Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: s390/bpf: Fix bpfplt pointer arithmetic Kui-Feng Lee reported a crash on s390x triggered by the dummystops/dummyinitptrarg test 1: 0x2 bpfstructopstestrun+0x156/0x250 sysbpf+0xa1a/0xd00 s390xsysbpf+0x44/0x50 dosyscall+0x244/0x300...

EUVD-2025-203837

Parse Server is vulnerable to Server-Side Request Forgery SSRF via Instagram OAuth Adapter...

PT-2025-51774

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.2 Parse Server versions prior to 9.1.1-alpha.1 Description Parse Server, a backend deployable on Node.js infrastructure, contains a flaw in its Instagram authentication adapter. Prior to versions 8.6.2 and...

Bangkok Medical Software HOSxP XE 安全特征问题漏洞

Bangkok Medical Software HOSxP XE is a hospital information system software from Bangkok Medical Software, Thailand. A security vulnerability exists in Bangkok Medical Software HOSxP XE version v4.64.11.3, which originates from the inclusion of hardcoding in the HOSxPXE4.exe and HOS-WIN32.INI...

CVE-2024-41885

CVE-2024-41885 affects the NVR. The root cause is a hardcoded seed for the encryption key, enabling remote code execution when combined with required local access. Vendor has issued a patch firmware; see the manufacturer report for details and workarounds. Current metrics indicate local attack ve...

CVE-2024-41885 Hardcoding sensitive information

Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. The seed string for the encrypt key was hardcoding. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds...

TOTOLINK A8000RU Root Hardcoding Vulnerability

TOTOLINK A8000RU is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK A8000RU suffers from a Root hard-coding vulnerability, which can be exploited by remote attackers to submit a special request for unauthorized access to the system...

IBM Security Verify Governance Hardcoding Vulnerability (CNVD-2023-83661)

IBM Security Verify Governance is an intelligent identity access platform from International Business Machines IBM, Inc. provides organizations with a platform to analyze, define and control user access and access risk. IBM Security verify Governance suffers from a hard-coded vulnerability that...

Using Kubernetes ConfigMaps for Proper Secret Management

Kubernetes ConfigMaps and Secrets have transformed how you manage containerized applications securely. Read on to learn how ConfigMaps have revolutionized application lifecycle processes by reducing hardcoding efforts and enhancing portability...

Sprecher Automation SPRECON-E-C/P/T3 信任管理问题漏洞

The Sprecher Automation SPRECON-E-C/P/T3 is an industrial device from Sprecher Automation. The Sprecher Automation SPRECON-E-C/P/T3 suffers from a trust management issue vulnerability that stems from faulty hardcoding, which can be exploited by an attacker to remotely take over the device...

Zyxel CloudCNM SecuManager Hardcoding Vulnerability

Zyxel ZyXEL CloudCNM SecuManager is a set of network management software from Zyxel, Taiwan, China. Zyxel CloudCNM SecuManager ejabberd has a hard-coded vulnerability that can be exploited by remote attackers to submit special requests for unauthorized access to the application system...

Delta Industrial Automation DIALink Hardcoded Cryptographic Key Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Delta Industrial Automation DIALink. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of requests to the server. The issue results from...

Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass

Exploit Title : Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass Exploit Author : Halis Duraki @0xduraki Date : 2020-05-28 Product : http-protection Crystal Shard Product URI : https://github.com/rogeriozambon/http-protection Version : http-protection = 0.2.0 CVE : N/A About the product...

Moxa PT-7528 and PT-7828 Series Hardcoding Vulnerabilities

Moxa PT-7528 and PT-7828 Series are both Ethernet switches manufactured by Moxa. A hard-coded vulnerability exists in the Moxa PT-7528 and PT-7828 Series, which can be exploited by an attacker to recover confidential data...

CVE-2018-9073

CVE-2018-9073 affects Lenovo Chassis Management Module (CMM) prior to firmware version 2.0.0, where a hard-coded encryption key protects sensitive secrets. If an attacker already compromised the server, possession of this key can allow decryption of protected information. Connected sources confir...

Medtronic MyCareLink Patient Monitor Hardcoding Vulnerability

MyCareLink Patient Monitor is a patient monitor product developed by Medtronic, Inc. A hard-coded vulnerability in the Medtronic MyCareLink Patient Monitor allows an attacker with physical access to remove the device's enclosure, connect to the debug port, and use a password to gain privileged...

Communication message decryption vulnerability exists in the Voyager Android app

The Voyager Android app is a mobile app for buying airline tickets. A communication message decryption vulnerability exists in the TravelSense Android app. The vulnerability stems from fixed-key hardcoding, which can be exploited by an attacker to crack the encryption algorithm and break other...

MGASA-2014-0489 Updated ruby-httpclient package enables SSL negotiation

This new version enables SSL negotiation instead of hardcoding SSLv3...