CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2024/09/26 6:15 p.m.•18 views

CVE-2024-45374

The goTenna Pro ATAK plugin uses a weak password for sharing encryption keys via the key broadcast method. If the broadcasted encryption key is captured over RF, and password is cracked via brute force attack, it is possible to decrypt it and use it to decrypt all future and past messages sent vi...

6.5CVSS0.00116EPSS

NVD•added 2024/09/26 6:15 p.m.•12 views

CVE-2024-43694

In the goTenna Pro ATAK Plugin application, the encryption keys are stored along with a static IV on the device. This allows for complete decryption of keys stored on the device. This allows an attacker to decrypt all encrypted broadcast communications based on broadcast keys stored on the device...

6.5CVSS0.00133EPSS

Cvelist•added 2024/09/26 5:25 p.m.•20 views

CVE-2024-43694 goTenna Pro ATAK Plugin Insecure Storage of Sensitive Information

5.1CVSS0.00133EPSS

CVE•added 2024/09/26 5:25 p.m.•48 views

CVE-2024-43694

The CVE-2024-43694 issue affects the goTenna Pro ATAK Plugin. Insecure storage of encryption keys with a static IV on the End User Device enables full decryption of device-stored keys and thus all encrypted broadcast communications. Affected versions include goTenna Pro ATAK Plugin prior to the f...

6.5CVSS4.9AI score0.00133EPSS

Vulnrichment•added 2024/09/26 5:25 p.m.•12 views

CVE-2024-43694 goTenna Pro ATAK Plugin Insecure Storage of Sensitive Information

5.1CVSS6.8AI score0.00133EPSS

CVE•added 2024/09/26 5:19 p.m.•49 views

CVE-2024-47122

CVE-2024-47122 describes insecure storage of encryption keys in the goTenna Pro ecosystem: encryption keys are stored on the End User Device together with a static IV, enabling decryption of all encrypted broadcast communications if the EUD is physically compromised. Affected products include goT...

6.5CVSS5.3AI score0.00136EPSS

CVE•added 2024/09/26 5:18 p.m.•55 views

CVE-2024-47121

The CVE-2024-47121 weakness in the goTenna Pro App is due to weak password requirements used to share encryption keys via the key broadcast method. If an encrypted broadcast key captured over RF is brute-forced, an attacker could decrypt past and future messages encrypted with that key. Affected ...

6CVSS5.8AI score0.00115EPSS

CVE•added 2024/09/26 5:8 p.m.•50 views

CVE-2024-45374

The CVE-2024-45374 entry concerns the goTenna Pro ATAK Plugin, where encryption keys are shared via a key broadcast method that uses weak passwords. If the broadcasted key is captured over RF and cracked, all past and future messages encrypted with that key can be decrypted. This vulnerability ap...

6.5CVSS5.9AI score0.00116EPSS

Cvelist•added 2024/09/26 5:8 p.m.•13 views

CVE-2024-45374 goTenna Pro ATAK Plugin Weak Password Requirements

6CVSS0.00116EPSS

CNNVD•added 2024/09/26 12:0 a.m.•4 views

goTenna Pro ATAK Plugin 安全漏洞

The goTenna Pro ATAK Plugin is a plugin for goTenna's device that creates networks for off-grid communication and situational awareness. A security vulnerability exists in goTenna Pro ATAK Plugin version 1.9.12 and earlier, which stems from an encryption key being stored on the device along with ...

6.5CVSS6.6AI score0.00116EPSS

Positive Technologies•added 2024/09/26 12:0 a.m.•4 views

PT-2024-30621 · Gotenna · Gotenna Pro Atak Plugin

Name of the Vulnerable Software and Affected Versions: goTenna Pro ATAK Plugin affected versions not specified Description: The goTenna Pro ATAK Plugin application stores encryption keys along with a static IV on the device, allowing for complete decryption of keys stored on the device. This...

6.5CVSS6.3AI score0.00133EPSS

Exploits0References5

Tenable Nessus•added 2024/09/24 12:0 a.m.•35 views

EulerOS 2.0 SP8 : python-cryptography (EulerOS-SA-2024-2486)

According to the versions of the python-cryptography packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS1...

5.9CVSS7AI score0.02454EPSS

OpenVAS•added 2024/09/23 12:0 a.m.•7 views

Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2024-2486)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS7.1AI score0.02454EPSS

Cvelist•added 2024/09/23 12:0 a.m.•14 views

CVE-2024-39342

Entrust Instant Financial Issuance formerly known as Cardwizard 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier uses a DLL library i.e. DCG.Security.dll with a custom AES encryption process that relies on static hard-coded key values. These keys are not uniquely generated per installation of t...

0.00109EPSS

Exploits0References3

OSV•added 2024/09/20 11:9 a.m.•4 views

OESA-2024-2148 fence-agents security update

A collection of executables to handle isolation "fencing" of possibly misbehaving hosts by the means of remote power management, blocking network, storage, or similar. They operate through a unified interface calling conventions devised for the original Red Hat clustering solution. Security Fixes...

OSV•added 2024/09/20 11:9 a.m.•4 views

OESA-2024-2147 fence-agents security update

OSV•added 2024/09/20 11:9 a.m.•3 views

OESA-2024-2146 fence-agents security update

OSV•added 2024/09/20 11:9 a.m.•4 views

OESA-2024-2149 fence-agents security update