191 matches found
CVE-2024-4611 AppPresser <= 4.3.2 - Improper Missing Encryption Exception Handling to Authentication Bypass
The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decryptvalue' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the sit...
WordPress AppPresser plugin <= 4.3.2 - Improper Missing Encryption Exception Handling to Authentication Bypass vulnerability
Improper Missing Encryption Exception Handling to Authentication Bypass vulnerability discovered by István Márton in WordPress Plugin AppPresser versions = 4.3.2...
(Pwn2Own) Phoenix Contact CHARX SEC-3100 Missing Encryption Authentication Bypass Vulnerability
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of nginx. The issue results from a lac...
WordPress Frontend Admin by DynamiApps plugin <= 3.19.4 - Improper Missing Encryption Exception Handling to Form Manipulation vulnerability
Improper Missing Encryption Exception Handling to Form Manipulation vulnerability discovered by István Márton in WordPress Plugin Frontend Admin by DynamiApps versions = 3.19.4...
CVE-2024-25027
IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607...
CVE-2024-25027
IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607...
CVE-2024-25027 IBM Security Verify Access Container information disclosure
IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607...
CVE-2024-25027 IBM Security Verify Access Container information disclosure
IBM Security Verify Access 10.0.6 could disclose sensitive snapshot information due to missing encryption. IBM X-Force ID: 281607...
Dell BSAFE Micro Edition Suite Trust Management Issues Vulnerability
The Dell BSAFE Micro Edition Suite is a development toolkit from Dell Inc. that provides cryptographic, certificate, and transport layer security for c/c++ applications, devices, and systems. A security vulnerability exists in Dell BSAFE Micro Edition Suite versions prior to 4.5.2 and Dell BSAFE...
The vulnerability of the software for managing and controlling access to corporate resources and IBM Security Verify Governance applications arises from the lack of encryption measures for protected data, allowing attackers to disclose protected information.
The vulnerability of the software for managing and controlling access to corporate resources and IBM Security Verify Governance applications arises from the lack of encryption measures for protected data. Exploiting this vulnerability can allow a malicious actor to disclose protected information...
CVE-2023-50126
Missing encryption in the RFID tags of the Hozard alarm system Alarmsysteem v1.0 allow attackers to create a cloned tag via brief physical proximity to one of the original tags, which results in an attacker being able to bring the alarm system to a disarmed state...
CVE-2023-50129
Missing encryption in the NFC tags of the Flient Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original tags, which results in an attacker gaining access to the perimeter...
Missing Encryption Of Sensitive Data
curl is vulnerable to Missing Encryption of Sensitive Data. The vulnerability is due to When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use...
The vulnerability of the IBM Security Directory Server software lies in the lack of encryption for confidential data, which allows attackers to carry out “man-in-the-middle” attacks.
The vulnerability of the IBM Security Directory Server data storage and management software is related to the lack of encryption for confidential data. Exploiting this vulnerability could allow a malicious actor to carry out a “man-in-the-middle” attack...
Vulnerability of the functions EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2(), and EVP_CipherInit_ex2() of the OpenSSL cryptographic library, which allows a perpetrator to gain unauthorized access to protected information
The vulnerabilities of the functions EVPEncryptInitex2, EVPDecryptInitex2, and EVPCipherInitex2 in the OpenSSL cryptographic library are related to the absence of necessary encryption steps. Exploiting these vulnerabilities can allow a remote attacker to gain unauthorized access to protected...
Pulp: Tokens stored in plaintext
A flaw exists in the collection remote for pulpansible, where tokens are stored in plaintext instead of using pulp's encrypted field. This flaw allows an attacker with sufficient privileges to read the stored tokens, resulting in the loss of confidentiality...
CVE-2023-44098
Vulnerability of missing encryption in the card management module. Successful exploitation of this vulnerability may affect service confidentiality...
PT-2023-29098 · Huawei · Emui +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns a vulnerability of missing encryption in the card management module. Successful exploitation of this vulnerability may affect service...
CVE-2023-41096
Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM SecureVault High modules allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier...
Design/Logic Flaw
Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM SecureVault High modules allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs OpenThread SDK: 2.3.1 and earlier...