CVE-2024-3544

Unauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require a shared secret th...

CVE-2024-3544

Unauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require a shared secret th...

CVE-2024-3544 LoadMaster Hardcoded SSH Key

Unauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require a shared secret th...

CVE-2024-3544 LoadMaster Hardcoded SSH Key

Unauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require a shared secret th...

PT-2024-26505 · Kemp · Kemp Loadmaster

Name of the Vulnerable Software and Affected Versions: Kemp LoadMaster affected versions not specified Description: Unauthenticated attackers can perform actions using SSH private keys by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster grou...

matrix-server-isenguard (=0.1.1), matrix-synapse-testutils (>=1.65.0.0 <=1.95.0.0) +7 more potentially affected by CVE-2023-43796 via matrix-synapse (>=0.33.9 <=1.95.0)

matrix-synapse PYPI version =0.33.9, =1.65.0.0, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2023-43796 Source advisory: OSV:GHSA-MP92-3JFM-3575...

GHSA-CQVV-R3G3-26RF free5GC udm vulnerable to Invalid Curve Attack

pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is used, allows an Invalid Curve Attack because it may compute a shared secret via an uncompressed public key that has not been validated. An attacker can send arbitrary SUCIs to the UDM, which tries to decrypt them via both its...

CVE-2023-46324

pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is used, allows an Invalid Curve Attack because it may compute a shared secret via an uncompressed public key that has not been validated. An attacker can send arbitrary SUCIs to the UDM, which tries to decrypt them via both its...

PT-2023-29960 · Free5Gc · Free5Gc

Name of the Vulnerable Software and Affected Versions: free5GC udm versions prior to 1.2.0 Description: The issue allows an Invalid Curve Attack because it may compute a shared secret via an uncompressed public key that has not been validated. An attacker can send arbitrary SUCIs to the UDM, whic...

matrix-server-isenguard (=0.1.1), matrix-synapse-testutils (>=1.65.0.0 <=1.93.0.0) +7 more potentially affected by CVE-2023-45129 via matrix-synapse (>=0.33.9 <=1.93.0)

matrix-synapse PYPI version =0.33.9, =1.65.0.0, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2023-45129 Source advisory: OSV:PYSEC-2023-199...

CVE-2023-43485

When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

K06110200: BIG-IP and BIG-IQ TACACS+ audit log vulnerability CVE-2023-43485

Security Advisory Description When TACACS+ audit forwarding is configured on a BIG-IP or BIG-IQ system, shared secret is logged in plaintext in the audit log. CVE-2023-43485 Impact An authenticated attacker with at least auditor role privileges can view shared secret. There is no data plane...

Insufficiently Protected Credentials

github.com/schollz/croc is vulnerable to sensitive information disclosure via Insufficiently Protected Credentials. The vulnerability is due to when users specify a custom shared secret via the command line, as it becomes visible on the host's process list for all local users. This can lead to...

Sensitive Information Exposure

github.com/schollz/croc is vulnerable to Sensitive Information Exposure. The vulnerability is due to the way croc uses the leading three characters of a shared secret to select a common "room name". When custom shared secrets are used, the leading three characters might give away information abou...

SUSE CVE-2023-43617

An issue was discovered in Croc through 9.6.5. When a custom shared secret is used, the sender and receiver may divulge parts of this secret to an untrusted Relay, as part of composing a room name...

SUSE CVE-2023-43621

An issue was discovered in Croc through 9.6.5. The shared secret, located on a command line, can be read by local users who list all processes and their arguments...

GHSA-HP56-XVF4-G6WR Cros secrets may be disclosed to untrusted relay

An issue was discovered in Croc before 9.6.16. When a custom shared secret is used, the sender and receiver may divulge parts of this secret to an untrusted Relay, as part of composing a room name...

Cros secrets may be disclosed to untrusted relay

An issue was discovered in Croc before 9.6.16. When a custom shared secret is used, the sender and receiver may divulge parts of this secret to an untrusted Relay, as part of composing a room name...

CVE-2023-43621

An issue was discovered in Croc through 9.6.5. The shared secret, located on a command line, can be read by local users who list all processes and their arguments...

CVE-2023-43617

An issue was discovered in Croc through 9.6.5. When a custom shared secret is used, the sender and receiver may divulge parts of this secret to an untrusted Relay, as part of composing a room name...