61 matches found
CVE-2024-39342
Entrust Instant Financial Issuance formerly known as Cardwizard 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier uses a DLL library i.e. DCG.Security.dll with a custom AES encryption process that relies on static hard-coded key values. These keys are not uniquely generated per installation of t...
EUVD-2019-17742
Malware in sbrugna...
EUVD-2018-8951
Malware in sbrugna...
EUVD-2019-15297
Malware in sbrugna...
EUVD-2023-37448
Malicious code in bioql PyPI...
EUVD-2022-34888
Malicious code in bioql PyPI...
EUVD-2022-28660
Malicious code in bioql PyPI...
CVE-2023-33283
Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. An attacker that gains access to encrypted secrets can decrypt them by using this key...
CVE-2022-23724
Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To exploit the vulnerability, must have compromised user credentials...
CVE-2018-17177
An issue was discovered on Neato Botvac Connected 2.2.0 and Botvac 85 1.2.1 devices. Static encryption is used for the copying of so-called "black box" logs event logs and core dumps to a USB stick. These logs are RC4-encrypted with a 9-character password of ^JEd4W!I that is obfuscated by hiding ...
CVE-2024-12078 ECOVACS lawnmowers and vacuums static BLE GATT encryption key
ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key...
CVE-2024-5764 Nexus Repository 3 - Static hard-coded encryption passphrase used by default
Use of Hard-coded Credentials vulnerability in Sonatype Nexus Repository has been discovered in the code responsible for encrypting any secrets stored in the Nexus Repository configuration database SMTP or HTTP proxy credentials, user tokens, tokens, among others. The affected versions relied on ...
CVE-2024-20280
A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method that is used fo...
Google Nest 授权问题漏洞
Google Nest is a smart home product by Google, an American company. Google Nest has a security vulnerability. The vulnerability allows unauthenticated nodes to forge radio frames using "Key ID Mode 2", a special mode that uses a static encryption key to bypass security checks, allowing arbitrary ...
User Registration < 3.0.2.1 - Subscriber+ Arbitrary File Upload
The plugin uses a static encryption key and does not validate the file path when renaming profile pictures, which could allow any authenticated users, such as subscriber, to upload arbitrary files such as PHP on the server...
CVE-2023-33283
Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. An attacker that gains access to encrypted secrets can decrypt them by using this key...
CVE-2023-33283
Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. An attacker that gains access to encrypted secrets can decrypt them by using this key...
Code injection
Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. An attacker that gains access to encrypted secrets can decrypt them by using this key...
CVE-2023-33283
Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. An attacker that gains access to encrypted secrets can decrypt them by using this key...
CVE-2023-33283
CVE-2023-33283 affects Marval MSM up to version 14.19.0.12476, where a static encryption key is used to protect secrets. The underlying issue is the use of a hard-coded/static key for encryption-at-rest, enabling an attacker who gains access to encrypted secrets to decrypt them. The available sou...