Important: qt5-qtsvg

Issue Overview: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not ye...

Important: qt5-qt3d

Issue Overview: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not ye...

Important: qt5-qtgraphicaleffects

Issue Overview: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not ye...

Important: qt5-qtx11extras

Issue Overview: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not ye...

Important: qt5-qtquickcontrols

Issue Overview: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not ye...

Important: qt5-qtscript

Issue Overview: An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not ye...

Amazon Linux 2 : qt5-qtsensors (ALAS-2024-2666)

The version of qt5-qtsensors installed on the remote host is prior to 5.15.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2666 advisory. An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x throug...

The vulnerability of the MXSecurity software platform for managing security in industrial networks lies in the use of strictly encrypted credentials, which allows attackers to disclose the protected information.

The vulnerability of the MXSecurity software platform for managing security in industrial networks is related to the use of strictly encrypted user credentials. Exploiting this vulnerability could allow an attacker to disclose the protected information...

CVE-2024-43382

CVE-2024-43382 affects Snowflake JDBC driver bug where versions 3.2.6–3.19.1 have an incorrect security setting that can allow data to be uploaded to an encrypted stage without the extra protection of client-side encryption. The root cause is an insufficient security configuration, potentially ex...

CVE-2024-41156

Profile files from TRO600 series radios are extracted in plain-text and encrypted file formats. Profile files provide potential attackers valuable configuration information about the Tropos network. Profiles can only be exported by authenticated users with higher privilege of write access...

CVE-2024-41156

Profile files from TRO600 series radios are extracted in plain-text and encrypted file formats. Profile files provide potential attackers valuable configuration information about the Tropos network. Profiles can only be exported by authenticated users with higher privilege of write access...

CVE-2024-41156

Profile files from TRO600 series radios are extracted in plain-text and encrypted file formats. Profile files provide potential attackers valuable configuration information about the Tropos network. Profiles can only be exported by authenticated users with higher privilege of write access...

CVE-2024-41156

CVE-2024-41156 affects Hitachi Energy TRO600 radios; the issue is a command-execution/privilege-leak risk via the Edge Computing UI, with profile files from TRO600 radios exportable in plaintext and encrypted formats. Exploitation requires authenticated write access, enabling access to configurat...

CVE-2024-41156

Profile files from TRO600 series radios are extracted in plain-text and encrypted file formats. Profile files provide potential attackers valuable configuration information about the Tropos network. Profiles can only be exported by authenticated users with higher privilege of write access...

The vulnerability of the backup function of the Cisco Unified Computing System Central (Cisco UCS Central) management system allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the backup function of the Cisco Unified Computing System Central Cisco UCS Central management system is related to the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow an intruder to gain unauthorized access to protected information...

Hitachi Energy TRO600 安全漏洞

The Hitachi Energy TRO600 is a series of routers from Hitachi, Ltd. of Japan Hitachi. It enables a scalable, flexible and secure hybrid wireless communications architecture. A security vulnerability exists in the Hitachi Energy TRO600 that stems from the configuration files of the TRO600 series o...

PT-2024-29298 · Tropos · Tro600 Series Radios

Name of the Vulnerable Software and Affected Versions: TRO600 series radios affected versions not specified Description: The issue concerns the extraction of profile files from TRO600 series radios in both plain-text and encrypted file formats. These profile files contain valuable configuration...

CVE-2024-8013

A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryp...

CVE-2024-8013 CSFLE and Queryable Encryption self-lookup may fail to encrypt values in subpipelines

A bug in query analysis of certain complex self-referential $lookup subpipelines may result in literal values in expressions for encrypted fields to be sent to the server as plaintext instead of ciphertext. Should this occur, no documents would be returned or written. This issue affects mongocryp...

The vulnerability of the command-line interface of Cisco Firepower Threat Defense (FTD) software allows a malicious actor to gain unauthorized access to read, modify, or delete data, or to cause a service failure.

The vulnerability of the command-line interface of Cisco Firepower Threat Defense FTD microprogramming systems is related to the use of strictly encrypted account data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to read, modify, or delete data, or cause servic...