CVE-2025-2900

CVE-2025-2900 is documented in connected IBM security bulletins as affecting IBM Semeru Runtime across multiple releases with a denial-of-service impact due to a buffer overflow in the native AES/CBC encryption path. The IBM pages for OpenPages and related Bulletins explicitly reference CVE-2025-...

Palo Alto Networks PAN-OS 安全漏洞

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. A security vulnerability exists in Palo Alto Networks PAN-OS that stems from the improper use of the AES-128-CCM algorithm could result in the transmission of unencrypted data...

CVE-2025-4382

A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can corrupt the underlyi...

CVE-2025-47729

The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL aka Archive Signal app users, which is different functionality than described in the TeleMessage "End-to-End encryption from the mobile phone through to the corporate archive" documentation, as...

Best Practical Solutions Request Tracker 加密问题漏洞

Best Practical Solutions Request Tracker is an open source, enterprise-grade work order tracking system for customer service, IT service management and business process tracking from Best Practical Solutions. An encryption issue vulnerability exists in Best Practical Solutions Request Tracker...

MediaTek Chipsets 加密问题漏洞

MediaTek Chipsets is a series of chips from China's MediaTek Corporation MediaTek. MediaTek Chipsets suffers from an encryption issue vulnerability that stems from mishandling of errors that could lead to remote information disclosure...

CVE-2025-32890

An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. It uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message...

CVE-2025-32890

An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. It uses a custom implementation of encryption without any additional integrity checking mechanisms. This leaves messages malleable to an attacker that can access the message...

CVE-2025-32882

CVE-2025-32882 affects goTenna V1 devices: application 5.5.3 and firmware 0.25.5 use a custom encryption implementation without integrity checking, making messages malleable. This vulnerability is described across multiple sources (NVD, Red Hat, PT Security) with no confirmed exploitation details...

goTenna V1 安全漏洞

goTenna V1 is a portable offline communication device from goTenna, Inc. that enables long-range peer-to-peer communication between smartphones via mesh network technology. A security vulnerability exists in goTenna V1, which stems from an improperly implemented encryption that could lead to...

Cisco NX-OS Cryptographic Issues (CVE-2011-4667)

The encryption library in Cisco IOS Software 15.21T, 15.21T1, and 15.22T, Cisco NX-OS in Cisco MDS 9222i Multiservice Modular Switch, Cisco MDS 9000 18/4-Port Multiservice Module, and Cisco MDS 9000 Storage Services Node module before 5.26, and Cisco IOS in Cisco VPN Services Port Adaptor for...

IBM Storage Defender 加密问题漏洞

IBM Storage Defender is a solution from International Business Machines IBM that provides end-to-end data resiliency. An encryption issue vulnerability exists in IBM Storage Defender - Resiliency Service 2.0.12 and prior versions, which stems from the use of a weak encryption algorithm that could...

IBM SPSS Statistics Encryption Problem Vulnerability

IBM Spss Statistics is a software package from International Business Machines IBM, Inc. It is used for interactive or batch statistical analysis. An encryption issue vulnerability exists in IBM SPSS Statistics versions 26.0, 27.0.1, 28.0.1, and 29.0.2, which stems from the use of a weak encrypti...

CVE-2025-30472

Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orftokenendianconvert in exec/totemsrp.c via a large UDP packet...

GHSA-M37H-8R48-2CXJ H2O Vulnerable to Execution of Arbitrary Files

In h2oai/h2o-3 version 3.46.0, an endpoint exposing a custom EncryptionTool allows an attacker to encrypt any files on the target server with a key of their choosing. The chosen key can also be overwritten, resulting in ransomware-like behavior. This vulnerability makes it possible for an attacke...

CVE-2024-6863 Encryption of Arbitrary Files with Attacker-Controlled Key in h2oai/h2o-3

In h2oai/h2o-3 version 3.46.0, an endpoint exposing a custom EncryptionTool allows an attacker to encrypt any files on the target server with a key of their choosing. The chosen key can also be overwritten, resulting in ransomware-like behavior. This vulnerability makes it possible for an attacke...

CVE-2024-6863

CVE-2024-6863 affects h2oai/h2o-3 v3.46.0 through an endpoint exposing a custom EncryptionTool that allows an attacker to encrypt arbitrary files on the target server with a key of their choosing, with the key potentially overwritable and ransomware-like behavior described. The vulnerability’s im...

ZTE ZTELink 加密问题漏洞

ZTE ZTELink is an application used to manage ZTE wireless router products for remote and proximity management of wireless router products from ZTE Corporation ZTE in China. A security vulnerability exists in ZTE ZTELink version 5.4.9, which stems from a WiFi parameter configuration flaw that coul...

Security Bulletin: Snowflake JDBC driver affects watsonx.data

Summary Snowflake JDBC driver could provide weaker than expected security, caused by an incorrect security setting, which may impact watsonx.data. Vulnerability Details CVEID:CVE-2024-43382 DESCRIPTION: Snowflake JDBC driver could provide weaker than expected security, caused by an incorrect...

Emissary 加密问题漏洞

Emissary is a distributed P2P data-driven workflow framework open-sourced by the National Security Agency. An encryption issue vulnerability exists in versions of Emissary prior to 8.24.0 that stems from the use of insecure encryption algorithms resulting in a security risk...