromised if an attacker gains service access to the HMC. An attacker that gains service access to the H...

CVE-2024-41781

Summary: CVE-2024-41781 affects IBM PowerVM Hypervisor Platform KeyStore. If an attacker gains service access to the HMC, they can locate and decrypt data in the Platform KeyStore via service procedures. Affected versions : PowerVM Hypervisor FW950.00–FW950.90, FW1030.00–FW1030.60, FW1050.00–FW10...

IBM PowerVM Hypervisor 安全漏洞

IBM PowerVM Hypervisor is an application from International Business Machines IBM, Inc. Providing a secure and scalable virtualized environment, these applications are built on the advanced RAS features and leading performance of the Power Systems platform. A security vulnerability exists in IBM...

MAL-2024-10849 Malicious code in my-wallet-backupt-decryption-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 27ce6fe7581d2cdb10673965b6fefaeef4f33c8ae7f8ab0f45e5e3341065620e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-11308

The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content...

CVE-2024-11308

The CVE-2024-11308 entry concerns TRCore’s DVC, a file-insurance system, which encrypts files with a hardcoded key. The underlying issue is the use of a static cryptographic key, enabling an attacker with local access to decrypt targeted files and recover original content as described in multiple...

TRCore DVC 安全漏洞

TRCore DVC is a file insurance system from TRCore China. TRCore DVC suffers from a trust management issue vulnerability that originates from encrypting a file using a hard-coded key, which can be exploited by an attacker to decrypt the file using the hard-coded key and recover the original conten...

CVE-2024-52519

Nextcloud Server is a self hosted personal cloud system. The OAuth2 client secrets were stored in a recoverable way, so that an attacker that got access to a backup of the database and the Nextcloud config file, would be able to decrypt them. It is recommended that the Nextcloud Server is upgrade...

Progress Telerik Report Server <= 10.2.24.924 Encryption Weakness (CVE-2024-7295)

The version of Progress Telerik Report Server installed on the remote host is affected by an encryption weakness vulnerability: - The encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information. CVE-2024-7295 Note that Nessus has not...

Security Bulletin: IBM Sterling B2B Integrator is affected by multiple Bouncy Castle vulnerabilities

Summary IBM Sterling B2B Integrator is affected by multiple Bouncy Castle vulnerabilities. Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by improper input validation. By importing an EC certificate wi...

PT-2024-38244 · Telerik · Telerik Report Server

Name of the Vulnerable Software and Affected Versions: In Progress Telerik Report Server versions prior to 2024 Q4 10.3.24.1112 Description: The encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information. Recommendations: For versions...

PT-2024-8351 · Palo Alto Networks · Pan-Os

Name of the Vulnerable Software and Affected Versions: Palo Alto Networks PAN-OS versions 10.2.7-h12 through 11.2.2-h1 Description: A null pointer dereference in Palo Alto Networks PAN-OS software on PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series hardware platforms when...

CVE-2024-46889

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 3. The affected application uses hard-coded cryptographic key material to obfuscate configuration files. This could allow an attacker to learn that cryptographic key material through reverse engineering of the applicati...

Description of version 2 of the security update for Microsoft Exchange Server 2019 and 2016: November 27, 2024 (KB5049233)

Description of version 2 of the security update for Microsoft Exchange Server 2019 and 2016: November 27, 2024 KB5049233 Notice We have re-released the Exchange Server 2019 and 2016 November 12, 2024, security update SU to address the issue where Exchange Server stops processing Exchange Transpor...

Siemens SINEC INS 安全漏洞

Siemens SINEC INS is a software from Siemens, Germany, that provides centralized services for network infrastructures. Siemens SINEC INS suffers from a use of hard-coded encryption key vulnerability that can be exploited by an attacker to learn the encryption key material and decrypt arbitrary...

Description of the security update for Microsoft Exchange Server 2019 and 2016: November 12, 2024 (KB5044062)

Description of the security update for Microsoft Exchange Server 2019 and 2016: November 12, 2024 KB5044062 Notice We have re-released the Exchange Server 2019 and 2016 November 12, 2024, security update SU to address the issue where Exchange Server stops processing Exchange Transport Rules ETR a...

smb: client: fix UAF in async decryption

...

EulerOS 2.0 SP9 : python-cryptography (EulerOS-SA-2024-2819)

According to the versions of the python-cryptography package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS server...

EulerOS 2.0 SP10 : python-cryptography (EulerOS-SA-2024-2893)

According to the versions of the python-cryptography package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the python-cryptography package.This issue may allow a remote attacker to decrypt captured messages in TLS servers...