IBM Maximo Anywhere Encryption Issue Vulnerability

IBM Maximo Anywhere is a next-generation mobile solution from IBM built on the IBM Worklight platform. An encryption vulnerability exists in IBM Maximo Anywhere, which stems from the product's failure to effectively protect program source code. An attacker could obfuscate the source code through...

IBM Maximo Anywhere 加密问题漏洞

IBM Maximo Anywhere is a next-generation mobile solution from IBM built on the IBM Worklight platform. An encryption vulnerability exists in IBM Maximo Anywhere, which stems from the product's failure to effectively protect program source code. An attacker could obfuscate the source code through...

IBM Maximo Anywhere 加密问题漏洞

IBM Maximo Anywhere is a next-generation mobile solution from IBM built on the IBM Worklight platform. The solution supports remote access to IBM Maximo Asset Management a comprehensive asset lifecycle and maintenance management solution workflow and asset management via mobile devices. an...

GHSA-F5PG-7WFW-84Q9 CBC padding oracle issue in AWS S3 Crypto SDK for golang

Summary The golang AWS S3 Crypto SDK is impacted by an issue that can result in loss of confidentiality and message forgery. The attack requires write access to the bucket in question, and that the attacker has access to an endpoint that reveals decryption failures without revealing the plaintext...

Wordpress Plugin Learnpress 加密问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. An encryption issue vulnerability...

Mageia: Security Advisory (MGASA-2021-0258)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2019-0105)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PASSWORD MANAGER "MIRUPASS" PW10 / PW20 missing encryption

Overview PASSWORD MANAGER "MIRUPASS" PW10 / PW20 provided by KING JIM CO.,LTD. contain a missing encryption vulnerability CWE-311. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...

Use of Hard-coded Credentials in Apache Kylin

Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their passwor...

Hardcoded credentials

Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their passwor...

Netgear Nighthawk R6700 加密问题漏洞

Netgear Nighthawk R6700 is a wireless router from Netgear, Inc. An encryption vulnerability exists in the Netgear Nighthawk R6700, which stems from the product's failure to use the soap secure communication method. An attacker could obtain sensitive information from HTTP requests through this...

Max Mazurov Maddy 加密问题漏洞

Max Mazurov Maddy is combinable all-in-one mail server. A security vulnerability exists in the previous version 0.5.2 of Max Mazurov Maddy, which stems from the disclosure of sensitive information in the application...

Fresenius Kabi Agilia Connect Infusion System 加密问题漏洞

An encryption vulnerability exists in the Fresenius Kabi Agilia Connect Infusion System, an infusion system from the German company Fresenius Kabi, which stems from the product's use of plaintext to An attacker could use this vulnerability to gain access to sensitive information...

Code injection

The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This occurs because it sets the SMB2GLOBALCAPENCRYPTION flag when using the SMB 3.1.1 protocol, which is a violation of the SMB protocol...

AnonAddy 加密问题漏洞

AnonAddy is an anonymous email forwarding system from AnonAddy, Inc. A security vulnerability exists in AnonAddy that stems from the presence of a corrupt or risky encryption algorithm in VerificationController.php in AnonAddy...

FortiClientEMS - Sensitive information leak

A missing encryption of sensitive data vulnerability CWE-311 in FortiClientEMS may allow an authenticated attacker to view sensitive information in clear text via any browser development tools...

CVE-2021-41278 Broken encryption in app-functions-sdk “AES” transform in EdgeX Foundry releases prior to Jakarta allows attackers to decrypt messages via unspecified vectors

Functions SDK for EdgeX is meant to provide all the plumbing necessary for developers to get started in processing/transforming/exporting data out of the EdgeX IoT platform. In affected versions broken encryption in app-functions-sdk “AES” transform in EdgeX Foundry releases prior to Jakarta allo...

Philips Patient Information Center iX 加密问题漏洞

Philips Patient Information Center iX Philips Patient Information Center PIC iX, a Philips company in Europe, is at the heart of our patient monitoring system, which facilitates understanding of the patient's condition and helps caregivers to identify potential deterioration at an early stage,...

Couchbase Server 加密问题漏洞

Couchbase Server is a distributed, open source NoSQL non-relational database from Couchbase, Inc. that primarily supports data querying, full-text searching, and active global replication. A cryptographic issue vulnerability exists in Couchbase Server, which stems from the inclusion of plaintext...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

...