Security Bulletin: IBM Storage Protect Snapshot for UNIX and Linux is vulnerable to sensitive information disclosure due to IBM GSKit ( CVE-2023-32342 )

Summary IBM GSKit is used by IBM Storage Protect Snapshot for UNIX and Linux and may be affected by vulnerability CVE-2023-32342. Vulnerability Details CVEID:CVE-2023-32342 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel ...

CVE-2023-34353

An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted network sniffing can lead to decryption of sensitive information. An attacker can sniff network traffic to trigger this...

Authentication flaw

An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted network sniffing can lead to decryption of sensitive information. An attacker can sniff network traffic to trigger this...

CVE-2023-34353

An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted network sniffing can lead to decryption of sensitive information. An attacker can sniff network traffic to trigger this...

CVE-2023-34353

CVE-2023-34353 affects Open Automation Software OAS Platform OAS Engine authentication functionality (v18.00.0072). Talos details describe an authentication bypass enabling information disclosure by sniffing network traffic to decrypt sensitive data, with the vulnerability tied to how credentials...

Open Automation Software OAS Platform Security Feature Issue Vulnerability

Open Automation Software OAS Platform is an Industrial Internet of Things IoT suite from US-based Open Automation Software, Inc. It is designed to help organizations connect data sources to the OAS Platform. A security signature issue vulnerability exists in Open Automation Software OAS Platform...

CVE-2023-39982

A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle...

CVE-2023-39982 MXsecurity Hardcoded Credential

A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle...

CVE-2023-39982 MXsecurity Hardcoded Credential

A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle...

CVE-2023-39982

MXsecurity versions prior to v1.0.1 contain a hard-coded SSH host key that may allow man-in-the-middle attacks and decryption of SSH traffic, compromising confidentiality and integrity. The issue affects the MXsecurity platform’s SSH communications on affected devices. Remediation acknowledged in...

MOXA MXsecurity Trust Management Issue Vulnerability

MOXA MXsecurity is a management platform from China-based MOXA. that provides centralized visibility and security management to easily monitor and identify network threats and prevent security misconfigurations to create a robust threat defense. A security vulnerability exists in MXsecurity v1.0....

CVE-2023-3404

The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private information in versions up to, and including, 5.5.0. This is due to the passphrase and iv being hardcoded in the 'pmencryptdecryptpass' function and used across all sites running the plugin. This makes it...

Hardcoded credentials

The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private information in versions up to, and including, 5.5.0. This is due to the passphrase and iv being hardcoded in the 'pmencryptdecryptpass' function and used across all sites running the plugin. This makes it...

CVE-2023-3404 ProfileGrid <= 5.5.0 - Hardcoded Encryption Key

The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private information in versions up to, and including, 5.5.0. This is due to the passphrase and iv being hardcoded in the 'pmencryptdecryptpass' function and used across all sites running the plugin. This makes it...

CVE-2023-3404 ProfileGrid <= 5.5.0 - Hardcoded Encryption Key

The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private information in versions up to, and including, 5.5.0. This is due to the passphrase and iv being hardcoded in the 'pmencryptdecryptpass' function and used across all sites running the plugin. This makes it...

CVE-2023-3404

The CVE affects the ProfileGrid WordPress plugin up to version 5.5.0. The root cause is a hardcoded passphrase and IV in the pm_encrypt_decrypt_pass function, shared across sites. This allows an authenticated attacker with administrator-level permissions to decrypt and view users’ passwords. Impa...

PT-2023-24651 · WordPress · Profilegrid

Name of the Vulnerable Software and Affected Versions: ProfileGrid plugin for WordPress versions up to, and including, 5.5.0 Description: The issue allows unauthorized decryption of private information. This is due to the passphrase and iv being hardcoded in the pm encrypt decrypt pass function,...

FreeBSD : FreeBSD -- Multiple vulnerabilities in OpenSSL (c8eb4c40-47bd-11ee-8e38-002590c1f29c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the c8eb4c40-47bd-11ee-8e38-002590c1f29c advisory. - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could ...

Unveiling New Windows Ransomware Named Trash Panda

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Trash Panda is a ransomware that encrypts files on Windows machines, replaces the desktop wallpaper, and drops a ransom note with political messages. It adds a ‘.monochrome’ extension to the encrypted...

CVE-2023-38730

IBM Storage Copy Data Management 2.2.0.0 through 2.2.19.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 262268...