24 matches found
SSH Key Persistence
This Metasploit module will add an SSH key to a specified user or all, to allow remote login via SSH at any time. No payload is required for this module to work. If an SSH key is not provided, a new 4096 bit RSA keypair will be generated. The private key will be stored as loot for later use...
CVE-2019-7593
Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a shared RSA key pair for certain encryption operations involving the Site Management Portal SMP...
EUVD-2019-17131
Malware in sbrugna...
EUVD-2023-45874
Malicious code in bioql PyPI...
EUVD-2024-35354
Malicious code in bioql PyPI...
CVE-2024-35537
TVS Motor Company Limited TVS Connect Android v4.6.0 and IOS v5.0.0 was discovered to insecurely handle the RSA key pair, allowing attackers to possibly access sensitive information via decryption...
CVE-2022-48625
Yealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key pair, and thus there is a risk of decryption by an adversary...
CVE-2024-35537
CVE-2024-35537 affects TVS Motor Company Limited TVS Connect on Android v4.6.0 and iOS v5.0.0. The root cause is insecure handling of the RSA key pair, which could allow an attacker to decrypt and access sensitive information. Publicly available documents consistently describe the issue as improp...
CVE-2022-48625
Yealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key pair, and thus there is a risk of decryption by an adversary...
CVE-2022-48625
Yealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key pair, and thus there is a risk of decryption by an adversary...
CVE-2022-48625
Yealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key pair, and thus there is a risk of decryption by an adversary...
Hardcoded credentials
The vulnerability allows an unprivileged untrusted third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcode...
CVE-2023-41372
The vulnerability allows an unprivileged untrusted third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcode...
Cisco Adaptive Security Appliance Software Low Entropy Keys (cisco-sa-asa5500x-entropy-6v9bHVYP)
A vulnerability in the deterministic random bit generator DRBG, also known as pseudorandom number generator PRNG in Cisco Adaptive Security Appliance ASA Software for Cisco ASA 5506-X, ASA-5508-X and ASA 5516-X Firewalls could allow an unauthenticated, remote attacker to cause a cryptographic...
CVE-2022-34746
An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring...
Code injection
Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a shared RSA key pair for certain encryption operations involving the Site Management Portal SMP...
CVE-2019-7593 Metasys use of shared RSA key pairs
Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a shared RSA key pair for certain encryption operations involving the Site Management Portal SMP...
Bouncy Castle has a flaw in the Low-level interface to RSA key pair generator
Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 bet...
RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.1.4 on RHEL 6 (RHSA-2018:2423)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2423 advisory. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red...
Several Security Defects in the Bouncy Castle Crypto APIs
The Legion of the Bouncy Castle reports: Release 1.60 is now available for download. CVE-2018-1000180: issue around primality tests for RSA key pair generation if done using only the low-level API. CVE-2018-1000613: lack of class checking in deserialization of XMSS/XMSS^MT private keys with BDS...