EUVD-2008-2296

Malware in sbrugna...

CVE-2022-46834

Use of a Broken or Risky Cryptographic Algorithm in SICK RFU65x firmware version v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the...

Updated corosync packages fix security vulnerability

Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orftokenendianconvert in exec/totemsrp.c via a large UDP packet. CVE-2025-30472...

CVE-2024-5462

CVE-2024-5462 affects Brocade Fabric OS before version 9.2.0. If SNMP password encryption is not enabled, the privsecret/authsecret fields may be exposed in plaintext in configupload or supportsave captures, allowing an attacker to query SNMPv3 OIDs and potentially modify a limited set of MIB obj...

CVE-2024-22193 vantage6 unencrypted task can be created in encrypted collaboration

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a tas...

Introducing AI-guided Remediation for IaC Security / KICS

While the use of Infrastructure as Code IaC has gained significant popularity as organizations embrace cloud computing and DevOps practices, the speed and flexibility that IaC provides can also introduce the potential for misconfigurations and security vulnerabilities. IaC allows organizations to...

CVE-2020-17516

Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internodeencryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can use the unencrypted connection despit...

Description of the 2007 Office suite SP3 and of Office Language Pack 2007 SP3

Describes the improvements that the 2007 Office suite SP3 and Office Language Pack 2007 SP3 provide and the issues that they fix.IntroductionThe 2007 Microsoft Office suite Service Pack 3 SP3 and Microsoft Office Language Pack 2007 SP3 provide the latest updates to the 2007 Office suite and to...

Man-In-The-Middle (MitM)

NTLMSSP authentication implementation in samba is vulnerable to man-in-the-middle vulnerability. This allows a remote attacker to modify client-server data stream to remove application-layer flags or encryption settings...

Quest DR Series Disk Backup Software Command Injection Vulnerability (CNVD-2018-15888)

The Quest DR Series are disk storage and deduplication appliances. A command injection vulnerability exists in the setencryptionsettings method in versions of Quest DR Series disk backup software prior to 4.0.3.1. An attacker could exploit this vulnerability to execute arbitrary system commands...

OpenAFS Multiple Vulnerabilities - 01 - Windows

OpenAFS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openafs:openafs"; ifdescription...

UBUNTU-CVE-2016-2110

The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as...

Design/Logic Flaw

Unspecified vulnerability in SecureICA and ICA Basic encryption of Citrix Presentation Server 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 can cause clients to use weaker encryption settings than configured by the administrator, which might allow attackers to bypass...

Alice Gate2 Plus Wi-Fi Router - Cross-Site Request Forgery

Alice Gate2 Plus Wi-Fi Router - Cross-Site Request Forgery source: https://www.securityfocus.com/bid/27374/info Alice Gate2 Plus Wi-Fi routers are prone to a cross-site request-forgery vulnerability. An attacker can exploit this issue to alter administrative configuration on affected devices...