SonicWALL SMA100 安全漏洞

The SonicWALL SMA100 is a secure access gateway appliance from SonicWALL USA. The SonicWALL SMA100 suffers from a cryptographic issue vulnerability that stems from the use of a weakly encrypted pseudo-random number generator in the backup code generator. An attacker could exploit the vulnerabilit...

CVE-2017-13309

In readEncryptedData of ConscryptEngine.java, there is a possible plaintext leak due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-41156

Profile files from TRO600 series radios are extracted in plain-text and encrypted file formats. Profile files provide potential attackers valuable configuration information about the Tropos network. Profiles can only be exported by authenticated users with higher privilege of write access...

CVE-2024-39925

An issue was discovered in Vaultwarden formerly BitwardenRS 1.30.3. It lacks an offboarding process for members who leave an organization. As a result, the shared organization key is not rotated when a member departs. Consequently, the departing member, whose access should be revoked, retains a...

CVE-2024-39925

An issue was discovered in Vaultwarden formerly BitwardenRS 1.30.3. It lacks an offboarding process for members who leave an organization. As a result, the shared organization key is not rotated when a member departs. Consequently, the departing member, whose access should be revoked, retains a...

PT-2024-28737 · Unknown · Vaultwarden

Name of the Vulnerable Software and Affected Versions: Vaultwarden formerly Bitwarden RS version 1.30.3 Description: An issue was discovered in Vaultwarden, which lacks an offboarding process for members who leave an organization. As a result, the shared organization key is not rotated when a...

CVE-2024-39925

An issue was discovered in Vaultwarden formerly BitwardenRS 1.30.3. It lacks an offboarding process for members who leave an organization. As a result, the shared organization key is not rotated when a member departs. Consequently, the departing member, whose access should be revoked, retains a...

CVE-2024-39925

An issue was discovered in Vaultwarden formerly BitwardenRS 1.30.3. It lacks an offboarding process for members who leave an organization. As a result, the shared organization key is not rotated when a member departs. Consequently, the departing member, whose access should be revoked, retains a...

CVE-2024-39925

Vaultwarden (1.30.3) suffers an offboarding/key rotation flaw: when members leave, the shared organization key is not rotated, allowing departing users to retain key material and potentially decrypt data. In addition, an authenticated user could access encrypted data across organizations if they ...

Vaultwarden 安全漏洞

Vaultwarden is an alternative implementation of the Bitwarden server API written in Rust by Daniel García Personal Developer. A security vulnerability exists in Vaultwarden version 1.30.3, which stems from a failure to adequately protect certain encrypted data stored on the server, and allows...

The vulnerability of the industrial server for serial devices of Korenix JetPort lies in the absence of encrypted confidential data, which allows attackers to circumvent existing security restrictions.

The vulnerability of the industrial server for serial devices of Korenix JetPort lies in the absence of encrypted confidential data. Exploiting this vulnerability could allow a malicious actor to bypass existing security restrictions remotely...

The vulnerability of the BitLocker data protection function in Windows operating systems allows attackers to circumvent existing security restrictions and gain access to encrypted data.

The vulnerability of the BitLocker data protection function in Windows operating systems is related to a breach of the data protection mechanism. Exploiting this vulnerability can allow attackers to circumvent existing security restrictions and gain access to encrypted data...

CVE-2024-39888

CVE-2024-39888 affects Mendix Encryption versions 10.0.0 to 10.0.1, where a hard-coded default EncryptionKey enables decryption of encrypted project data if no per-project key is specified. Root cause: a security-relevant constant defined by default in the module. Consequences stated across sourc...

The vulnerability of the Schuhfried psychological testing and training system, related to the use of strictly encrypted user data, allows the intruder to access protected information.

The vulnerability of the Schuhfried psychological testing and training system lies in the use of strictly encrypted user data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to protected information using a specially created curl command...

jose-go: improper handling of highly compressed data

A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the possibility of modifying encrypted data...

Decryption Failure

ilicmiljan/secure-props is vulnerable to Decryption Failure. The vulnerability due to a regex which fails to detect tags during the decryption of encrypted data encoded with the NullEncoder and contains special characters such as \n. When this encrypted data is passed to the TagAwareCipher, the...

SecureProps Security Vulnerabilities

SecureProps is a PHP library designed to simplify the encryption and decryption of property data in objects. A security vulnerability exists in SecureProps versions 1.2.0 and 1.2.1, which stems from the inability of regular expressions to detect tags during the decryption of encrypted data, which...

CVE-2024-2495

Cryptographic key vulnerability encoded in the FriendlyWrt firmware affecting version 2022-11-16.51b3d35. This vulnerability could allow an attacker to compromise the confidentiality and integrity of encrypted data...

CVE-2024-2495 Cryptographic key in plain text vulnerability in FriendlyElec's FriendlyWrt

Cryptographic key vulnerability encoded in the FriendlyWrt firmware affecting version 2022-11-16.51b3d35. This vulnerability could allow an attacker to compromise the confidentiality and integrity of encrypted data...