Sequential calls of encryption API (`encrypt`, `wrap`, and `dump`) result in nonce reuse

Problem: Trying to create a new encrypted message with the same cocoon object generates the same ciphertext. It mostly affects MiniCocoon and Cocoon objects with custom seeds and RNGs where StdRng is used under the hood. Note: The issue does NOT affect objects created with Cocoon::new which...

PT-2023-1689 · Mendix · Mendix Saml

Name of the Vulnerable Software and Affected Versions: Mendix SAML Mendix 7 compatible versions 1.16.4 through 1.17.3 Mendix SAML Mendix 8 compatible versions 2.2.0 through 2.3.0 Mendix SAML Mendix 9 latest compatible, New Track versions 3.1.9 through 3.3.1 Mendix SAML Mendix 9 latest compatible,...

PT-2020-15422 · Jenkins · Jenkins Slack Upload Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Slack Upload Plugin versions 1.7 and earlier Description: The issue allows users with Extended Read permission, or access to the master file system, to view a secret stored unencrypted in job config.xml files on the Jenkins master...

RhinoSoft Serv-U remote administration client transmits password in plaintext

Overview A vulnerability exists in the remote administration client for RhinoSoft Serv-U. During the authentication process, the client ignores the S/KEY one-time password OTP challenge sent by the server and sends the password entered by the user in plaintext. Description RhinoSoft Serv-U is a...