46 matches found
EUVD-2019-15297
Malware in sbrugna...
EUVD-2022-34888
Malicious code in bioql PyPI...
CVE-2023-33283
Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. An attacker that gains access to encrypted secrets can decrypt them by using this key...
CVE-2022-23724
Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To exploit the vulnerability, must have compromised user credentials...
CVE-2024-12078 ECOVACS lawnmowers and vacuums static BLE GATT encryption key
ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key...
CVE-2024-20280
A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method that is used fo...
Google Nest 授权问题漏洞
Google Nest is a smart home product by Google, an American company. Google Nest has a security vulnerability. The vulnerability allows unauthenticated nodes to forge radio frames using "Key ID Mode 2", a special mode that uses a static encryption key to bypass security checks, allowing arbitrary ...
User Registration < 3.0.2.1 - Subscriber+ Arbitrary File Upload
The plugin uses a static encryption key and does not validate the file path when renaming profile pictures, which could allow any authenticated users, such as subscriber, to upload arbitrary files such as PHP on the server...
CVE-2023-33283
Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. An attacker that gains access to encrypted secrets can decrypt them by using this key...
CVE-2023-33283
Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. An attacker that gains access to encrypted secrets can decrypt them by using this key...
Code injection
Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. An attacker that gains access to encrypted secrets can decrypt them by using this key...
CVE-2023-33283
Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. An attacker that gains access to encrypted secrets can decrypt them by using this key...
CVE-2023-33283
CVE-2023-33283 affects Marval MSM up to version 14.19.0.12476, where a static encryption key is used to protect secrets. The underlying issue is the use of a hard-coded/static key for encryption-at-rest, enabling an attacker who gains access to encrypted secrets to decrypt them. The available sou...
CVE-2023-20016
A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup...
CVE-2022-2641
Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow an attacker to perform unauthorized changes to the device, remotely execute arbitrary code, or cause a denial-of-service condition...
CVE-2022-2641
Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow an attacker to perform unauthorized changes to the device, remotely execute arbitrary code, or cause a denial-of-service condition...
CVE-2022-2641
Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow an attacker to perform unauthorized changes to the device, remotely execute arbitrary code, or cause a denial-of-service condition...
CVE-2022-2641
Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow an attacker to perform unauthorized changes to the device, remotely execute arbitrary code, or cause a denial-of-service condition...
Race condition
Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow an attacker to perform unauthorized changes to the device, remotely execute arbitrary code, or cause a denial-of-service condition...
Horner Automation Remote Compact Controller 安全漏洞
The Horner Automation Remote Compact Controller Horner Automation RCC is a compact controller from Horner Automation, USA. A security vulnerability exists in Horner Automation Remote Compact Controller 972 firmware version 15.40, which originates from the presence of a static encryption key on th...