PT-2025-25826

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A slab-use-after-free issue has been identified in the Linux kernel, specifically in the tipc aead encrypt done function. This issue can occur when the simd aead encrypt function is...

MAL-2025-3791 Malicious code in keypair-encrypt (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2dba96628edf26ee562bf2ef714531b6dbcd101c8a997a95d3fa94673be4754c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in keypair-encrypt (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2dba96628edf26ee562bf2ef714531b6dbcd101c8a997a95d3fa94673be4754c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in crypto-encrypt-ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8ef44f851c3516fca1e3dc72236ae2c87cf821ded922150cca14e07ff9b4fbcb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

The vulnerability of the `caf encrypt` and `sd_acmd encrypt` commands in the command-line interface (CLI) of Broadcom CA Client Automation software allows a malicious individual to escalate their privileges and gain unauthorized access to protected information.

The vulnerability of the caf encrypt and sdacmd encrypt commands in the command-line interface CLI of Broadcom CA Client Automation software relates to insecure management of privileges. Exploiting this vulnerability can allow attackers to enhance their privileges and gain unauthorized access to...

Short-Lived Certificates Coming to Let’s Encrypt

Starting next year: Our longstanding offering won't fundamentally change next year, but we are going to introduce a new offering that's a big shift from anything we've done before--short-lived certificates. Specifically, certificates with a lifetime of six days. This is a big upgrade for the...

GO-2022-0635 In-band key negotiation issue in AWS S3 Crypto SDK for golang in github.com/aws/aws-sdk-go

A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-CTR. Using this i...

The vulnerability of the Linux operating system’s crypto kernel component, which allows a hacker to trigger a service failure

The vulnerability of the Linux operating system’s crypto kernel component is related to errors in resource management in the pcryptaeadencrypt function. Exploiting this vulnerability can allow an attacker to cause a service failure...

SUSE CVE-2020-8911

A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code MAC, which then allows an attacker who has write access to the target's S3 bucket and can observe...

CVE-2024-11308

The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content...

CVE-2024-51993 Password is stored in clear in the database in Combodo iTop

Combodo iTop is a web based IT Service Management tool. An attacker accessing a backup file or the database can read some passwords for misconfigured Users. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. Users unable to upgrade are advised to encrypt their...

CVE-2024-10613

A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. Affected by this vulnerability is the function delSystemEncryptPolicy of the file /com/esafenet/servlet/system/SystemEncryptPolicyService.java. The manipulation of the argument id leads to sql injection. The attack can...

Cypress Bluetooth SDK 安全漏洞

Cypress Bluetooth SDK is a Bluetooth software development package from Cypress. A security vulnerability exists in Cypress Bluetooth SDK version v3.66, which originates from an attacker being able to trigger a denial of service DoS by providing a carefully crafted LLPAUSEENCREQ packet...

CVE-2024-10596

A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. Affected by this issue is the function delEntryptPolicySort of the file /com/esafenet/servlet/system/EncryptPolicyTypeService.java. The manipulation of the argument id leads to sql injection. The attack may be launched...

PT-2024-16393 · Safenet · Esafenet Cdg

Name of the Vulnerable Software and Affected Versions: ESAFENET CDG 5 Description: A critical issue was found in ESAFENET CDG, affecting the function delEntryptPolicySort of the file /com/esafenet/servlet/system/EncryptPolicyTypeService.java. The manipulation of the argument id leads to SQL...

PT-2024-16409 · Safenet · Esafenet Cdg

Name of the Vulnerable Software and Affected Versions: ESAFENET CDG version 5 Description: A critical issue has been identified, affecting the function delSystemEncryptPolicy in the file /com/esafenet/servlet/system/SystemEncryptPolicyService.java. The manipulation of the argument id leads to SQL...

CVE-2024-10072

A vulnerability, which was classified as critical, has been found in ESAFENET CDG 5. This issue affects the function actionAddEncryptPolicyGroup of the file /com/esafenet/servlet/policy/EncryptPolicyService.java. The manipulation of the argument checklist leads to sql injection. The attack may be...

CVE-2024-10071

A vulnerability classified as critical was found in ESAFENET CDG 5. This vulnerability affects the function actionUpdateEncryptPolicyEdit of the file /com/esafenet/servlet/policy/EncryptPolicyService.java. The manipulation of the argument encryptPolicyId leads to sql injection. The attack can be...

PT-2024-16008 · Safenet · Esafenet Cdg

Name of the Vulnerable Software and Affected Versions: ESAFENET CDG version 5 Description: A critical issue has been found in ESAFENET CDG, affecting the function actionAddEncryptPolicyGroup of the file /com/esafenet/servlet/policy/EncryptPolicyService.java. The manipulation of the argument...

The vulnerability of the `requestLetsEncryptSslWithDnsChallenge` function in the NGINX Proxy Manager proxy server allows a attacker to execute arbitrary code.

The vulnerability of the requestLetsEncryptSslWithDnsChallenge function in the NGINX Proxy Manager proxy server is related to the lack of data cleansing measures at the management level. Exploiting this vulnerability could allow an attacker to execute arbitrary commands...