dotnet: .NET: Denial of Service via stack overflow

A flaw was found in .NET. A remote attacker could exploit a stack overflow vulnerability during encrypted key nested decryption, leading to a Denial of Service DoS. This could make the affected system unavailable to legitimate users...

dotnet: .NET: Denial of Service via stack overflow

A flaw was found in .NET. A remote attacker could exploit a stack overflow vulnerability during encrypted key nested decryption, leading to a Denial of Service DoS. This could make the affected system unavailable to legitimate users...

Nginx UI 安全漏洞

Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI prior to 2.3.3 contained security vulnerabilities. These vulnerabilities stemmed from the /api/backup endpoint, which allowed access without authentication, thereby exposing encrypted keys. This could enable unverified...

munge 安全漏洞

Munge is an identity verification service developed by Chris Dunlap, used for creating and verifying credentials. Versions of MUNGE prior to 0.5.18 contained security vulnerabilities; these vulnerabilities were caused by buffer overflows in Munged, which could lead to the disclosure of encrypted...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001071)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001071 advisory. A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974. Tenable has extract...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003044)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003044 advisory. A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974. Tenable has extract...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002861)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002861 advisory. A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974. Tenable has extract...

CVE-2025-14763

Missing cryptographic key commitment in the Amazon S3 Encryption Client for Java may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To...

CVE-2025-63289

CVE-2025-63289 affects the Sogexia Android App: Compile Affected SDK v35, Max SDK 32, with a fix in v36. The vulnerability arises from hardcoded encryption keys in the encryption_helper.dart file, which could impact data confidentiality and integrity. Remediation: update to SDK version 36 (or the...

EUVD-2017-4822

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2017-13305

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974. CVE-2017-13305...

SolarWinds Web Help Desk 安全漏洞

SolarWinds Web Help Desk is a suite of help desk and asset management software from US-based SolarWinds. The software supports centralized knowledge base, IT asset management, project and task management, and other features. A security vulnerability exists in SolarWinds Web Help Desk versions pri...

CVE-2024-43694

In the goTenna Pro ATAK Plugin application, the encryption keys are stored along with a static IV on the device. This allows for complete decryption of keys stored on the device. This allows an attacker to decrypt all encrypted broadcast communications based on broadcast keys stored on the device...

PT-2024-32417

Name of the Vulnerable Software and Affected Versions goTenna Pro App affected versions not specified goTenna Pro X goTenna Pro X2 Description The encryption keys in the goTenna Pro App are stored along with a static IV on the End User Device EUD, allowing for complete decryption of keys if the...

CVE-2023-0005

A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys...

Palo Alto Networks PAN-OS 安全漏洞

Palo Alto Networks PAN-OS is a next-generation firewall software from Palo Alto Networks, USA. Palo Alto Networks PAN-OS suffers from a security vulnerability that stems from the ability of an authenticated administrator to expose secret plaintext values and encrypted API keys stored in the devic...

SUSE CVE-2017-13305

A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974...

GnuTLS 安全漏洞

GnuTLS is a free secure communications library for implementing the SSL, TLS and DTLS protocols. GnuTLS suffers from a security vulnerability that originates from the ability to recover keys encrypted with RSA ciphertext over a network. An attacker exploiting this vulnerability could decrypt...

PT-2021-24353 · Amazon Web Services · Aws Encryption Sdk For Java

Name of the Vulnerable Software and Affected Versions: AWS Encryption SDK for Java versions 2.0.0 through 2.2.0 AWS Encryption SDK for Java versions less than 1.9.0 Description: The issue concerns the incorrect validation of some invalid ECDSA signatures. This affects the integrity of the...

PYSA, the ransomware attacking schools

The education sector’s cybersecurity problem has compounded in the last few months. A recent warning from the FBI, in mid-March, put schools in the US and UK on notice of increased attacks from the threat actors behind the PYSA ransomware. If this is the first time you’ve heard of this family, re...