PT-2025-37924

Name of the Vulnerable Software and Affected Versions: Control-M/Agent versions 9.0.18 through 9.0.20 Control-M/Agent versions prior to 9.0.18 potentially earlier unsupported versions Description: An authentication bypass issue exists when using an empty or default kdb keystore or a default PKCS1...

CVE-2025-21017

CVE-2025-21017 affects Samsung Blockchain Keystore: an out-of-bounds write in the detaching crypto box allows local privileged attackers to write memory beyond bounds. Impact includes potential data corruption or code execution within the Keystore context. Affected versions are Blockchain Keystor...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands generate insufficiently strong keystore passwords [CVE-2025-1827]

Summary IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands generate keystores on startup for storing keys and certificates. These are generated with an insufficiently strong password. This bulletin provides patch information to address the reported...

CVE-2022-35202

A security issue in Sitevision version 10.3.1 and older allows a remote attacker, in certain non-default scenarios, to gain access to the private keys used for signing SAML Authn requests. The underlying issue is a Java keystore that may become accessible and downloadable via WebDAV. This keystor...

Huawei HarmonyOS and EMUI Resources Not Closed or Released Vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. Huawei HarmonyOS and EMUI are vulnerable to a resource no...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. Huawei HarmonyOS and EMUI are vulnerable to a resource no...

SAMSUNG Blockchain Keystore 缓冲区错误漏洞

SAMSUNG Blockchain Keystore is Samsung's system tool for creating, storing, managing, and backing up private keys. A security vulnerability exists in Samsung Blockchain Keystore versions prior to 1.3.12.1 that stems from an out-of-bounds read vulnerability when handling CMDCOLDWALLETBTCSETPRVUTXO...

Matrix 安全漏洞

Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. A security vulnerability in Matrix matrix-sdk-crypto prior to version 0.5 stems from a vulnerability that allows a malicious home server to insert a room key of questionable validity into the keystore under certai...

Hardcoded credentials

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The keystore is locked with a hard-coded password. Therefore, everyone with access to the keystore can read the content out, for example the private key of the user...

Code injection

In all Android releases from CAF using the Linux kernel, HLOS can overwite secure memory or read contents of the keystore...

hocus. - Dangerous filesystem permissions, Insecure KeyStore, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application hocus. published at the 'play' market has multiple vulnerabilities...

Amazon Photos - Cloud Drive - Insecure KeyStore, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Amazon Photos - Cloud Drive published at the 'play' market has multiple vulnerabilities...

JDK: Java CMS keystore provider potentially allows brute-force private key recovery

IBM Java Runtime Environment JRE 7 R1 before SR1 FP1 7.1.1.1, 7 before SR7 FP1 7.0.7.1, 6 R1 before SR8 FP1 6.1.8.1, 6 before SR16 FP1 6.0.16.1, and before 5.0 SR16 FP7 5.0.16.7 allows attackers to obtain the private key from a Certificate Management System CMS keystore via a brute force attack...