PT-2023-23605 · Silicon · Silicon Labs Gecko Platform Sdk

Name of the Vulnerable Software and Affected Versions: Silicon Labs Gecko Platform SDK versions prior to 4.2.1 Description: The issue arises from the compiler removal of buffer clearing in the sli crypto transparent aead encrypt tag function, leading to key material duplication to RAM. This resul...

GHSA-92WQ-Q9PQ-GW47 Dgraph Audit Log Encryption Vulnerability

Impact Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. All audit logs generated by versions of Dgraph v23.0.0 are affected. Patches This issue was patched in https://github.com/dgraph-io/dgraph/pull/8323. Dgraph users should upgrade to v23.0.0. Workaround...

PT-2023-24115 · Jenkins · Jenkins Ansible Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Ansible Plugin versions 204.v8191fd551eb f and earlier Description: The issue concerns the storage of extra variables, often used to pass secrets, in an unencrypted manner in job config.xml files on the Jenkins controller. These...

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3. Remediation Upgrade podofo to version 0.10.4 or higher. References - GitHub Commit - GitHub Issue Credit: longuu9...

CVE-2023-21499

Out-of-bounds write vulnerability in TACommunicationmposencryptpin in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code...

Improper Certificate Validation

nextcloud-desktop is vulnerable to Improper Certificate Validation. Trusting the server to return a users keypair certificate, allows a malicious server to encrypt user files with a key known to the attacker causing improper certificate validation...

CVE-2022-41399

The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key "PASSKEY" to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow attackers to obtain access to the SQL database...

Sage Group Sage 300 信任管理问题漏洞

Sage Group Sage 300 is a well-established, closed-source enterprise resource planning ERP solution from Sage Group UK designed to facilitate business management. A security vulnerability exists in Sage Group Sage 300 version 2022 and prior versions that stems from the use of a hard-coded puffer k...

CVE-2022-41399

The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key "PASSKEY" to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow attackers to obtain access to the SQL database...

PT-2023-13980 · Sage · Sage 300

Name of the Vulnerable Software and Affected Versions: Sage 300 versions through 2022 Description: The issue involves the use of a hard-coded 40-byte blowfish key for encrypting and decrypting user passwords and SQL connection strings stored in ISAM database files. This could allow attackers to...

Malicious code in nodejs-encrypt-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f59ac2ca2c204c22b2a5f11db9eef454f786803297f219aeb3e179dbe656ae07 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

UBUNTU-CVE-2023-29000

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.7.0, by trusting that the server will return a certificate that belongs to the keypair of the user, a malicious server could get the desktop client to encrypt file...

ATutor 跨站脚本漏洞

ATutor is a set of open source Web-based learning content management system LCMS by the Atutor team. The system includes modules for teaching content management, forums, chat rooms, and so on. A security vulnerability exists in ATutor version 2.2.1, which originated from the discovery of a...

PT-2023-20892 · Atutor · Atutor

Name of the Vulnerable Software and Affected Versions: ATutor version 2.2.1 Description: A Cross-site scripting XSS issue exists in the encrypt password function in login.tmpl.php, allowing remote attackers to inject arbitrary web script or HTML via the token parameter. Recommendations: For ATuto...

PT-2023-35713 · Git +1 · P11-Kit

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type identified as Global-buffer-overflow READ 8. The crash state involves functions such as base C MessageEncryptInit, r...

[SECURITY] Fedora 37 Update: plasma-vault-5.27.1-1.fc37

Plasma Vault allows to lock and encrypt sets of documents and hide them from prying eyes even when the user is logged in...

SUSE CVE-2005-0064

Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value...

SUSE CVE-2010-3299

The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks...

SUSE CVE-2011-1468

Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service memory consumption via 1 plaintext data to the opensslencrypt function or 2 ciphertext data to the openssldecrypt function...

SUSE CVE-2011-4862

Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications aka krb5-appl 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as...