The vulnerability of the Schuhfried psychological testing and training system, related to the use of strictly encrypted user data, allows the intruder to access protected information.

The vulnerability of the Schuhfried psychological testing and training system lies in the use of strictly encrypted user data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to protected information using a specially created curl command...

jose4j: denial of service via specially crafted JWE

A flaw was found in the jose.4.j jose4j library. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c PBES2 Count. This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down...

The vulnerability of the hyper-converged infrastructure of IBM Storage Fusion HCI, related to the use of strictly encrypted authentication data, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the high-convergence infrastructure of IBM Storage Fusion HCI is related to the use of strictly encrypted account data. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...

The vulnerability of the SolarWinds Access Rights Manager software, which stems from the use of strictly encrypted credentials, allows a perpetrator to gain access to the RabbitMQ management console.

The vulnerability of the SolarWinds Access Rights Manager ARM lies in the use of strictly encrypted credentials. Exploiting this vulnerability could allow a malicious actor to gain access to the RabbitMQ management console remotely...

GHSA-RCVG-JJ3G-RJ7C Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints

The Fides webserver has a number of endpoints that retrieve ConnectionConfiguration records and their associated secrets which can contain sensitive data e.g. passwords, private keys, etc.. These secrets are stored encrypted at rest in the application database, and the associated endpoints are no...

Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints

The Fides webserver has a number of endpoints that retrieve ConnectionConfiguration records and their associated secrets which can contain sensitive data e.g. passwords, private keys, etc.. These secrets are stored encrypted at rest in the application database, and the associated endpoints are no...

DEBIAN-CVE-2024-36913

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Leak pages if setmemoryencrypted fails In CoCo VMs it is possible for the untrusted host to cause setmemoryencrypted or setmemorydecrypted to fail such that an error is returned and the resulting memory is...

UBUNTU-CVE-2024-36910

In the Linux kernel, the following vulnerability has been resolved: uiohvgeneric: Don't free decrypted memory In CoCo VMs it is possible for the untrusted host to cause setmemoryencrypted or setmemorydecrypted to fail such that an error is returned and the resulting memory is shared. Callers need...

New Generative AI category added to Talos reputation services

Cisco Talos is preparing to release the first in a series of changes to our Web Categorization system, which is designed to simplify the verbiage we use. In mid-June, were adding a new "Generative AI" category that will apply to certain websites. The "Content Category" appears whenever a user...

CVE-2024-23579

HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of security questions. This could allow an attacker with access to the database to recover some or all encrypted values...

CVE-2024-23580

HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of One-Time Passwords OTPs. This could allow an attacker with access to the database to recover some or all encrypted values...

CVE-2024-23579 HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of security questions

HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of security questions. This could allow an attacker with access to the database to recover some or all encrypted values...

CVE-2024-35341

Certain Anpviz products allow unauthenticated users to download the running configuration of the device via a HTTP GET request to /ConfigFile.ini or /config.xml URIs. This configuration file contains usernames and encrypted passwords encrypted with a hardcoded key common to all devices. This...

CVE-2024-35341

Certain Anpviz products allow unauthenticated users to download the running configuration of the device via a HTTP GET request to /ConfigFile.ini or /config.xml URIs. This configuration file contains usernames and encrypted passwords encrypted with a hardcoded key common to all devices. This...

PT-2024-26442 · Anpviz · Anpviz

Name of the Vulnerable Software and Affected Versions: Anpviz products versions 3.2.2.2 and lower Description: The issue allows unauthenticated users to download the running configuration of the device via a HTTP GET request to "/ConfigFile.ini" or "/config.xml" URIs. This configuration file...

PT-2024-25908 · Nintendo · Nintendo Wii U Os

Name of the Vulnerable Software and Affected Versions: Nintendo Wii U OS version 5.5.5 Description: The issue allows man-in-the-middle attackers to forge SSL certificates as though they came from a Root CA. This is due to a secondary verification mechanism that only checks whether a CA is known a...

CVE-2021-47228

In the Linux kernel, the following vulnerability has been resolved: x86/ioremap: Map EFI-reserved memory as encrypted for SEV Some drivers require memory that is marked as EFI boot services data. In order for this memory to not be re-used by the kernel after ExitBootServices, efimemreserve is use...

SUSE CVE-2021-47228

In the Linux kernel, the following vulnerability has been resolved: x86/ioremap: Map EFI-reserved memory as encrypted for SEV Some drivers require memory that is marked as EFI boot services data. In order for this memory to not be re-used by the kernel after ExitBootServices, efimemreserve is use...

Moderate: Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (python-paramiko) security update

An update for python-paramiko is now available for Red Hat OpenStack Platform 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2024-20261

A vulnerability in the file policy feature that is used to inspect encrypted archive files of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass a configured file policy to block an encrypted archive file. This vulnerability exists because of a...