1071 matches found
A3: Sensitive Data Exposure ❗️ — Top 10 OWASP 2017
A3: Sensitive Data Exposure ❗️ — Top 10 OWASP 2017 Introduction I feel like a lot of mystery surrounds this issue from the top 10 OWASP vulnerabilities. A lot of people seem to wonder which data is sensitive when exposed. Some people seem to think every single API key disclosed in a JS file is a...
5 Steps For Securing Your Remote Work Space
Use a VPN ------------ Whether you’re connecting to company resources or a Zoom call, use a virtual private network VPN. VPNs encrypt all of your online traffic to prevent hackers from capturing data in transit. Be sure to use a well-known VPN – they are widely available in software marketplaces...
PT-2021-18435 · Ibm · Ibm Sterling Secure Proxy
Name of the Vulnerable Software and Affected Versions: IBM Sterling Secure Proxy versions 2.4.3.2, 3.4.3.2, 6.0.1, 6.0.2 Description: The issue concerns hard-coded credentials, such as a password or cryptographic key, used for inbound authentication, outbound communication to external components,...
FBI Releases Indicators of Compromise Associated with Hive Ransomware
The Federal Bureau of Investigation FBI has released a Flash report detailing indicators of compromise IOCs and tactics, techniques, and procedures TTPs associated with ransomware attacks by Hive, a likely Ransomware-as-a-Service organization consisting of a number of actors using multiple...
CVE-2021-3711
In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...
Attackers Actively Exploiting Realtek SDK Flaws
Threat actors zeroing in on command injection vulnerabilities reported in Realtek chipsets just days after multiple flaws were discovered in the software developers kits SDK deployed across at least 65 separate vendors. On Aug. 16 multiple Realtek vulnerabilities were disclosed by IoT Inspector...
CVE-2021-32728
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.3.0, the Nextcloud Desktop client fails to check if a privat...
CVE-2021-32728
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.3.0, the Nextcloud Desktop client fails to check if a privat...
CVE-2021-32728
The CVE describes a vulnerability in Nextcloud Desktop Client prior to 3.3.0 where the client does not verify that a private key matches the previously downloaded public certificate when obtaining keys via the API. If a server serves a malicious public key, user data could be encrypted for that k...
Security Bulletin: Vulnerabilities in IBM Guardium Data Encryption (GDE) (CVE-2020-7676)
Summary Vulnerabilities identified in IBM Guardium Data Encryption GDE. These vulnerabilities have been fixed, please apply the latest version to obtain the fix. Vulnerability Details CVEID: CVE-2020-7676 DESCRIPTION: angular.js is vulnerable to cross-site scripting, caused by improper validation...
IBM Guardium Data Encryption Information Disclosure Vulnerability
IBM Guardium Data Encryption GDE is a software application from IBM, USA. Provides a data security and compliance solution. A security vulnerability exists in IBM Guardium Data Encryption that stems from the application's failure to properly limit the number of interactions, which could be...
Code injection
Nextcloud Android Client is the Android client for Nextcloud. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.16.1, the Nextcloud Android client skipped a step that involved the client checking if a private...
CVE-2021-20414
IBM Guardium Data Encryption GDE 3.0.0.2 could allow a user to bruce force sensitive information due to not properly limiting the number of interactions. IBM X-Force ID: 196216...
CVE-2021-20414
IBM Guardium Data Encryption GDE 3.0.0.2 could allow a user to bruce force sensitive information due to not properly limiting the number of interactions. IBM X-Force ID: 196216...
Design/Logic Flaw
IBM Guardium Data Encryption GDE 3.0.0.2 could allow a user to bruce force sensitive information due to not properly limiting the number of interactions. IBM X-Force ID: 196216...
CVE-2021-20414
CVE-2021-20414 affects IBM Guardium Data Encryption (GDE) 3.0.0.2. The vulnerability allows a user to brute-force sensitive information due to not properly limiting the number of interactions. IBM’s security bulletin fixes this by upgrading to GDE 5.0.0.x (fixes are listed in the bulletin). No ex...
CVE-2021-20414
IBM Guardium Data Encryption GDE 3.0.0.2 could allow a user to bruce force sensitive information due to not properly limiting the number of interactions. IBM X-Force ID: 196216...
Nextcloud 信任管理问题漏洞
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. The Nextcloud Android Client prior to version 3.16.1 is vulnerable to a trust management issue that stems from the Nextcloud Android Client skipping a step th...
IBM Guardium Data Encryption 安全漏洞
IBM Guardium Data Encryption GDE is a software application from IBM, USA. Provides a data security and compliance solution. A security vulnerability exists in IBM Guardium Data Encryption that stems from the application's failure to properly limit the number of interactions, which could be...
IBM Guardium Data Encryption Information Leakage Vulnerability
IBM Security Guardium Data Encryption is an American IBM software for securing sensitive data within an organization. The software protects assets located in cloud, virtual, big data and physical environments by controlling access to databases, files, applications and containers. An information...