Information Exposure

Overview railties is an application bootup, plugins, generators, and rake tasks. Affected versions of this package are vulnerable to Information Exposure. The ImpactActiveSupport::EncryptedFile method writes contents that will be encrypted to a temporary file. The temporary file’s permissions are...

Active Support Possibly Discloses Locally Encrypted Files

There is a possible file disclosure of locally encrypted files in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-38037. Versions Affected: = 5.2.0 Not affected: 5.2.0 Fixed Versions: 7.0.7.1, 6.1.7.5 Impact ActiveSupport::EncryptedFile writes contents that will b...

Possible File Disclosure of Locally Encrypted Files

There is a possible file disclosure of locally encrypted files in Active Support. This vulnerability has been assigned the CVE identifier CVE-2023-38037. Versions Affected: = 5.2.0 Not affected: 5.2.0 Fixed Versions: 7.0.7.1, 6.1.7.5 Impact ActiveSupport::EncryptedFile writes contents that will b...

The vulnerability of the SCADA system SCADA Data Gateway (SDG) arises from the use of a strictly encrypted cryptographic key. This allows an intruder to gain unauthorized access to protected information.

The vulnerability of the SCADA system SCADA Data Gateway SDG is related to the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow an intruder operating remotely to gain unauthorized access to protected information...

North Korean Hackers Suspected in New Wave of Malicious npm Packages

The npm package registry has emerged as the target of yet another highly targeted attack campaign that aims to entice developers into downloading malevolent modules. Software supply chain security firm Phylum told The Hacker News the activity exhibits similar behaviors to that of a previous attac...

SUSE SLES12 Security Update : docker (SUSE-SU-2023:3307-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3307-1 advisory. - Update to v20.10.25-ce - CVE-2023-28840: Fixed a bug where an attacker could inject arbitrary Ethernet frames to execute a Denial...

CVE-2023-40354

An issue was discovered in MariaDB MaxScale before 23.02.3. A user enters an encrypted password on a "maxctrl create service" command line, but this password is then stored in cleartext in the resulting .cnf file under /var/lib/maxscale/maxscale.cnf.d. The fixed versions are 2.5.28, 6.4.9, 22.08....

Fedora 37 : kernel (2023-d9509be489)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-d9509be489 advisory. The 6.4.10 stable kernel update contains a number of important fixes across the tree. Tenable has extracted the preceding description block directly...

Fedora 38 : kernel (2023-ee241dcf80)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-ee241dcf80 advisory. The 6.4.10 stable kernel update contains a number of important fixes across the tree. Tenable has extracted the preceding description block directly...

CVE-2023-22956

An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of a hard-coded cryptographic key, an attacker is able to decrypt encrypted configuration files and retrieve sensitive information...

The vulnerability of the web server of the microprogramming software for the processor module control units of Siemens SICAM CP-8031 and CP-8050 allows a hacker to increase their privileges.

The vulnerability of web servers with microprogramming software and Siemens SICAM CP-8031/CP-8050 processor module controllers is related to the use of rigidly encrypted login data. Exploiting this vulnerability can allow attackers to increase their privileges...

PT-2023-18797 · Audiocodes · Audiocodes Voip Desk Phones

Name of the Vulnerable Software and Affected Versions: AudioCodes VoIP desk phones versions through 3.4.4.1000 Description: An issue was discovered due to the use of a hard-coded cryptographic key, allowing an attacker to decrypt encrypted configuration files and retrieve sensitive information...

HCL Technologies Traveler Companion 安全漏洞

HCL Technologies Traveler Companion is an ios Iphone and Ipad application from HCL Technologies, USA. Used to read encrypted Hcl Notes emails on Apple devices. An information disclosure vulnerability exists in HCL Technologies Traveler Companion, which can be exploited by attackers to obtain...

SUSE CVE-2023-28841

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component dockerd, which is developed as moby/moby is commonly referred to as Docker. Swarm Mode, which is...

Mitsubishi Electric GT and GOT Series Products (CVE-2023-0525)

Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions 01.49.000 and prior, GT21 model versions 01.49.000 and prior, GOT SIMPLE Series GS25 model versions...

CVE-2023-37858

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password...

CVE-2023-37858 PHOENIX CONTACT: Use of Hard-coded Credentials in WP 6xxx Web panels

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password...

UBUNTU-CVE-2023-4155

A flaw was found in KVM AMD Secure Encrypted Virtualization SEV in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the VMGEXIT handler recursively. If an attacker manages to call the handler multiple time...

CVE-2023-4155

A flaw was found in KVM AMD Secure Encrypted Virtualization SEV in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the VMGEXIT handler recursively. If an attacker manages to call the handler multiple time...

SUSE CVE-2023-4155

A flaw was found in KVM AMD Secure Encrypted Virtualization SEV in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the VMGEXIT handler recursively. If an attacker manages to call the handler multiple time...