Lucene search
+L

273 matches found

ATTACKERKB
ATTACKERKB
added 2022/08/15 11:21 a.m.7 views

CVE-2022-37400

Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where the required initialization vector for encryption was always the same...

8.8CVSS7.4AI score0.0082EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/08/13 6:40 a.m.30 views

CVE-2022-37400 Apache OpenOffice Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password

Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where the required initialization vector for encryption was always the same...

8.1AI score0.0082EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/08/13 12:0 a.m.5 views

PT-2022-23973 · Apache · Apache Openoffice +1

Name of the Vulnerable Software and Affected Versions: Apache OpenOffice versions prior to 4.1.13 Description: A flaw in Apache OpenOffice exists where the required initialization vector for encryption is always the same, weakening the security of the encryption. This makes stored passwords...

8.8CVSS8.5AI score0.0082EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/08/10 12:0 a.m.6 views

Intel PROSet/Wireless WiFi Software 加密问题漏洞

Intel PROSet/Wireless WiFi Software is a wireless network card driver from Intel Corporation USA. A security vulnerability exists in Intel PROSet/Wireless WiFi Software, which stems from insufficient encryption strength. The vulnerability can be exploited by an attacker to elevate privileges...

8.8CVSS7.8AI score0.00152EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/08/04 12:0 a.m.7 views

The vulnerability of the LibreOffice office software’s user configuration database allows a hacker to disclose protected information.

The vulnerability of the LibreOffice office software’s user configuration database is related to insufficiently secure data encryption. Exploiting this vulnerability could allow a malicious actor to disclose protected information from a remote location...

7.8CVSS7.5AI score0.00804EPSS
Exploits0References8Affected Software4
BDU FSTEC
BDU FSTEC
added 2022/08/04 12:0 a.m.5 views

The vulnerability of the LibreOffice office software package, related to insufficient data encryption, allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the LibreOffice office software package is related to insufficiently robust data encryption. Exploiting this vulnerability could allow an attacker, operating remotely, to compromise the confidentiality, integrity, and accessibility of the protected information...

9CVSS7.8AI score0.01139EPSS
Exploits0References8Affected Software4
ATTACKERKB
ATTACKERKB
added 2022/07/26 10:15 p.m.3 views

CVE-2022-30273

The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption mode, traffic is encrypted via the Tiny Encryption Algorithm TEA block-cipher in ECB mode. This mode of operation does n...

9.8CVSS7.3AI score0.00325EPSS
Exploits0References4
OSV
OSV
added 2022/07/25 3:15 p.m.1 views

DEBIAN-CVE-2022-26306

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which...

7.5CVSS7.8AI score0.00804EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/07/25 3:15 p.m.4 views

CVE-2022-26306

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which...

7.5CVSS5.9AI score0.00804EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/07/25 3:15 p.m.8 views

UBUNTU-CVE-2022-26306

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where the required initialization vector for encryption was always the same which...

7.5CVSS7.1AI score0.00804EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/07/08 12:0 a.m.5 views

IBM Security Access Manager Appliance 加密问题漏洞

IBM Security Access Manager Appliance ISAM Appliance is a network appliance-based security solution from IBM, USA. The product is mainly used for access control and Web-based threat protection, providing system performance monitoring, log analysis and diagnosis. A security vulnerability exists in...

7.5CVSS6.6AI score0.00642EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2022/06/28 12:0 a.m.6 views

The vulnerability of the BSAP/IP protocol implementation of the telemechanics controller ControlWave and the Bristol Babcock 33xx controller allows a perpetrator to disclose protected information.

The vulnerability of the BSAP/IP protocol implementation of the telemechanics controller ControlWave and the Bristol Babcock 33xx controller is related to insufficient encryption strength. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...

7.8CVSS5.5AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/06/28 12:0 a.m.6 views

The vulnerability of the BSAP/IP protocol implementation of the telemechanics controller ControlWave and the Bristol Babcock 33xx controller allows a hacker to disclose protected information.

The vulnerability of the BSAP/IP protocol implementation of the telemechanics controller ControlWave and the Bristol Babcock 33xx controller is related to insufficient encryption strength. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...

7.8CVSS5.5AI score
Exploits0References2
OSV
OSV
added 2022/05/13 1:36 a.m.5 views

GHSA-R9Q2-3R6X-QMGP Inadequate Encryption Strength in Jenkins

Jenkins before versions 2.44 and 2.32.2 uses AES ECB block cipher mode without IV for encrypting secrets which makes Jenkins and the stored secrets vulnerable to unnecessary risks SECURITY-304...

4.3CVSS5.9AI score0.01098EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/05/04 12:0 a.m.6 views

Secomea 多款产品加密问题漏洞

Secomea GateManager and Secomea SiteManager are both products of Secomea, Denmark.GateManager is a remote access server product.Secomea SiteManager is a software application. Secomea SiteManager is a software application that provides a remote maintenance function for industrial equipment. A...

8.1CVSS7.8AI score0.00216EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/04/29 12:0 a.m.3 views

IBM UrbanCode Deploy 加密问题漏洞

IBM UrbanCode Deploy UCD is a set of application automation deployment tools from IBM Corporation in the United States. The tool is based on an application deployment automation management information model, and through remote agent technology to automate the deployment of complex applications in...

7.5CVSS5.7AI score0.00639EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/04/20 12:0 a.m.6 views

PT-2022-13792 · Hills · Hills Comnav

Name of the Vulnerable Software and Affected Versions: Hills ComNav version 3002-19 Description: The issue concerns a weak communication channel in the configuration pages of the system. Traffic across the local network can be viewed by a malicious actor, and the size of certain communications...

6.2CVSS5.2AI score0.00096EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/04/01 12:0 a.m.5 views

IBM UrbanCode Deploy 加密问题漏洞

IBM UrbanCode Deploy UCD is a suite of application automation deployment tools from IBM. The tool is based on an application deployment automation management information model, and through remote agent technology to automate the deployment of complex applications in different environments, etc. I...

7.5CVSS5.6AI score0.00692EPSS
Exploits0References3
Prion
Prion
added 2022/02/09 11:15 p.m.22 views

Code injection

A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. Affected Product: ClearSCADA All Versions, EcoStruxure Geo SCADA Expert 2019 All Versions, EcoStruxure Geo SCADA Expert...

5CVSS7.5AI score0.00391EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/12/25 12:0 a.m.9 views

NetBSD 安全特征问题漏洞

NetBSD is an open source Unix-like operating system from the NetBSD Foundation. NetBSD suffers from a security signature issue vulnerability that stems from the IPv4 ID generation algorithm not using proper encryption measures in NetBSD through 9.2...

7.5CVSS7.3AI score0.00964EPSS
Exploits0References3
Rows per page
Query Builder