Brute-force Attack

jwe is vulnerable to Brute-force Attack. The vulnerability is due to insufficient validation of JWE authentication tags, which allows an attacker to brute force tags, recover the GCM GHASH key, and craft arbitrary JWEs leading to loss of confidentiality...

CVE-2022-40675

Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an attacker to decrypt and forge protocol communication messages...

CVE-2024-44730

Incorrect access control in the function handleDataChannelChatdataMessage of Mirotalk before commit c21d58 allows attackers to forge chat messages using an arbitrary sender name...

CVE-2022-40675

Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an attacker to decrypt and forge protocol communication messages...

PT-2023-13887 · Fortinet · Fortinac

Name of the Vulnerable Software and Affected Versions: Fortinet FortiNAC versions 8.3.7, 8.5.0 through 8.5.4, 8.6.0 through 8.6.5, 8.7.0 through 8.7.6, 8.8.0 through 8.8.11, 9.1.0 through 9.1.8, 9.2.0 through 9.2.7, 9.4.0 through 9.4.1 Description: Some cryptographic issues in Fortinet FortiNAC m...

CVE-2021-32593

A use of a broken or risky cryptographic algorithm vulnerability CWE-327 in the Dynamic Tunnel Protocol of FortiWAN before 4.5.9 may allow an unauthenticated remote attacker to decrypt and forge protocol communication messages...

CVE-2022-23441

A use of hard-coded cryptographic key vulnerability CWE-321 in FortiEDR versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow an unauthenticated attacker on the network to disguise as and forge messages from other collectors...

Hardcoded credentials

A use of hard-coded cryptographic key vulnerability CWE-321 in FortiEDR versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow an unauthenticated attacker on the network to disguise as and forge messages from other collectors...

Major Bluetooth Vulnerability

Bluetooth has a serious security vulnerability: In some implementations, the elliptic curve parameters are not all validated by the cryptographic algorithm implementation, which may allow a remote attacker within wireless range to inject an invalid public key to determine the session key with hig...

Android Conscrypt elevation of privilege vulnerability (CNVD-2016-02859)

Android is a Linux-based open-source operating system developed by Google and the Open Handheld Alliance OHA, of which Concrypt is a component that uses OpenSSL to provide Java security. An elevation of privilege vulnerability exists in Conscrypt in versions prior to Android 6.x on 2016-05-01. A...

CVE-2012-5353

Eduserv OpenAthens SP 2.0 for Java allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack."...

CVE-2012-4418

Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."...

Code injection

Secure Elements Class 5 AVR aka C5 EVM before 2.8.1 do not validate the source address of a message, which allows remote attackers to 1 execute arbitrary code on a client or 2 forge messages to the server...