CVE-2024-3543
published 2024-05-02CVE-2024-3543: Use of reversible password encryption algorithm allows attackers to decrypt passwords. Sensitive information can be easily unencrypted by the attacker, stolen…
PriorityP343high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.28%
19.4th percentile
Use of reversible password encryption algorithm allows attackers to decrypt passwords. Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| progress | loadmaster | — | — |
| progress | loadmaster | >= 7.2.49.0 < 7.2.54.10 | 7.2.54.10 |
| progress | loadmaster | >= 7.2.55.0 < 7.2.59.4 | 7.2.59.4 |
| progress_software_corporation | loadmaster | >= LoadMaster 7.2.48.11 (LTS) < 7.2.48.12 | 7.2.48.12 |
| progress_software_corporation | loadmaster | >= LoadMaster 7.2.49.0 (LTSF) < 7.2.54.10 | 7.2.54.10 |
| progress_software_corporation | loadmaster | >= LoadMaster 7.2.55.0 (GA) < 7.2.59.4 | 7.2.59.4 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2024-57699 json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)
bugzilla·2025-02-05·CVSS 7.5
CVE-2024-57699 [HIGH] CVE-2024-57699 json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)
CVE-2024-57699 json-smart: Potential DoS via stack exhaustion (incomplete fix for CVE-2023-1370)
A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’{’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of an incomplete fix for CVE-2023-1370.
Discussion:
This issue has been addressed in the following products:
Red Hat Build of Apache Camel 4.8 for Quarkus 3.15
Via RHSA-2025:3541 https://access.redhat.com/errata/RHSA-2025:3541
---
This issue has been addressed in the following products:
Red Hat build of Apache Camel 4.8.5 for Spring Boot
Via RHSA-2025:3543 https://access.redhat.com/errata/RHSA-2025:3543
---
This
Bugzilla
CVE-2024-36888 kernel: workqueue: Fix selection of wake_cpu in kick_pool()
bugzilla·2024-06-03·CVSS 6.2
CVE-2024-36888 [MEDIUM] CVE-2024-36888 kernel: workqueue: Fix selection of wake_cpu in kick_pool()
CVE-2024-36888 kernel: workqueue: Fix selection of wake_cpu in kick_pool()
In the Linux kernel, the following vulnerability has been resolved:
workqueue: Fix selection of wake_cpu in kick_pool()
The Linux kernel CVE team has assigned CVE-2024-36888 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024053033-CVE-2024-36888-3543@gregkh/T
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2284574]
---
The result of automatic check (that is developed by Alexander Larkin) for this CVE-2024-36888 is: CHECK Maybe valid. Check manually. with impact LOW (that is an approximation based on flags DANGER ; these flags parsed automatically based on patch data). Such automatic check happens only for Low/Moderates (and only when not from
https://kemptechnologies.com/https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543https://kemptechnologies.com/https://support.kemptechnologies.com/hc/en-us/articles/25724813518605-ECS-Connection-Manager-Security-Vulnerabilities-CVE-2024-3544-and-CVE-2024-3543
2024-05-02
Published