68 matches found
EUVD-2023-46423
Malicious code in bioql PyPI...
Critical Flaws in Niagara Framework Threaten Smart Buildings and Industrial Systems Worldwide
Cybersecurity researchers have discovered over a dozen security vulnerabilities impacting Tridium's Niagara Framework that could allow an attacker on the same network to compromise the system under certain circumstances. "These vulnerabilities are fully exploitable if a Niagara system is...
Security Bulletin: Update JRE for Older Versions of IBM SPSS Statistics
Summary Vulnerabilities related to encryption were found in older versions of the Java Runtime Environment JRE. This Interim Fix addresses those problems. The IF applies to all applicable Java SE CVEs published by Oracle as part of their April 2025 Critical Patch Update plus CVE-2025-4447...
GHSA-8G98-M4J9-QWW5 Taylored webhook validation vulnerabilities
Critical Security Advisory for Taylored npm package v7.0.7 - tag 7.0.5 Summary A series of moderate to high-severity security vulnerabilities have been identified specifically in version 7.0.7 of \taylored. These vulnerabilities reside in the "Backend-in-a-Box" template distributed with this...
CVE-2025-48495
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. By renaming the friendly name of an API key, an authenticated user could inject JS into the API key overview, which would also be executed when another user clicks on his API tab. Prior to version 2.0.0,...
CVE-2021-33686
Under certain conditions, SAP Business One version - 10.0, allows an unauthorized attacker to get access to some encrypted sensitive information, but does not have control over kind or degree...
CVE-2025-32884
An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. By default, a GID is the user's phone number unless they specifically opt out. A phone number is very sensitive information because it can be tied back to individuals. The app does not encrypt the GID in messages...
CVE-2025-46634
The CVE-2025-46634 issue affects the Tenda RX2 Pro web management portal (firmware 16.03.30.14). The underlying problem is that the portal transmits the user’s password hash in cleartext before encryption is established, allowing an unauthenticated attacker to observe credentials and replay the h...
CBL Mariner 2.0 Security Update: qemu (CVE-2023-3180)
The version of qemu installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-3180 advisory. - A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in...
Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : wpa_supplicant and hostapd vulnerabilities (USN-7317-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7317-1 advisory. George Chatzisofroniou and Panayiotis Kotzanikolaou discovered that wpasupplicant and hostapd reused encryption elements ...
CVE-2024-36558
Forever KidsWatch Call Me KW-50 R36YDRA3PWGM7SV1.02019071516.19.24cobh suffers from Cleartext Transmission of Sensitive Information due to lack of encryption in device-server communication...
CVE-2024-28146 Hardcoded credentials
The application uses several hard-coded credentials to encrypt config files during backup, to decrypt the new firmware during an update and some passwords allow a direct connection to the database server of the affected device...
Qualcomm Chip Licensing Issues Vulnerabilities
A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc. and are often manufactured on the surface of semiconductor wafers. The Qualcomm chip suffers from a security vulnerability that stems from improp...
Dell CloudLink Encryption Issues Vulnerabilities
Dell CloudLink is a data encryption and key management system from Dell USA. An encryption issue vulnerability exists in Dell CloudLink version 7.1.2 and prior versions. The vulnerability stems from the system's use of insecure encryption, which could be exploited by an attacker to cause certain...
SUSE-SU-2022:2308-1 Security update for openssl-1_1
This update for openssl-11 fixes the following issues: - CVE-2022-1292: Fixed command injection in crehash bsc1199166. - CVE-2022-2068: Fixed more shell code injection issues in crehash. bsc1200550 - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode bsc1201099...
SUSE-SU-2022:0241-1 Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP2)
This update for the Linux Kernel 5.3.18-2467 fixes several issues. The following security issues were fixed: - CVE-2022-0185: Incorrect param length parsing in legacyparseparam which could have led to a local privilege escalation bsc1194517. - CVE-2021-4154: Fixed option parsing with cgroups...
EdgeX Foundry 加密问题漏洞
EdgeX Foundry is an open source project to build a common open framework for IoT edge computing. A cryptographic issue vulnerability exists in EdgeX's Functions SDK that allows an attacker to decrypt messages via unspecified vectors...
SUSE-SU-2021:3352-1 Security update for apache2-mod_auth_openidc
This update for apache2-modauthopenidc fixes the following issues: - CVE-2021-32785: format string bug via hiredis bsc1188638 - CVE-2021-32786: open redirect in logout functionality bsc1188639 - CVE-2021-32791: Hardcoded static IV and AAD with a reused key in AES GCM encryption bsc1188849 -...
IBM Resilient Information Disclosure Vulnerability (CNVD-2021-43361)
IBM Resilient is a suite of incident response platforms from IBM in the United States. The platform supports functions such as incident response process orchestration and incident management. A security vulnerability exists in IBM Resilient OnPrem, which can be exploited by an attacker to obtain...
SUSE-SU-2021:1913-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic operations by the BPF verifier could be abused to perform out-of-bounds reads and writes in...