CVE-2023-4129
published 2023-09-27CVE-2023-4129: Dell Data Protection Central, version 19.9, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially…
PriorityP343high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.17%
6.8th percentile
Dell Data Protection Central, version 19.9, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | data_protection_central | — | — |
| dell | data_protection_central | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
osv5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x6h3-hhv5-vwvj: Dell Data Protection Central, version 19
ghsa_unreviewed·2023-09-27
CVE-2023-4129 [HIGH] CWE-326 GHSA-x6h3-hhv5-vwvj: Dell Data Protection Central, version 19
Dell Data Protection Central, version 19.9, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext.
OSV
linux-intel-iotg vulnerabilities
osv·2023-05-05·CVSS 5.5
CVE-2023-1281 linux-intel-iotg vulnerabilities
linux-intel-iotg vulnerabilities
It was discovered that the Traffic-Control Index (TCINDEX) implementation
in the Linux kernel contained a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-1281)
It was discovered that the OverlayFS implementation in the Linux kernel did
not properly handle copy up operation in some conditions. A local attacker
could possibly use this to gain elevated privileges. (CVE-2023-0386)
Haowei Yan discovered that a race condition existed in the Layer 2
Tunneling Protocol (L2TP) implementation in the Linux kernel. A local
attacker could possibly use this to cause a denial of service (system
crash). (CVE-2022-4129)
It was discovered that the network queuing disci
OSV
linux-hwe-5.15 vulnerabilities
osv·2023-04-25·CVSS 5.5
CVE-2023-1281 linux-hwe-5.15 vulnerabilities
linux-hwe-5.15 vulnerabilities
It was discovered that the Traffic-Control Index (TCINDEX) implementation
in the Linux kernel contained a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-1281)
It was discovered that the OverlayFS implementation in the Linux kernel did
not properly handle copy up operation in some conditions. A local attacker
could possibly use this to gain elevated privileges. (CVE-2023-0386)
Haowei Yan discovered that a race condition existed in the Layer 2
Tunneling Protocol (L2TP) implementation in the Linux kernel. A local
attacker could possibly use this to cause a denial of service (system
crash). (CVE-2022-4129)
It was discovered that the network queuing discipl
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-09-27
Published