[SECURITY] Fedora 38 Update: openssh-9.0p1-16.fc38

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

The vulnerability of SIMATIC NET PC Software, WinCC, and SINAUT Software lies in the use of outdated functions, which allow an intruder to gain unauthorized access to encrypted data.

The vulnerabilities of SIMATIC NET PC Software, WinCC, and SINAUT Software are related to the use of outdated functions. Exploiting these vulnerabilities can allow an intruder, operating remotely, to gain unauthorized access to encrypted data...

Piwigo CVE-2023-26876 Gather Credentials via SQL Injection

This module allows an authenticated user to retrieve the usernames and encrypted passwords of other users in Piwigo through SQL injection using the filteruserid parameter. Module Options msf use auxiliary/gather/piwigocve202326876 msf auxiliarypiwigocve202326876 show actions ...actions... msf...

CVE-2023-35763

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a cryptographic vulnerability that could allow an unauthenticated user to decrypt encrypted passwords into plaintext...

CVE-2023-38257

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords...

CVE-2023-38257

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords...

Design/Logic Flaw

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords...

CVE-2023-38257 CVE-2023-38257

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords...

CVE-2023-38257 CVE-2023-38257

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords...

PT-2023-25296 · Iagona · Iagona Scrutisweb

Name of the Vulnerable Software and Affected Versions: Iagona ScrutisWeb versions 2.1.37 and prior Description: The issue is related to a cryptographic vulnerability. This vulnerability could allow an unauthenticated user to decrypt encrypted passwords into plaintext. Recommendations: For Iagona...

Iagona ScrutisWeb 安全漏洞

Iagona ScrutisWeb is a security solution from the French company Iagona. A security vulnerability exists in Iagona ScrutisWeb version 2.1.37 and earlier versions. An attacker could exploit the vulnerability to view configuration file information, including user login names and encrypted passwords...

CVE-2023-35818

An issue was discovered on Espressif ESP32 3.0 ESP32rev300 ROM devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardless of Secure Boot and Flash Encryption status. By using this capability, the attacker can exploit...

CVE-2023-35818

An issue was discovered on Espressif ESP32 3.0 ESP32rev300 ROM devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardless of Secure Boot and Flash Encryption status. By using this capability, the attacker can exploit...

Code injection

An issue was discovered on Espressif ESP32 3.0 ESP32rev300 ROM devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardless of Secure Boot and Flash Encryption status. By using this capability, the attacker can exploit...

CVE-2023-35818

An issue was discovered on Espressif ESP32 3.0 ESP32rev300 ROM devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardless of Secure Boot and Flash Encryption status. By using this capability, the attacker can exploit...

OpenSSL 授权问题漏洞

OpenSSL is an open source capable general-purpose cryptographic library from the OpenSSL team that implements the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. It supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...

CVE-2023-20185

A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic. This vulnerability is due to an issue with the implementation of the cipher...

CVE-2023-3272

Cleartext Transmission of Sensitive Information in the SICK ICR890-4 could allow a remote attacker to gather sensitive information by intercepting network traffic that is not encrypted...

CVE-2023-3272

Cleartext Transmission of Sensitive Information in the SICK ICR890-4 could allow a remote attacker to gather sensitive information by intercepting network traffic that is not encrypted...

The vulnerability of the microprogramming software used in STARDOM FCJ, FCN-100, FCN-RTU, and FCN-500 programmable logic controllers allows a intruder to gain unauthorized access to protected information.

The vulnerability of Yokogawa STARDOM FCJ, FCN-100, FCN-RTU, and FCN-500 controllers is related to the use of rigidly encrypted account data. Exploiting this vulnerability can allow an intruder operating remotely to gain unauthorized access to protected information...