EUVD-2024-2156

Malicious code in bioql PyPI...

CVE-2024-33895

Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 use a unique key to encrypt the configuration parameters. This is fixed in version 21.2s10 and 22.1s3, the key is now unique per device...

PT-2024-25532 · Cosy+ · Cosy+

Name of the Vulnerable Software and Affected Versions: Cosy+ devices versions 21.x below 21.2s10 Cosy+ devices versions 22.x below 22.1s3 Description: The issue concerns the use of a unique key for encrypting configuration parameters in Cosy+ devices. This key is not unique per device in affected...

BIT-HUBBLE-UI-BACKEND-2024-28860

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to chosen plaintext, key...

BIT-CILIUM-PROXY-2024-28860

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to chosen plaintext, key...

BIT-CILIUM-OPERATOR-2024-28860

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to chosen plaintext, key...

CVE-2024-22064

ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, under by default configuration, uses a set of non-unique cryptographic keys during establishing a secure connectionIKE with the mobile devices connecting over the internet . If the set of keys are leaked or cracked, the...

PT-2024-19178 · Zte · Zxun-Epdg

Name of the Vulnerable Software and Affected Versions: ZTE ZXUN-ePDG product versions up to 5.20.19 Description: The ZTE ZXUN-ePDG product, which serves as the network node of the VoWifi system, uses a set of non-unique cryptographic keys by default configuration when establishing a secure...

CVE-2024-28860

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to chosen plaintext, key...

CVE-2024-28860

CVE-2024-28860 affects Cilium’s IPsec transparent encryption. The issue arises from an ESP sequence number collision when multiple nodes share a key, enabling a MITM attacker to perform chosen-plaintext, key-recovery, and replay attacks that can undermine confidentiality and integrity. Fixed in C...

CVE-2023-34039

Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI...

VMware Aria Operations 加密问题漏洞

VMware Aria Operations is a unified, AI-powered, self-driving IT operations management platform for private, hybrid and multi-cloud environments from VMware. Aria Operations for Networks has a security vulnerability that stems from a lack of unique cryptographic key generation, resulting in an...

CVE-2021-27784

The provided HCL Launch Container images contain non-unique HTTPS certificates and a database encryption key. The fix provides directions and tools to replace the non-unique keys and certificates. This does not affect the standard installer packages...

Design/Logic Flaw

The provided HCL Launch Container images contain non-unique HTTPS certificates and a database encryption key. The fix provides directions and tools to replace the non-unique keys and certificates. This does not affect the standard installer packages...

CVE-2021-27784 HCL Launch container images may contain non-unique https certificates and database encryption key

The provided HCL Launch Container images contain non-unique HTTPS certificates and a database encryption key. The fix provides directions and tools to replace the non-unique keys and certificates. This does not affect the standard installer packages...

GHSA-5Q2R-92F9-4M49 Improper verification of signature threshold in tough

Impact The tough library, prior to 0.7.1, does not properly verify the uniqueness of keys in the signatures provided to meet the threshold of cryptographic signatures. It allows someone with access to a valid signing key to create multiple valid signatures in order to circumvent TUF requiring a...

PT-2019-15947 · Minerstat · Msos

Name of the Vulnerable Software and Affected Versions: minerstat msOS versions prior to 2019-10-23 Description: The issue is related to the lack of unique SSH keys for each instance of the product. This could potentially lead to security risks. Recommendations: For versions prior to 2019-10-23,...

UBUNTU-CVE-2015-5143

The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service session store consumption via multiple requests with unique session keys...

WebEOC uses a global shared key

Overview WebEOC installations may use the a common secret key to encrypt data. If an attacker can retrieve this key from one site, they will be able to decipher all data encoded with the key across all WebEOC installations. Description WebEOC is a web-based crisis information management applicati...