The vulnerability of the software for centralized device management in Fortinet FortiManager, as well as the event monitoring and analysis tool FortiAnalyzer, arises from the use of strictly encrypted credentials. This allows a malicious individual to gain access to confidential information.

The vulnerability of the software for centralized device management in Fortinet FortiManager, as well as the event monitoring and analysis tool FortiAnalyzer, is related to the use of strictly encrypted credentials. Exploiting this vulnerability can allow an attacker to access confidential...

CVE-2023-45866

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such...

USN-6533-1: Linux kernel (OEM) vulnerabilities

Tom Dohrmann discovered that the Secure Encrypted Virtualization SEV implementation for AMD processors in the Linux kernel contained a race condition when accessing MMIO registers. A local attacker in a SEV guest VM could possibly use this to cause a denial of service system crash or possibly...

USN-6533-1 linux-oem-6.1 vulnerabilities

Tom Dohrmann discovered that the Secure Encrypted Virtualization SEV implementation for AMD processors in the Linux kernel contained a race condition when accessing MMIO registers. A local attacker in a SEV guest VM could possibly use this to cause a denial of service system crash or possibly...

The vulnerability of the Private Key Handler component in the server that unlocks encrypted disks of Tang allows a hacker to disclose the protected information.

The vulnerability of the Private Key Handler component in the server that unlocks encrypted disks of the Tang service is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to disclose sensitive information...

FESTO Automation Suite, FluidDraw, and Festo Didactic Products

GENERAL RECOMENDATION Users running communication over an untrusted network who require full protection should switch to an alternative solution such as running the communication over a VPN. Festo strongly recommends to minimize and protect network access to connected devices with state of the...

The vulnerability of the microprogramming software of Osprey Pump Controller allows a hacker to gain full access to the device’s web interface.

The vulnerability of the microprogrammed software of Osprey Pump Controller controllers is related to the use of rigidly encrypted credentials. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain full access to the device’s web interface...

CVE-2023-44303

RVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the password encryption utility RVToolsPasswordEncryption.exe and main application RVTools.exe. A remote unauthenticated attacker with access to stored encrypted passwords from a users' system could potentially...

Design/Logic Flaw

RVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the password encryption utility RVToolsPasswordEncryption.exe and main application RVTools.exe. A remote unauthenticated attacker with access to stored encrypted passwords from a users' system could potentially...

Denial Of Service (DoS)

github.com/go-jose/go-jose is vulnerable to Billion Hashes Attack. The vulnerability is due to the decryptKey function in symmetric.go because it only checks if the value of p2c is a positive integer, but lacks a maximum size check. This allow an attacker to provide a PBES2 encrypted JWE blob wit...

The vulnerability of Siemens SCALANCE industrial switches’ microprogramming software, related to the use of a rigidly encrypted cryptographic key, allows attackers to gain unauthorized access to protected information.

The vulnerability of Siemens SCALANCE industrial switches’ microprogramming software is related to the use of a rigidly encrypted cryptographic key. Exploiting this vulnerability could allow an unauthorized actor to gain unauthorized access to protected information...

GHSA-2C7C-3MJ9-8FQH Decryption of malicious PBES2 JWE objects can consume unbounded system resources

The go-jose package is subject to a "billion hashes attack" causing denial-of-service when decrypting JWE inputs. This occurs when an attacker can provide a PBES2 encrypted JWE blob with a very large p2c value that, when decrypted, produces a denial-of-service...

8Base Group Deploying New Phobos Ransomware Variant via SmokeLoader

The threat actors behind the 8Base ransomware are leveraging a variant of the Phobos ransomware to conduct their financially motivated attacks. The findings come from Cisco Talos, which has recorded an increase in activity carried out by the cybercriminals. "Most of the group's Phobos variants ar...

The vulnerability of Zoom’s video conferencing software, related to data encryption errors, allows attackers to disclose sensitive information that is protected by encryption.

The vulnerability of Zoom video conferencing software is related to data encryption errors. Exploiting this vulnerability can allow a remote attacker to disclose sensitive information that is protected by encryption...

Medium: amazon-efs-utils

Issue Overview: efs-utils is a set of Utilities for Amazon Elastic File System EFS. A potential race condition issue exists within the Amazon EFS mount helper in efs-utils versions v1.34.3 and below. When using TLS to mount file systems, the mount helper allocates a local port for stunnel to...

CVE-2023-45585

An insertion of sensitive information into log file vulnerability CWE-532 in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, versi...

Design/Logic Flaw

An insertion of sensitive information into log file vulnerability CWE-532 in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, versi...

kernel: KVM: SEV-ES / SEV-SNP VMGEXIT double fetch vulnerability

A flaw was found in KVM AMD Secure Encrypted Virtualization SEV in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the VMGEXIT handler recursively. If an attacker manages to call the handler multiple time...

CVE-2023-43900

Insecure Direct Object References IDOR in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters...

CVE-2023-43900

Insecure Direct Object References IDOR in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters...