60 matches found
EUVD-2021-28836
Malicious code in bioql PyPI...
EUVD-2021-8245
Malicious code in bioql PyPI...
EUVD-2023-55663
Malicious code in bioql PyPI...
EUVD-2022-35000
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-2545
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES 3DES cryptographic algorithm is used to protect emails se...
Linux Distros Unpatched Vulnerability : CVE-2025-38158
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: hisiaccvfiopci: fix XQE dma address error The dma addresses of EQE and AEQE are wrong after...
CVE-2025-53671
Jenkins Nouvola DiveCloud Plugin 1.08 and earlier does not mask DiveCloud API Keys and Credentials Encryption Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them...
The Security Overview and Analysis of 3GPP 5G MAC CE
To more effectively control and allocate network resources, MAC CE has been introduced into the network protocol, which is a type of control signaling located in the MAC layer. Since MAC CE lacks encryption and integrity protection mechanisms provided by PDCP, the control signaling carried by MAC...
CVE-2023-50930
An issue was discovered in savignano S/Notify before 4.0.2 for Jira. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting a...
CVE-2022-29482
'Mobaoku-Auction Market' App for iOS versions prior to 5.5.16 improperly verifies server certificates, which may allow an attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack...
CVE-2025-30472
CVE-2025-30472 is a vulnerability in the Corosync library (through 3.1.9) that enables a stack-based buffer overflow when encryption is disabled or the attacker knows the key and processes a large UDP packet. Connected sources specify affected contexts (Corosync 3.1.x) and note fixes: IBM/Db2 bul...
Siemens SIPROTEC 5
SUMMARY Affected SIPROTEC 5 devices do not encrypt certain data within the on-board flash storage on their PCB. This could allow an attacker with physical access to read the sensitive information from the filesystem of the device. Siemens is preparing fix versions and recommends specific...
CVE-2024-52331
ECOVACS robot lawnmowers and vacuums are affected by CVE-2024-52331 due to a deterministic symmetric key used to decrypt firmware updates. This allows an attacker to create and encrypt malicious firmware that will be decrypted and installed by the device. The description and connected entries con...
PT-2024-21694 · Toshiba · Toshiba Printers
Name of the Vulnerable Software and Affected Versions: Toshiba printers affected versions not specified Description: The issue concerns Toshiba printers that have programs containing a hardcoded key used for file encryption. An attacker can exploit this by using the hardcoded key to decrypt...
PT-2024-25694 · Aiosmtpd · Aiosmtpd
Name of the Vulnerable Software and Affected Versions: aiosmtpd versions prior to 1.4.6 Description: The issue concerns servers based on aiosmtpd, which accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by...
DEBIAN-CVE-2023-24023
Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS...
Fortinet FortiSIEM 加密问题漏洞
Fortinet FortiSIEM is a suite of security information and event management systems from the American company Fiat Fortinet. The system includes features such as asset discovery, workflow automation and unified management. A security vulnerability exists in Fortinet FortiSIEM versions prior to 6.7...
SUSE CVE-2021-32728
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.3.0, the Nextcloud Desktop client fails to check if a privat...
OESA-2022-1833 openssl security update
OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under so...
CVE-2021-3981
A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in...