Monthly
Eaton EasySoft project files use weak encryption vulnerable to brute force attacks, allowing local attackers with file access to extract sensitive information and modify project configurations. An authenticated user on the affected system can exploit this weakness to compromise confidentiality and integrity of stored data. No patch is currently available for this vulnerability.
RustDesk Client through version 1.4.5 on Windows, macOS, and Linux uses weak password hashing and improper object prototype handling in its password security and configuration encryption modules, allowing local authenticated attackers to extract embedded sensitive data including passwords and machine identifiers. The vulnerability affects critical cryptographic functions including symmetric_crypt() and decrypt_str_or_original(), enabling attackers with local access and valid credentials to compromise encrypted credentials and system identifiers. No patch is currently available.
Catalyst Sd-Wan Manager contains a vulnerability that allows attackers to access another affected system and gain DCA user privileges (CVSS 7.5).
Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained. [CVSS 6.8 MEDIUM]
from 6.0 versions up to 9.0 contains a vulnerability that allows attackers to access stored passwords in a recoverable format which makes them subject to pass.
Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. Passwords of all users are stored in a database in an encoded format.
A security vulnerability in HCL Compass can allow attacker to gain unauthorized database access. Rated high severity (CVSS 7.5). No vendor patch available.
During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable. No vendor patch available.
RUCKUS Network Director (RND) before 4.5 stores passwords in a recoverable format. Rated medium severity (CVSS 5.3). No vendor patch available.
Eaton EasySoft project files use weak encryption vulnerable to brute force attacks, allowing local attackers with file access to extract sensitive information and modify project configurations. An authenticated user on the affected system can exploit this weakness to compromise confidentiality and integrity of stored data. No patch is currently available for this vulnerability.
RustDesk Client through version 1.4.5 on Windows, macOS, and Linux uses weak password hashing and improper object prototype handling in its password security and configuration encryption modules, allowing local authenticated attackers to extract embedded sensitive data including passwords and machine identifiers. The vulnerability affects critical cryptographic functions including symmetric_crypt() and decrypt_str_or_original(), enabling attackers with local access and valid credentials to compromise encrypted credentials and system identifiers. No patch is currently available.
Catalyst Sd-Wan Manager contains a vulnerability that allows attackers to access another affected system and gain DCA user privileges (CVSS 7.5).
Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained. [CVSS 6.8 MEDIUM]
from 6.0 versions up to 9.0 contains a vulnerability that allows attackers to access stored passwords in a recoverable format which makes them subject to pass.
Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. Passwords of all users are stored in a database in an encoded format.
A security vulnerability in HCL Compass can allow attacker to gain unauthorized database access. Rated high severity (CVSS 7.5). No vendor patch available.
During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable. No vendor patch available.
RUCKUS Network Director (RND) before 4.5 stores passwords in a recoverable format. Rated medium severity (CVSS 5.3). No vendor patch available.