752 matches found
Vulnerability of the tls_encrypt_done function (net/tls/tls_sw.c) in the Linux operating system’s kernel, allowing a hacker to trigger a service failure
The vulnerability of the tlsencryptdone function in the Linux kernel’s net/tls/tlssw.c file is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to cause a service failure...
CVE-2024-24681
An issue was discovered in Yealink Configuration Encrypt Tool AES version and Yealink Configuration Encrypt Tool RSA version before 1.2. There is a single hardcoded key used to encrypt provisioning documents across customers' installations...
Hardcoded credentials
Insecure AES key in Yealink Configuration Encrypt Tool below verrsion 1.2. A single, vendorwide, hardcoded AES key in the configuration tool used to encrypt provisioning documents was leaked leading to a compromise of confidentiality of provisioning documents...
Yealink Config Encrypt Tool Security Vulnerability
YeaLink Yealink Config Encrypt Tool is a configuration encryption tool from China YeaLink. A security vulnerability exists in Yealink Config Encrypt Tool versions prior to 1.2, which stems from the disclosure of a hard-coded AES key used to encrypt configuration documents, resulting in the...
CVE-2024-24681
The CVE-2024-24681 entry concerns Yealink Configuration Encrypt Tool: AES version and RSA versions before 1.2 use a single hardcoded AES key to encrypt provisioning documents, shared across customers. This weak key handling is the root cause and can compromise confidentiality of provisioning data...
CVE-2024-24681
An issue was discovered in Yealink Configuration Encrypt Tool AES version and Yealink Configuration Encrypt Tool RSA version before 1.2. There is a single hardcoded key used to encrypt provisioning documents across customers' installations...
CVE-2024-24681
An issue was discovered in Yealink Configuration Encrypt Tool AES version and Yealink Configuration Encrypt Tool RSA version before 1.2. There is a single hardcoded key used to encrypt provisioning documents across customers' installations...
CVE-2022-25377
The ACME-challenge endpoint in Appwrite 0.5.0 through 0.12.x before 0.12.2 allows remote attackers to read arbitrary local files via ../ directory traversal. In order to be vulnerable, APPSTORAGECERTIFICATES/.well-known/acme-challenge must exist on disk. This pathname is automatically created if...
CVE-2022-25377
The ACME-challenge endpoint in Appwrite 0.5.0 through 0.12.x before 0.12.2 allows remote attackers to read arbitrary local files via ../ directory traversal. In order to be vulnerable, APPSTORAGECERTIFICATES/.well-known/acme-challenge must exist on disk. This pathname is automatically created if...
Directory traversal
The ACME-challenge endpoint in Appwrite 0.5.0 through 0.12.x before 0.12.2 allows remote attackers to read arbitrary local files via ../ directory traversal. In order to be vulnerable, APPSTORAGECERTIFICATES/.well-known/acme-challenge must exist on disk. This pathname is automatically created if...
CVE-2022-25377
The ACME-challenge endpoint in Appwrite 0.5.0 through 0.12.x before 0.12.2 allows remote attackers to read arbitrary local files via ../ directory traversal. In order to be vulnerable, APPSTORAGECERTIFICATES/.well-known/acme-challenge must exist on disk. This pathname is automatically created if...
CVE-2022-25377
The ACME-challenge endpoint in Appwrite 0.5.0 through 0.12.x before 0.12.2 allows remote attackers to read arbitrary local files via ../ directory traversal. In order to be vulnerable, APPSTORAGECERTIFICATES/.well-known/acme-challenge must exist on disk. This pathname is automatically created if...
CVE-2022-48625
Yealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key pair, and thus there is a risk of decryption by an adversary...
CVE-2022-48625
Yealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key pair, and thus there is a risk of decryption by an adversary...
Design/Logic Flaw
Yealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key pair, and thus there is a risk of decryption by an adversary...
Yealink Config Encrypt Tool Security Vulnerability
YeaLink Yealink Config Encrypt Tool is a configuration encryption tool from China YeaLink. A security vulnerability exists in Yealink Config Encrypt Tool versions prior to 1.2, which stems from a possible decryption risk when encrypting Autop deployment files with a default key...
CVE-2022-48625
Concerning CVE-2022-48625, the vulnerability affects Yealink Config Encrypt Tool versions prior to 1.2, which ships with a built‑in RSA key pair. This design enables potential decryption of encrypted deployment files by an adversary using the default key. The impact is a decryption risk (per the ...
CVE-2022-48625
Yealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key pair, and thus there is a risk of decryption by an adversary...
CVE-2022-48625
Yealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key pair, and thus there is a risk of decryption by an adversary...
PT-2024-11765 · Yealink · Yealink Config Encrypt Tool
Name of the Vulnerable Software and Affected Versions: Yealink Config Encrypt Tool versions prior to 1.2 Description: The issue concerns a built-in RSA key pair in the Yealink Config Encrypt Tool, which poses a risk of decryption by an adversary. Recommendations: For versions prior to 1.2, consid...