EUVD-2025-150355

PrivateBin vulnerable to malicious filename use for self-XSS / HTML injection locally for users...

Your passport, now on your iPhone. Helpful or risky?

Apple has launched Digital ID, a way for users in the US to create and present a government-issued ID in Apple Wallet using their passport information. For now, it works only for identity verification at Transportation Security Administration TSA checkpoints in more than 250 airports. Apple says...

Desktop Alert PingAlert 安全漏洞

Desktop Alert PingAlert is a network status monitoring tool developed by DesktopAlert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. An unspecified vulnerability exists in Desktop Alert PingAlert, which arises from the presence of corrupt or insecu...

DELL PowerScale OneFS Encryption Issue Vulnerability

DELL PowerScale OneFS is Dell's horizontally scalable clustered file system designed to manage unstructured data and support enterprise-class storage capabilities. DELL PowerScale OneFS suffers from an encryption issue vulnerability that stems from the use of an insecure encryption algorithm, whi...

Book Review: The Business of Secrets

The Business of Secrets: Adventures in Selling Encryption Around the World by Fred Kinch May 24, 2024 From the vantage point of today, it's surreal reading about the commercial cryptography business in the 1970s. Nobody knew anything. The manufacturers didn't know whether the cryptography they so...

openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

A flaw was found in the OpenSSL CMS implementation RFC 3211 KEK Unwrap. This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption PWRI...

openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

A flaw was found in the OpenSSL CMS implementation RFC 3211 KEK Unwrap. This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption PWRI...

CVE-2025-64429

A vulnerability was found in DuckDB’s database encryption design. In certain situations, DuckDB could generate encryption keys using a weak random number generator, fail to reliably wipe keys from memory, accept manipulated database headers that disable integrity protection, or miss detecting...

CVE-2025-64711

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Starting in version 1.7.7 and prior to version 2.0.3, dragging a file whose filename contains HTML is reflected verbatim into the page via the drag-and-drop helper, so any user who drops a crafted file on...

CVE-2025-63289

Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the encryptionhelper.dart file...

Siemens SIMATIC S7-1500 Missing Encryption of Sensitive Data (CVE-2022-46908)

SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. This plugin only works with Tenable.ot. Please visit...

Siemens SIMATIC S7-1500 Missing Encryption of Sensitive Data (CVE-2023-34969)

D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus- daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ability to connect to the same dbus-daemo...

Siemens SIMATIC S7-1500 Exposure of Resource to Wrong Sphere (CVE-2019-12904)

In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. The C implementation is used on platforms where an assembly-language implementation is unavailable. NOTE: the vendor's position is...

Siemens SIMATIC S7-1500 Insufficient Verification of Data Authenticity (CVE-2021-4122)

It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanently disabling the encryption layer of that...

Siemens SIMATIC S7-1500 Missing Encryption of Sensitive Data (CVE-2016-3189)

Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service crash via a crafted bzip2 file, related to block ends set to before the start of the block. This plugin only works with Tenable.ot. Please visit...

Siemens SIMATIC S7-1500 Missing Encryption of Sensitive Data (CVE-2022-27775)

An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead. This plugin only works with Tenable.ot. Please visit...

Siemens SIMATIC S7-1500 Missing Encryption of Sensitive Data (CVE-2021-36690)

A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges e.g., is intentionally allowe...

Siemens SIMATIC S7-1500 Missing Encryption of Sensitive Data (CVE-2019-7309)

In the GNU C Library aka glibc or libc6 through 2.29, the memcmp function for the x32 architecture can incorrectly return zero indicating that the inputs are equal because the RDX most significant bit is mishandled. This plugin only works with Tenable.ot. Please visit...

Siemens SIMATIC S7-1500 Missing Encryption of Sensitive Data (CVE-2023-46219)

When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for mo...

Siemens SIMATIC S7-1500 Missing Encryption of Sensitive Data (CVE-2019-19959)

ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by for example valgrind. This plugin only works with Tenable.ot. Please visit...