1071 matches found
CVE-2024-49784 IBM OpenPages with Watson information disclosure
IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data with AES encryption and CBC mode. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data values...
PT-2025-28532 · Microsoft · Windows Bitlocker +1
Name of the Vulnerable Software and Affected Versions: Windows BitLocker affected versions not specified Description: A protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. This issue enables attackers to access...
Endress+Hauser MEAC300-FNADE4 安全漏洞
The Endress+Hauser MEAC300-FNADE4 is a cost-effective emissions data management computer from Endress+Hauser Vietnam. A security vulnerability exists in the Endress+Hauser MEAC300-FNADE4 that stems from the use of DES encryption to store passwords, which can be exploited by an attacker to cause...
ROS-20250630-11
The vulnerability of a data encryption package using Crypt::CBC encryption block chain mode is due to the fact, that the rand function is not cryptographically secure. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
Advisory ROSA-SA-2025-2898
Software: openssl 1.1.1k OS: ROSA Virtualization 3.0 packageevrstring: openssl-1.1.1k-12.0.1.rv30 CVE-ID: CVE-2019-1547 BDU-ID: 2019-04084 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the ecerr.c and eclib.c functions of the OpenSSL library is related to the lack of data encryption measures...
Fair Data Exchange with Constant-Time Proofs
The Fair Data Exchange FDE protocol introduced at CCS 2024 offers atomic pay-per-file transfers with constant-size proofs, but its prover and verifier runtimes still scale linearly with the file length n. We collapse these costs to essentially constant by viewing the file as a rate-1 Reed-Solomon...
CVE-2025-29756
SunGrow's back end users system iSolarCloud https://isolarcloud.com uses an MQTT service to transport data from the user's connected devices to the user's web browser. The MQTT server however did not have sufficient restrictions in place to limit the topics that a user could subscribe to. While t...
CVE-2025-29756
SunGrow's back end users system iSolarCloud https://isolarcloud.com uses an MQTT service to transport data from the user's connected devices to the user's web browser. The MQTT server however did not have sufficient restrictions in place to limit the topics that a user could subscribe to. While...
Dell Encryption Admin Utilities Incorrect Link Resolution Vulnerability
Dell Encryption Admin Utilities is a software for data encryption management and troubleshooting from Dell, USA. An incorrect link resolution vulnerability exists in Dell Encryption Admin Utilities versions prior to 11.10.2, which can be exploited by an attacker to elevate privileges...
PT-2025-25185 · Sungrow · Isolarcloud
Name of the Vulnerable Software and Affected Versions: SunGrow's back end users system iSolarCloud affected versions not specified Description: The issue concerns the MQTT service used by iSolarCloud to transport data from connected devices to the user's web browser. The MQTT server lacks...
Securing Generative AI Agentic Workflows: Risks, Mitigation, and a Proposed Firewall Architecture
Generative Artificial Intelligence GenAI presents significant advancements but also introduces novel security challenges, particularly within agentic workflows where AI agents operate autonomously. These risks escalate in multi-agent systems due to increased interaction complexity. This paper...
Dell Encryption Admin Utilities 安全漏洞
Dell Encryption Admin Utilities is a software for data encryption management and troubleshooting from Dell, USA. An incorrect link resolution vulnerability exists in Dell Encryption Admin Utilities versions prior to 11.10.2, which can be exploited by an attacker to elevate privileges...
Decentralized COVID-19 Health System Leveraging Blockchain
With the development of the Internet, the amount of data generated by the medical industry each year has grown exponentially. The Electronic Health Record EHR manages the electronic data generated during the user's treatment process. Typically, an EHR data manager belongs to a medical institution...
Preinstalled Apps on Ulefone, Krüger&Matz Phones Let Any App Reset Device, Steal PIN
Three security vulnerabilities have been disclosed in preloaded Android applications on smartphones from Ulefone and Krüger&Matz that could enable any app installed on the device to perform a factory reset and encrypt an application. A brief description of the three flaws is as follows -...
CVE-2024-7396
Missing encryption of sensitive data in Korenix JetPort 5601v3 allows Eavesdropping.This issue affects JetPort 5601v3: through 1.2...
CVE-2024-27256
IBM MQ Container 3.0.0, 3.0.1, 3.1.0 through 3.1.3 CD, 2.0.0 LTS through 2.0.22 LTS and 2.4.0 through 2.4.8, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...
CVE-2023-27291
IBM Watson CP4D Data Stores 4.6.0, 4.6.1, 4.6.2, and 4.6.3 does not encrypt sensitive or critical information before storage or transmission which could allow an attacker to obtain sensitive information. IBM X-Force ID: 248740...
CVE-2023-26271
IBM Security Guardium Data Encryption IBM Guardium Cloud Key Manager GCKM 1.10.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 248126...
CVE-2023-33836
IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 256016...
CVE-2023-2747
The initialization vector IV used by the secure engine SE for encrypting data stored in the SE flash memory is uninitialized...