561 matches found
Vasion Print Virtual Appliance Host和Vasion Print Application 安全漏洞
Vasion Print Virtual Appliance Host and Vasion Print Application are both products of Vasion Corporation of the U.S.A. Vasion Print Virtual Appliance Host is a print management software.Vasion Print Vasion Print Application is a printer management application. A security vulnerability exists in...
CVE-2025-34209
Vasion Print formerly PrinterLogic Virtual Appliance Host prior to 22.0.862 and Application prior to 20.0.2014 VA and SaaS deployments contain Docker images with the private GPG key and passphrase for the account no‑reply+virtual‑[email protected]. The key is stored in cleartext and the...
CVE-2025-34209 Vasion Print (formerly PrinterLogic) Hardcoded GPG Private Key
Vasion Print formerly PrinterLogic Virtual Appliance Host prior to 22.0.862 and Application prior to 20.0.2014 VA and SaaS deployments contain Docker images with the private GPG key and passphrase for the account no‑reply+virtual‑[email protected]. The key is stored in cleartext and the...
CVE-2025-57601
AiKaan Cloud Controller uses a single hardcoded SSH private key and the username proxyuser for remote terminal access to all managed IoT/edge devices. When an administrator initiates "Open Remote Terminal" from the AiKaan dashboard, the controller sends this same static private key to the target...
PT-2025-38730
Name of the Vulnerable Software and Affected Versions AiKaan Cloud Controller affected versions not specified Description The AiKaan Cloud Controller utilizes a single, hardcoded SSH private key and the username proxyuser for remote terminal access to all managed IoT/edge devices. When an...
CVE-2025-57601
Affected software : AiKaan Cloud Controller. Vulnerability : uses a single hardcoded SSH private key and the same proxyuser for remote terminal access to all managed IoT/edge devices; when Open Remote Terminal is invoked, the static key is sent to the target device, enabling reverse SSH tunnels t...
CVE-2025-57602
Insufficient hardening of the proxyuser account in the AiKaan IoT management platform, combined with the use of a shared, hardcoded SSH private key, allows remote attackers to authenticate to the cloud controller, gain interactive shell access, and pivot into other connected IoT devices. This can...
CVE-2025-55112
Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between th...
CVE-2025-55112
Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between th...
CVE-2025-55112
Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between th...
CVE-2025-55112 BMC Control-M/Agent hardcoded Blowfish keys
Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between th...
CVE-2025-55112
Control-M/Agent, versions 9.0.18–9.0.20 (out-of-support) configured to use a non-default Blowfish encryption implementation rely on a hardcoded key, enabling an attacker with access to network traffic and the key to decrypt traffic between the Control-M/Agent and the Server. Root cause: hardcoded...
CVE-2025-55112 BMC Control-M/Agent hardcoded Blowfish keys
Out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions that are configured to use the non-default Blowfish cryptography algorithm use a hardcoded key. An attacker with access to network traffic and to this key could decrypt network traffic between th...
PT-2025-37942
Name of the Vulnerable Software and Affected Versions: Control-M/Agent versions 9.0.18 through 9.0.20 Description: Out-of-support versions of Control-M/Agent configured to use the non-default Blowfish cryptography algorithm utilize a hardcoded key. An attacker with network access and knowledge of...
Linux Distros Unpatched Vulnerability : CVE-2022-23942
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure...
Evope 1.1.3.20 Hardcoded Cryptographic Key
The component Evope Core in Evope version 1.1.3.20 uses a hardcoded cryptographic key, which means that encryption/decryption keys are permanently embedded in the source code, rather than being securely managed. This creates a critical security flaw because anyone who gains access to or...
CVE-2025-55619
Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering...
CVE-2025-55619
Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering...
CVE-2025-55619
Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering...
CVE-2025-55619
Summary: CVE-2025-55619 affects the Reolink Android app (version 4.54.0.4.20250526). The root cause is a hardcoded encryption key and IV, which attackers can leverage to decrypt access tokens and web session tokens stored in the app via reverse engineering. This vulnerability has a high impact (C...