5470 matches found
CVE-2024-40590
An improper certificate validation vulnerability CWE-295 in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager device, a FortiAnalyzer device, or an SMTP server may allow an unauthenticated attacker in a...
CVE-2024-40590
CVE-2024-40590 describes an improper certificate validation (CWE-295) in FortiPortal. Affected are FortiPortal versions 7.4.0, 7.2.4 and below, 7.0.8 and below, and 6.0.15 and below when connecting to a FortiManager device, FortiAnalyzer device, or an SMTP server. This allows an unauthenticated a...
Fortinet FortiManager和Fortinet FortiAnalyzer 日志信息泄露漏洞
Fortinet FortiManager and Fortinet FortiAnalyzer are both products of Fortinet, Inc. Fortinet FortiManager is a centralized network security management platform. The platform supports centralized management of any number of Fortinet devices, and can be grouped into different management domains AD...
The vulnerability of the Secure Encrypted Virtualization (SEV) technology of AMD’s microprogramming processor allows a hacker to gain unauthorized access to protected information.
The vulnerability of the Secure Encrypted Virtualization SEV technology of AMD microprocessors lies in the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The command-line interface vulnerability of the FortiSandbox system allows a intruder to gain unauthorized access to protected information.
The vulnerability of the command-line interface of the FortiSandbox threat detection and removal system is related to the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
How to Use Signal Encrypted Messaging
The best end-to-end encrypted messaging app has a host of security features. Here are the ones you should care about...
CVE-2025-27255
Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable by an attacker analyzing the application code...
DEBIAN-CVE-2025-21844
In the Linux kernel, the following vulnerability has been resolved: smb: client: Add check for nextbuffer in receiveencryptedstandard Add check for the return value of cifsbufget and cifssmallbufget in receiveencryptedstandard to prevent null pointer dereference...
AZL-58518 CVE-2025-21844 affecting package kernel for versions less than 6.6.82.1-1
In the Linux kernel, the following vulnerability has been resolved: smb: client: Add check for nextbuffer in receiveencryptedstandard Add check for the return value of cifsbufget and cifssmallbufget in receiveencryptedstandard to prevent null pointer dereference...
UBUNTU-CVE-2025-21844
In the Linux kernel, the following vulnerability has been resolved: smb: client: Add check for nextbuffer in receiveencryptedstandard Add check for the return value of cifsbufget and cifssmallbufget in receiveencryptedstandard to prevent null pointer dereference...
CVE-2025-21844
In the Linux kernel, the following vulnerability has been resolved: smb: client: Add check for nextbuffer in receiveencryptedstandard Add check for the return value of cifsbufget and cifssmallbufget in receiveencryptedstandard to prevent null pointer dereference...
SUSE CVE-2025-26696
Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8...
Information Disclosure
Jenkins is vulnerable to information disclosure. The vulnerability is due to improper redaction of encrypted secret values in config.xml when accessed via REST API or CLI, allowing attackers with View/Read permission to retrieve sensitive information...
PT-2025-10811 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Windows 10 Version 1809 Windows versions prior to the patch released on 2025-03-11 Description: A security-feature bypass vulnerability in Windows Mark of the Web MOTW allows an unauthorized attacker to bypass a security feature locally. This...
CVE-2025-26696
Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability affects Thunderbird 136 and Thunderbird 128.8...
DEBIAN-CVE-2025-26696
Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8...
CVE-2025-26696
Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability affects Thunderbird 136 and Thunderbird 128.8...
CVE-2025-26696 Crafted email message incorrectly shown as being encrypted
Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8...
CVE-2025-27255
Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable by an attacker analyzing the application code...
BIT-JENKINS-2025-27622
Jenkins 2.499 and earlier, LTS 2.492.1 and earlier does not redact encrypted values of secrets when accessing config.xml of agents via REST API or CLI, allowing attackers with Agent/Extended Read permission to view encrypted values of secrets...