CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not yet been emitted a...

CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not yet been emitted a...

CVE-2024-39936

An issue was discovered in HTTP2 in Qt before 5.15.18, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.7, and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early, because the encrypted signal has not yet been emitted a...

Proton Is Launching Encrypted Documents to Take On Google Docs

Proton is adding an end-to-end encrypted documents editor to its privacy tools, boosting its competition with Google’s suite of productivity apps...

How to Investigate 'Encrypted Data Event' from Malware Detection

Version Requirement This tool only works for malware inline detection events created by Veeam Backup & Replication 12.1.2 and newer. Previous versions of Veeam Backup & Replication are not supported. Protected Workload Guest OS Requirement This tool only supports investigating Windows-based...

CVE-2024-39846

NewPass before 1.2.0 stores passwords directly (not as hashes), enabling easier unauthorized access to sensitive information. Data at rest is encrypted, but passwords are decrypted in-process during use, creating exposure risk. Affected versions: prior to 1.2.0. Remediation: upgrade to 1.2.0 or l...

CVE-2024-39846

NewPass before 1.2.0 stores passwords rather than password hashes directly, which makes it easier to obtain unauthorized access to sensitive information. NOTE: in each case, data at rest is encrypted, but is decrypted within process memory during use...

GHSA-3CPQ-RW36-CPPV Secret file credentials stored unencrypted in rare cases by Plain Credentials Plugin

When creating secret file credentials Plain Credentials Plugin 182.v468b97b9dcb8 and earlier attempts to decrypt the content of the file to check if it constitutes a valid encrypted secret. In rare cases the file content matches the expected format of an encrypted secret, and the file content wil...

The vulnerability of the Brocade SANnav network management software, which stems from the use of strictly encrypted credentials, allows a hacker to perform a Man-in-the-Middle attack and decrypt SSH traffic.

The vulnerability of the Brocade SANnav network management software is related to the use of strictly encrypted authentication credentials. Exploiting this vulnerability allows a remote attacker to perform a Man-in-the-Middle MITM attack and decrypt SSH traffic...

PT-2024-28743

Name of the Vulnerable Software and Affected Versions Qt versions prior to 5.15.18 Qt versions 6.x prior to 6.2.13 Qt versions 6.3.x through 6.5.x prior to 6.5.7 Qt versions 6.6.x through 6.7.x prior to 6.7.3 Description An issue was discovered in HTTP2 in Qt where code to make security-relevant...

CVE-2024-36495

The application Faronics WINSelect Standard + Enterprise saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file: C:\ProgramData\WINSelect\WINSelect.wsd The path for the affected WINSelect Enterprise configuration file is:...

CVE-2024-36496

CVE-2024-36496 affects Faronics WINSelect (Standard + Enterprise) with vulnerable configurations prior to 8.30.xx.903. The issue arises from encrypting the configuration file using a static key derived from a static five-character password. That password is hashed with MD5 (no salt), and the firs...

CVE-2024-36495

CVE-2024-36495 affects Faronics WINSelect (Standard + Enterprise). The configuration files are stored on disk with overly permissive permissions: C:\ProgramData\WINSelect\WINSelect.wsd and, for Enterprise, C:\ProgramData\Faronics\StorageSpace\WS\WINSelect.wsd. The issue arises from an encrypted c...

CVE-2024-36495 Read/Write Permissions for Everyone on Configuration File

The application Faronics WINSelect Standard + Enterprise saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file: C:\ProgramData\WINSelect\WINSelect.wsd The path for the affected WINSelect Enterprise configuration file is:...

The vulnerability of the software for providing secure remote access to data in the Palo Alto Networks GlobalProtect App, related to the disclosure of information through registration files, allows a hacker to obtain encrypted user credentials.

The vulnerability of the software for providing secure remote access to data in the Palo Alto Networks GlobalProtect App is related to the disclosure of information through registration files. Exploiting this vulnerability could allow a malicious actor, operating remotely, to obtain encrypted use...

Information Disclosure

SonarQube is vulnerable to exposure of encrypted values in cleartext. The vulnerability is due to encrypted values generated using the Settings Encryption feature being exposed in URL parameters in logs, allowing attackers with access to SonarQube logs or proxy logs to view sensitive information...

PT-2024-19166 · Rancher · Rancher Rke1

Name of the Vulnerable Software and Affected Versions: Rancher RKE1 versions 2.7.0 through 2.7.13 Rancher RKE1 versions 2.8.0 through 2.8.4 Description: A vulnerability has been identified in which an RKE1 cluster keeps constantly reconciling when secrets encryption configuration is enabled. When...

CVE-2024-38460

In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in cleartext as part of the URL parameters in the logs such as SonarQube Access Logs, Proxy Logs, etc...

CVE-2024-38460

CVE-2024-38460 affects SonarQube before 10.4 and 9.9.4 LTA. The issue is that values encrypted via Settings Encryption can be exposed in cleartext in URL parameters found in logs (e.g., access logs, proxy logs). The root cause is insecure handling of encrypted values in log output, enabling poten...

CVE-2024-38460

In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in cleartext as part of the URL parameters in the logs such as SonarQube Access Logs, Proxy Logs, etc...