IBM Security Verify Access 安全漏洞

IBM Security Verify Access ISAM is a service from International Business Machines IBM that improves user access security. The service enables secure and simple access to platforms such as the Web, mobile, IoT and cloud using risk-based access, single sign-on, integrated access management controls...

CVE-2024-26288

An unauthenticated remote attacker can influence the communication due to the lack of encryption of sensitive data via a MITM. Charging is not affected...

Cilium Security Vulnerabilities

Cilium is an open source software. It is used to provide and transparently protect network connectivity and load balancing between application workloads such as application containers or processes. A security vulnerability exists in versions of Cilium prior to v1.14.7 that stems from traffic...

The vulnerability of the software for automated, cloud-based, and on-premise administration of IBM Security Verify Privilege accounts lies in the lack of data encryption measures. This allows attackers to carry out “man-in-the-middle” attacks.

The vulnerability of the software for automated, cloud-based, and on-premise administration of IBM Security Verify Privilege accounts is related to the lack of data encryption measures. Exploiting this vulnerability could allow a malicious actor to carry out “man-in-the-middle” attacks...

The vulnerability of the quality management software for automobile manufacturers, QMS Automotive, arises from the fact that confidential information is stored in unencrypted form in memory, allowing a hacker to obtain user account details.

The vulnerability of the quality management software for automobile manufacturers, QMS Automotive, relates to the storage of confidential information in unencrypted form in memory. Exploiting this vulnerability could allow a malicious actor to access user credentials remotely...

Mozilla: Push notifications saved to disk unencrypted

The Mozilla Foundation Security Advisory describes this flaw as: Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information...

Mozilla: Push notifications saved to disk unencrypted

The Mozilla Foundation Security Advisory describes this flaw as: Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information...

PT-2023-29010 · Maximatech · Maximatech Portal Executivo

Name of the Vulnerable Software and Affected Versions: MaximaTech Portal Executivo version 21.9.1.140 Description: A vulnerability has been found in the Cookie Handler component, leading to missing encryption of sensitive data. The attack can be initiated remotely, with a rather high complexity a...

CVE-2023-39842

Missing encryption in the RFID tag of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device...

CVE-2023-39841

Missing encryption in the RFID tag of Etekcity 3-in-1 Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device...

CVE-2023-39841

Missing encryption in the RFID tag of Etekcity 3-in-1 Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device...

CVE-2023-39842

Missing encryption in the RFID tag of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device...

CVE-2023-36136

PHPJabbers Class Scheduling System 1.0 lacks encryption on the password when editing a user account update user page allowing an attacker to capture all user names and passwords in clear text...

CVE-2023-36136

PHPJabbers Class Scheduling System 1.0 lacks encryption on the password when editing a user account update user page allowing an attacker to capture all user names and passwords in clear text...

Class Scheduling System Security Vulnerability

Class Scheduling System is a class scheduling system by jkev individual developers. A security vulnerability exists in PHPJabbers Class Scheduling System version 1.0, which stems from a lack of password encryption when editing a user account updating a user's page, which allows an attacker to...

PT-2023-8821 · Ibm · Ibm Watson Cp4D Data Stores

Name of the Vulnerable Software and Affected Versions: IBM Watson CP4D Data Stores versions 4.6.0 through 4.6.3 Description: The issue is related to the lack of encryption for sensitive or critical information before storage or transmission, which could allow an attacker to obtain sensitive...

Macaron csrf missing encryption and has sensitive cookies in HTTP session without secure attribute

A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely. The name of the pat...

CVE-2022-35860

Missing AES encryption in Corsair K63 Wireless 3.1.3 allows physically proximate attackers to inject and sniff keystrokes via 2.4 GHz radio transmissions...

Corsair K63 Mechanical Gaming Keyboard 安全漏洞

Corsair K63 Mechanical Gaming Keyboard is a wireless gaming keyboard from Corsair. A security vulnerability exists in the Corsair K63 Mechanical Gaming Keyboard version 3.1.3, which stems from a lack of AES encryption...

The vulnerability of the Wiser Smart programmable logic controllers from Schneider Electric, Wiser Controller EER21000 and Wiser Controller EER21001, relates to the lack of data encryption measures. This allows a perpetrator to retrieve the credentials for authentication purposes.

The vulnerability of the Wiser Smart programmable logic controllers from Schneider Electric, Wiser Controller EER21000 and Wiser Controller EER21001, lies in the lack of data encryption measures. Exploiting this vulnerability could allow a malicious actor to retrieve authentication credentials fo...