CVE-2025-67745

MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, direct logs into /dev/null...

EUVD-2025-203943

AWS SDK for Ruby's S3 Encryption Client has a Key Commitment Issue...

CVE-2025-67745

CVE-2025-67745 affects the MyHoard daemon for MySQL backups. In versions prior to 1.3.0, logs may include the full backup information including the encryption key, enabling potential disclosure. Version 1.3.0 fixes the issue. A workaround is to direct logs to /dev/null. Affected software is MyHoa...

CVE-2025-67745 Myhoard logs backup encryption key in plain text

MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, direct logs into /dev/null...

CVE-2025-67745 Myhoard logs backup encryption key in plain text

MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, direct logs into /dev/null...

EUVD-2025-204404

MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, direct logs into /dev/null...

CVE-2025-67745 Myhoard logs backup encryption key in plain text

MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, direct logs into /dev/null...

MyHoard 安全漏洞

MyHoard is an open source database backup recovery tool from Aiven Open. A security vulnerability exists in MyHoard versions prior to 1.3.0, which stems from improper logging of backup information and could lead to encryption key disclosure...

CVE-2025-14760

Missing cryptographic key commitment in the AWS SDK for C++ may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgra...

Amazon S3 Encryption Client 安全漏洞

Amazon S3 Encryption Client is a client-side encryption library open-sourced by Amazon Web Services. A security vulnerability exists in Amazon S3 Encryption Client that stems from a lack of encryption key promises, which could cause a user with write access to an S3 storage bucket to introduce a...

PT-2025-51881

Name of the Vulnerable Software and Affected Versions AWS SDK for C++ versions prior to 1.11.712 Description A missing cryptographic key commitment in the AWS SDK for C++ could allow a user with write access to an S3 bucket to introduce a new encryption data key EDK that decrypts to different...

PT-2025-51884

Name of the Vulnerable Software and Affected Versions Amazon S3 Encryption Client for Java versions prior to 4.0.0 Description A missing cryptographic key commitment in the Amazon S3 Encryption Client for Java could allow a user with write access to an S3 bucket to introduce a new Encryption Data...

SUSE SLES15 Security Update : openssl-3 (SUSE-SU-2025:03439-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03439-1 advisory. - CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap bsc1250232. Tenable has...

Use Of Hard-coded Cryptographic Key

Apache StreamPark is vulnerable to use of a hard-coded cryptographic key. The vulnerability is due to Apache StreamPark uses an immutable, embedded key for encryption instead of a securely generated or configurable one, allowing attackers who obtain the key through reverse engineering or source...

Cleartext Password Disclosure

Apache Syncope is vulnerable to Cleartext Password Disclosure. The issue arises from use of a hard-coded default AES key when AES-based password storage is enabled, allowing an attacker with access to the internal database to decrypt and recover user passwords...

Apache StreamPark has a hard-coded encryption key

In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the system uses a fixed, immutable key for encryption instead of dynamically generating or securely configuring the key. Attackers may obtain...

GHSA-PRV5-C2PX-J9Q3 Apache StreamPark has a hard-coded encryption key

In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the system uses a fixed, immutable key for encryption instead of dynamically generating or securely configuring the key. Attackers may obtain...

CVE-2025-53960 Apache StreamPark: Uses the user’s password as the secret key

When issuing JSON Web Tokens JWT, Apache StreamPark directly uses the user's password as the HMAC signing key e.g., with the HS256 algorithm. An attacker can exploit this vulnerability to perform offline brute-force attacks on the user's password using a captured JWT, or to arbitrarily forge...

CVE-2025-54947 Apache StreamPark: Use hard-coded key vulnerability

In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the system uses a fixed, immutable key for encryption instead of dynamically generating or securely configuring the key. Attackers may obtain...

CVE-2025-54947

Apache StreamPark versions 2.0.0–2.1.7 contain a hard-coded, immutable encryption key, enabling potential decryption/ forgery of encrypted data and unauthorized access. The issue arises from using a fixed key instead of a dynamically generated or securely configured one. Upgrade to 2.1.7 is recom...