Lucene search
K

59 matches found

OSV
OSV
added 2024/07/16 5:15 p.m.4 views

CVE-2024-6326

An exposure of sensitive information vulnerability exists in the Rockwell Automation FactoryTalk® System Service. A malicious user could exploit this vulnerability by starting a back-up or restore process, which temporarily exposes private keys, passwords, pre-shared keys, and database folders wh...

5.5CVSS5.8AI score0.00176EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/16 4:51 p.m.30 views

CVE-2024-6326 Rockwell Automation Unsecured Private Keys in FactoryTalk® System Services

An exposure of sensitive information vulnerability exists in the Rockwell Automation FactoryTalk® System Service. A malicious user could exploit this vulnerability by starting a back-up or restore process, which temporarily exposes private keys, passwords, pre-shared keys, and database folders wh...

1.8CVSS0.00176EPSS
Exploits0References1
CVE
CVE
added 2024/07/16 4:51 p.m.51 views

CVE-2024-6326

CVE-2024-6326 affects Rockwell Automation FactoryTalk System Service. The vulnerability arises from a lack of explicit permissions on the backup folder, allowing a local attacker who starts a backup/restore process to temporarily access sensitive data (private keys, passwords, pre‑shared keys, an...

5.5CVSS5.3AI score0.00176EPSS
Exploits0References1Affected Software2
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.21 views

RHEL 7 : openswan (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - IKEv1: IKEv1 protocol vulnerability in the authentication mode with pre-shared keys in the main mode of operation...

5.9CVSS6.5AI score0.03038EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.25 views

RHEL 8 : openswan (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - IKEv1: IKEv1 protocol vulnerability in the authentication mode with pre-shared keys in the main mode of operation...

5.9CVSS6.5AI score0.03038EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2024/04/27 3:5 a.m.1 views

SUSE CVE-2024-2357

The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys authby=secret and the connection cannot find a matching configured secret. When such a connection is automatically added on startu...

6.5CVSS6.5AI score0.00944EPSS
Exploits0References2
OSV
OSV
added 2024/04/12 11:7 a.m.3 views

OESA-2024-1409 libreswan security update

Libreswan is an implementation of IKEv1 and IKEv2 for IPsec. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the...

6.5CVSS7.1AI score0.00944EPSS
Exploits0References2
OSV
OSV
added 2024/03/11 8:15 p.m.6 views

AZL-35885 CVE-2024-2357 affecting package libreswan for versions less than 4.15-1

The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys authby=secret and the connection cannot find a matching configured secret. When such a connection is automatically added on startu...

6.5CVSS6.6AI score0.00944EPSS
Exploits0References1
OSV
OSV
added 2024/03/11 8:15 p.m.1 views

DEBIAN-CVE-2024-2357

The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys authby=secret and the connection cannot find a matching configured secret. When such a connection is automatically added on startu...

6.5CVSS5.8AI score0.00944EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/03/11 12:0 a.m.4 views

PT-2024-3056 · Libreswan +6 · Libreswan +6

Name of the Vulnerable Software and Affected Versions: libreswan versions prior to 4.14 Description: The issue causes libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys authby=secret and the connection cannot find a matching configured...

7.8CVSS6.5AI score0.00944EPSS
Exploits0References49
CNNVD
CNNVD
added 2024/03/11 12:0 a.m.2 views

Libreswan security breach

Libreswan is an IPsec implementation similar to Openswan, which is primarily used to ensure security and integrity issues in data transmission. A security vulnerability exists in Libreswan that stems from when a connection is configured to use PreSharedKeys authby=secret and the connection fails ...

6.5CVSS6.9AI score0.00944EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:5 a.m.4 views

SUSE CVE-2009-0365

nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover 1 network connection passwords and 2 pre-shared keys via calls to the GetSecrets method in the dbus request handler...

4.6CVSS6.7AI score0.00785EPSS
Exploits2References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:18 a.m.3 views

SUSE CVE-2015-4171

strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtai...

2.6CVSS7.2AI score0.02028EPSS
Exploits0References8
CNNVD
CNNVD
added 2022/01/17 12:0 a.m.7 views

Stormshield SSO 日志信息泄露漏洞

Stormshield SES Evolution is a security solution from the French company Stormshield. A security vulnerability exists in Stormshield SSO that stems from plaintext user passwords and PSKs being included in the log files of the .exe installer...

5.5CVSS5.7AI score0.00236EPSS
Exploits0References2
Kitploit
Kitploit
added 2021/01/30 8:30 p.m.140 views

PSC - E2E Encryption For Multi-Hop Tty Sessions Or Portshells + TCP/UDP Port Forward

DNS lookup and SSH session forwarded across an UART connection to a Pi PSC allows to e2e encrypt shell sessions, single- or multip-hop, being agnostic of the underlying transport, as long as it is reliable and can send/receive Base64 encoded data without modding/filtering. Along with the e2e pty...

7.1AI score
Exploits0References1
NVD
NVD
added 2020/05/18 4:15 p.m.25 views

CVE-2020-11550

An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite SRS60 AC3000 V2.5.1.106, Outdoor Satellite RBS50Y V2.5.1.106, and Pro Tri-Band Business WiFi Router SRR60 AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote leak of sensitive/arbitra...

7.4CVSS6.8AI score0.01568EPSS
Exploits1References3
CVE
CVE
added 2020/05/18 3:46 p.m.72 views

CVE-2020-11550

The CVE-2020-11550 entry concerns NETGEAR Orbi devices: SRS60 AC3000 (SW 2.5.1.106), Outdoor Satellite RBS50Y (2.5.1.106), and SRR60 AC3000 (2.5.1.106). The issue is an unauthenticated disclosure via the administrative SOAP interface that can leak sensitive Wi‑Fi data, including SSIDs and PSKs. R...

7.4CVSS6.6AI score0.01568EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2020/04/10 12:31 a.m.24 views

Information Disclosure

networkmanager is vulnerable to information disclosure. An information disclosure flaw was found in NetworkManager's D-Bus interface. A local attacker could leverage this flaw to discover sensitive information, such as network connection passwords and pre-shared keys...

4.6CVSS1.5AI score0.00785EPSS
Exploits2References22Affected Software1
OSV
OSV
added 2019/05/23 1:29 p.m.6 views

DEBIAN-CVE-2019-11873

wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when a current identity size is greater than a client identity size. An attacker sends a crafted hello client packet over the network to a TLSv1.3 wolfSSL server. The length fields of the packet: record length, client hello length,...

9.8CVSS9.5AI score0.08777EPSS
Exploits0References1
Snyk
Snyk
added 2019/05/23 1:29 p.m.7 views

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when a current identity size is greater than a client identity size. An attacker sends a crafted hello client packet over the network to a TLSv1.3 wolfSSL...

9.8CVSS8AI score0.08777EPSS
Exploits0References2
Rows per page
Query Builder