Cisco Nexus 9000 Series Fabric Switches 加密问题漏洞

The Cisco Nexus 9000 Series Fabric Switches is a 9000 Series Fiber Optic Switch from Cisco. A security vulnerability exists in the Cisco Nexus 9000 Series Fabric Switches that stems from a faulty password implementation used for encryption, which could allow an unauthenticated, remote attacker to...

OpenITCOCKPIT 安全漏洞

It-novum OpenITCOCKPIT is an open source system monitoring tool from It-novum, Germany. A security vulnerability exists in OpenITCOCKPIT prior to version 4.6.6, which stems from the absence of the "Secure" attribute on sensitive cookies in HTTPS sessions...

CVE-2023-36539

Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information...

PT-2023-25618 · Zoom · Zoom

Name of the Vulnerable Software and Affected Versions: Zoom affected versions not specified Description: Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information. Recommendations: At the moment, there is no information about a newer...

PT-2023-25585 · Unknown · Calamares-Nixos-Extensions

Name of the Vulnerable Software and Affected Versions: calamares-nixos-extensions versions 0.3.12 and prior Description: The issue affects users of calamares-nixos-extensions who installed NixOS through the graphical calamares installer with an unencrypted /boot, on either non-UEFI systems or wit...

Criminal secure messaging system takedown: 6500+ arrests and €900 million+ seized

In 2020, we reported on how law enforcement managed to compromise a secure communications system set up by and for criminals. Now, Europol has published a progress report showing the enormous impact the infiltration of the encrypted communications tool EncroChat made. EncroChat, a company based i...

EncroChat Bust Leads to 6,558 Criminals' Arrests and €900 Million Seizure

Europol on Tuesday announced that the takedown of EncroChat in July 2020 led to 6,558 arrests worldwide and the seizure of €900 million in illicit criminal proceeds. The law enforcement agency said that a subsequent joint investigation initiated by French and Dutch authorities intercepted and...

The vulnerability of the monitoring software for the status and functions of Advantech R-SeeNet routers lies in the possibility of using strictly encrypted login data, which allows a hacker to gain increased privileges.

The vulnerability of the monitoring software for the status and functions of Advantech R-SeeNet routers lies in the possibility of using strictly encrypted login data. Exploiting this vulnerability could allow a malicious actor to gain increased privileges...

The vulnerability of NETGEAR RAX30 router microprogramming software, related to the use of strictly encrypted login credentials, allows a hacker to gain full access to the system.

The vulnerability of NETGEAR RAX30 router microprogramming software lies in the use of strictly encrypted login credentials. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain full access to the system...

New Report Exposes Operation Triangulation's Spyware Implant Targeting iOS Devices

More details have emerged about the spyware implant that's delivered to iOS devices as part of a campaign called Operation Triangulation. Kaspersky, which discovered the operation after becoming one of the targets at the start of the year, said the malware has a lifespan of 30 days, after which i...

ChamelGang Strikes Again With ChamelDoH Malware XDNS-over-HTTPS

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The Chinese threat group ChamelGang has developed the Linux malware ChamelDoH, which uses DNS-over-HTTPS for encrypted communication with attackers. To receive real-time threat advisories, please follow...

Ricoh Printer Driver Packager NX 数据伪造问题漏洞

Ricoh Printer Driver Packager NX is a tool for IT managers at Ricoh Japan to customize and package printer drivers. A security vulnerability exists in Ricoh Printer Driver Packager NX versions v1.0.02 through v1.1.25, which originated when administrator privileges are required for the installatio...

CVE-2023-30757

A vulnerability has been identified in Totally Integrated Automation Portal TIA Portal V14 All versions, Totally Integrated Automation Portal TIA Portal V15 All versions, Totally Integrated Automation Portal TIA Portal V15.1 All versions, Totally Integrated Automation Portal TIA Portal V16 All...

CVE-2023-29501

Jiyu Kukan Toku-Toku coupon App for iOS versions 3.5.0 and earlier, and Jiyu Kukan Toku-Toku coupon App for Android versions 3.5.0 and earlier are vulnerable to improper server certificate verification. If this vulnerability is exploited, a man-in-the-middle attack may allow an attacker to...

PT-2023-24268 · Marval · Marval Msm

Name of the Vulnerable Software and Affected Versions: Marval MSM versions 14.19.0.12476 and earlier Description: The issue concerns the use of a static encryption key for secrets in Marval MSM. An attacker who gains access to encrypted secrets can decrypt them by using this key. Recommendations:...

CVE-2023-0547

OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug. This vulnerability affects Thunderbird 102.10...

PT-2023-24780 · Bmc · Bmc Patrol

Name of the Vulnerable Software and Affected Versions: BMC Patrol versions prior to 22.1.00 Description: An issue was discovered where the agent's configuration can be remotely queried, containing the Patrol account password encrypted with a default AES key. This account can then be used to achie...

The vulnerability of the microprogramming software in Schneider Electric Easergy P40 relay protection and control devices allows a intruder to manipulate network traffic.

The vulnerability of microprogrammed software in relay protection and control devices from Schneider Electric’s Easergy P40 lies in the use of rigidly encrypted account data. Exploiting this vulnerability could allow a malicious actor to manipulate network traffic remotely...

CVE-2020-29547

An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS commands, injecting cleartext commands into an encrypted user session. This can lead to credential disclosure...

Design/Logic Flaw

An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS commands, injecting cleartext commands into an encrypted user session. This can lead to credential disclosure...