Dell Data Protection Central Encryption Issue Vulnerability

Dell Data Protection Central is a suite of data protection solutions from Dell USA. The product provides single sign-on, dashboards, and system monitoring. A vulnerability exists in Dell Data Protection Central version 19.9 due to an encryption issue that stems from insufficient encryption...

CVE-2023-4497

Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting XSS vulnerability stored via /registresult.htm POST method, in the Icon parameter. The XSS is loaded from /users.ghp...

Qualcomm Chip Licensing Issues Vulnerabilities

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way of miniaturizing circuits mainly semiconductor devices, but also passive components, etc. and is often manufactured on the surface of semiconductor wafers. The Qualcomm chip has an authorization issue vulnerability that stems from an...

CVE-2023-39843

Missing encryption in the RFID tag of Suleve 5-in-1 Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device...

PT-2023-10181

Name of the Vulnerable Software and Affected Versions git-annex versions affected versions not specified Description The issue concerns the storage of embedded credentials on encrypted remotes in git-annex. When embedcreds=yes is set and the remote uses encryption=pubkey or encryption=hybrid, the...

IBM Planning Analytics 日志信息泄露漏洞

IBM Planning Analytics is a suite of business planning analytics solutions from International Business Machines IBM. The solution supports automated execution of processes such as business planning, budgeting and analysis. Planning Analytics Cartridge for Cloud Pak for Data version v4.0 suffers...

Siemens RUGGEDCOM ROX Encryption Issue Vulnerability

RUGGEDCOM products offer a degree of robustness and reliability that sets the standard for communication networks deployed in harsh environments. A security vulnerability exists in the Siemens RUGGEDCOM ROX that stems from the affected device's web server supporting the insecure TLS 1.0 protocol...

Zoom Client 加密问题漏洞

Zoom Client is a video conferencing client application from Zoom USA that supports multiple platforms. A security vulnerability exists in Zoom Client that stems from the exposure of information that is encrypted in the presence of encryption, which could lead to the disclosure of sensitive...

Code injection

An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text due to no encryption of form data...

CVE-2020-18406

CVE-2020-18406 affects cmseasy v7.0.0 (CMS). The root cause is that form data is not encrypted, allowing user credentials to be sent in clear text. Several sources corroborate the issue and describe the impact as credential exposure over potentially plaintext channels. Documented risk factors inc...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from an information disclosure due to an encryption issue in the Core during an RPMB read request...

CVE-2023-0547

OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug. This vulnerability affects Thunderbird 102.10...

Briar 加密问题漏洞

Briar is an open source software communication technology from Briar Open Source. It is designed to provide secure and resilient peer-to-peer communications that operate without a central server and minimize external dependencies. A security vulnerability exists in Briar versions prior to 1.5.3,...

Rockwell Automation ThinManager 加密问题漏洞

Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, Inc. It allows thin clients to be assigned to multiple remote desktop servers simultaneously. Rockwell Automation ThinManager has an encryption issue vulnerability that stems from allowing the use of...

IBM QRadar Data Synchronization App Encryption Issue Vulnerability

IBM QRadar Data Synchronization App is a data resiliency solution from IBM USA. An encryption issue vulnerability exists in IBM QRadar Data Synchronization App versions 1.0 through 3.0.1, which stems from the use of a weaker-than-expected encryption algorithm. An attacker could exploit the...

Electra Central AC unit 加密问题漏洞

The Electra Central AC unit is an Electra Central AC unit from Electra. A security vulnerability exists in the Electra Central AC unit that stems from the use of easily computable passwords...

PT-2023-16196 · Akuvox · Akuvox E11

Name of the Vulnerable Software and Affected Versions: Akuvox E11 affected versions not specified Description: The issue concerns a function in Akuvox E11 that encrypts messages before forwarding them. This function uses a static IV vector and key, which could potentially allow an attacker to...

Medium: openssl

Issue Overview: AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in...

Adobe Experience Manager Encryption Issue Vulnerability

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. Adobe...

CVE-2023-25957

A vulnerability has been identified in Mendix SAML Mendix 7 compatible All versions = V1.16.4 = V2.2.0 = V3.1.9 = V3.1.8 = V3.1.9 = V3.1.8 V3.2.6. The affected versions of the module insufficiently verify the SAML assertions. This could allow unauthenticated remote attackers to bypass...