46 matches found
EUVD-2019-15297
Malware in sbrugna...
EUVD-2022-34888
Malicious code in bioql PyPI...
CVE-2023-33283
Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. An attacker that gains access to encrypted secrets can decrypt them by using this key...
CVE-2022-23724
Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To exploit the vulnerability, must have compromised user credentials...
CVE-2024-12078 ECOVACS lawnmowers and vacuums static BLE GATT encryption key
ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the same key...
CVE-2024-20280
A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method that is used fo...
Google Nest 授权问题漏洞
Google Nest is a smart home product by Google, an American company. Google Nest has a security vulnerability. The vulnerability allows unauthenticated nodes to forge radio frames using "Key ID Mode 2", a special mode that uses a static encryption key to bypass security checks, allowing arbitrary ...
User Registration < 3.0.2.1 - Subscriber+ Arbitrary File Upload
The plugin uses a static encryption key and does not validate the file path when renaming profile pictures, which could allow any authenticated users, such as subscriber, to upload arbitrary files such as PHP on the server...
CVE-2023-33283
Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. An attacker that gains access to encrypted secrets can decrypt them by using this key...
CVE-2023-33283
Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. An attacker that gains access to encrypted secrets can decrypt them by using this key...
Code injection
Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. An attacker that gains access to encrypted secrets can decrypt them by using this key...
CVE-2023-33283
Marval MSM through 14.19.0.12476 uses a static encryption key for secrets. An attacker that gains access to encrypted secrets can decrypt them by using this key...
CVE-2023-33283
CVE-2023-33283 affects Marval MSM up to version 14.19.0.12476, where a static encryption key is used to protect secrets. The underlying issue is the use of a hard-coded/static key for encryption-at-rest, enabling an attacker who gains access to encrypted secrets to decrypt them. The available sou...
CVE-2023-20016
A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup...
CVE-2022-2641
Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow an attacker to perform unauthorized changes to the device, remotely execute arbitrary code, or cause a denial-of-service condition...
CVE-2022-2641
Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow an attacker to perform unauthorized changes to the device, remotely execute arbitrary code, or cause a denial-of-service condition...
CVE-2022-2641
Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow an attacker to perform unauthorized changes to the device, remotely execute arbitrary code, or cause a denial-of-service condition...
CVE-2022-2641
Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow an attacker to perform unauthorized changes to the device, remotely execute arbitrary code, or cause a denial-of-service condition...
Race condition
Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow an attacker to perform unauthorized changes to the device, remotely execute arbitrary code, or cause a denial-of-service condition...
PT-2022-17828 · Horner Automation · Rcc 972
Name of the Vulnerable Software and Affected Versions: Horner Automation’s RCC 972 version 15.40 Description: The issue is related to a static encryption key on the device, which could allow an attacker to perform unauthorized changes, remotely execute arbitrary code, or cause a denial-of-service...