CVE-2021-40148

In Modem EMM, there is a possible information disclosure due to a missing data encryption. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00716585; Issue ID: ALPS05886933...

CVE-2021-40148

CVE-2021-40148 affects Modem EMM in Google Android devices. Root cause: missing data encryption in the modem EMM leads to information disclosure without privileges or user interaction. Impact: remote information disclosure. Remediation: patch MOLY00716585 (Issue ALPS05886933) has been released. E...

ASB-A-204728248

In Modem EMM, there is a possible information disclosure due to a missing data encryption. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

Security Bulletin: Vulnerability in Apache Log4j affects IBM Guardium Data Encryption (GDE) (CVE-2021-45105 and CVE-2021-45046)

Summary Vulnerability in Apache Log4j affects IBM Guardium Data Encryption GDE CVE-2021-45105 and CVE-2021-45046. The patch includes Apache Log4j 2.17. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from...

CVE-2021-32993

IntelliBridge EC 40 and 60 Hub C.00.04 and prior contains hard-coded credentials, such as a password or a cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data...

Security Bulletin: There are multiple vulnerabilities identified in IBM Guardium Data Encryption (GDE) (CVE-2021-20378, CVE-2021-20416, CVE-2021-20474, CVE-2021-20379)

Summary There are multiple vulnerabilities identified in IBM Guardium Data Encryption GDE. These vulnerabilities have been fixed in GDE 4.0.0.5. Please apply the latest version to obtain the fixes. Vulnerability Details CVEID: CVE-2021-20474 DESCRIPTION: IBM Security Guardium does not perform any...

Security Bulletin: A security vulnerability has been identified in Log4j 2 used in IBM Guardium Data Encryption (GDE) (CVE-2021-44228)

Summary Log4j 2 is a logging package used by IBM Security Guardium Data Encryption GDE. That package has a security vulnerability. Consult the bulletin listed below for details. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrar...

CVE-2021-37050

There is a Missing sensitive data encryption vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2021-37050

CVE-2021-37050 corresponds to a Huawei HarmonyOS encryption issue where a component fails to properly encrypt data, potentially affecting service confidentiality. The connected sources (CNVD/CNNVD/CVELIST/NVD entries) describe a memory of an encryption vulnerability in Huawei HarmonyOS affecting ...

Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE) ( CVE-2021-20417, CVE-2021-20415)

Summary There are multiple vulnerabilities identified in IBM Guardium Data Encryption GDE. These vulnerabilities have been fixed in GDE 4.0.0.5. Please apply the latest version to obtain the fixes. Vulnerability Details CVEID: CVE-2021-20417 DESCRIPTION: IBM Guardium Data Encryption GDE could all...

Server side request forgery (ssrf)

Redash is a package for data visualization and sharing. In versions 10.0 and priorm the implementation of URL-loading data sources like JSON, CSV, or Excel is vulnerable to advanced methods of Server Side Request Forgery SSRF. These vulnerabilities are only exploitable on installations where a...

Dell EMC CloudLink Input Validation Error Vulnerability

Dell EMC CloudLink is a flexible data encryption and key management solution for data encryption in public, private, and hybrid cloud environments.Dell EMC CloudLink 7.1 and earlier versions are vulnerable to an input validation error that could be exploited by a remote, low privilege attacker to...

Dell EMC CloudLink CSV Formula Injection Vulnerability

Dell EMC CloudLink is a flexible data encryption and key management solution for data encryption in public, private, and hybrid cloud environments.A CSV formula injection vulnerability exists in Dell EMC CloudLink 7.1 and earlier versions, which can be exploited by remote, high-privilege attacker...

Dell EMC CloudLink Buffer Overflow Vulnerability

Dell EMC CloudLink is a flexible data encryption and key management solution for data encryption in public, private, and hybrid cloud environments.Dell EMC CloudLink 7.1 and earlier versions are vulnerable to a buffer overflow vulnerability that could be exploited by a local, low-privilege attack...

Dell EMC CloudLink OS Command Injection Vulnerability

Dell EMC CloudLink is a flexible data encryption and key management solution for data encryption in public, private and hybrid cloud environments. An OS command injection vulnerability exists in Dell EMC CloudLink 7.1 and earlier versions. A remote, highly-privileged attacker could exploit this...

Dell EMC CloudLink Arbitrary File Creation Vulnerability

Dell EMC CloudLink is a flexible data encryption and key management solution for data encryption in public, private, and hybrid cloud environments.Dell EMC CloudLink 7.1 and earlier versions contain an arbitrary file creation vulnerability that can be exploited by remote unauthenticated attackers...

Dell EMC CloudLink Hardcoded Password Vulnerability

Dell EMC CloudLink is a flexible data encryption and key management solution for data encryption in public, private, and hybrid cloud environments.A hard-coded password vulnerability exists in Dell EMC CloudLink 7.1 and earlier versions. An attacker could exploit this vulnerability to gain...

Dell EMC CloudLink 安全漏洞

Dell EMC CloudLink is a flexible data encryption and key management solution for data encryption in public, private, and hybrid cloud environments.Dell EMC CloudLink 7.1 and earlier versions contain an arbitrary file creation vulnerability that can be exploited by remote unauthenticated attackers...

Adopting a Zero Trust approach throughout the lifecycle of data

Instead of believing everything behind the corporate firewall is safe, the Zero Trust model assumes breach and verifies each request as though it originates from an uncontrolled network. Regardless of where the request originates or what resource it accesses, Zero Trust teaches us to “never trust...

Ransomware Attacks Are Evolving. Your Security Strategy Should, Too

Ransomware is an intensifying problem for all organizations, and it’s only going to get worse. What started as a floppy disk-based attack with a $189 ransom demands has grown from a minor inconvenience for organizations into a multi-billion dollar cybercrime industry. The organizational threat of...