1413 matches found
CVE-2025-62710 Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl
Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password serverSecretKey using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted...
CVE-2025-62710 Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl
Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password serverSecretKey using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted...
CVE-2025-62710 Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl
Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password serverSecretKey using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted...
MGASA-2025-0244 Updated openssl packages fix a security vulnerability
Out-of-bounds read & write in RFC 3211 KEK Unwrap. CVE-2025-9230...
EUVD-2025-35623
Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl...
GHSA-GR7H-XW4F-WH86 Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl
Impact EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password serverSecretKey using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted from limited state/seed information e.g., start time window, substantially...
CVE-2025-56802
The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the Supplier's position is...
CVE-2025-56802
The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the Supplier's position is...
CVE-2025-56802
The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the Supplier's position is...
SUSE-SU-2025:03630-1 Security update for openssl1
This update for openssl1 fixes the following issues: - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap bsc1250232...
Desknets Neo 安全漏洞
Desknets Neo is a remote office support software from Desknets Japan. A security vulnerability exists in Desknets Neo versions V4.0R1.0 through V9.0R2.0, which stems from the use of a hard-coded encryption key, which could allow an attacker to create a malicious AppSuite application...
Siemens SiPass Integrated 安全漏洞
Siemens SiPass Integrated is a powerful and extremely flexible access control system from Siemens, Germany. A security vulnerability exists in Siemens SiPass Integrated prior to version V3.0, which stems from a key for encrypting passwords that can be accessed by an administrator, potentially...
CVE-2025-35054
Newforma Info Exchange NIX stores credentials used to configure NPCS in 'HKLM\Software\WOW6432Node\Newforma\Credentials'. The credentials are encrypted but the encryption key is stored in the same registry location. Authenticated users can access both the credentials and the encryption key. If...
Malicious code in python3-6 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d48e27507362baa15b8e41d1554bce82077fcc870112ab6cb4d17694b47c8ef3 During installation, the obfuscated code is run and connect with a remote server. In the current version, the code just opens a URL without exfiltrating any...
MAL-2025-191843 Malicious code in python3-6 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d48e27507362baa15b8e41d1554bce82077fcc870112ab6cb4d17694b47c8ef3 During installation, the obfuscated code is run and connect with a remote server. In the current version, the code just opens a URL without exfiltrating any...
EUVD-2025-33573
Newforma Info Exchange NIX stores credentials used to configure NPCS in 'HKLM\Software\WOW6432Node\Newforma\Credentials'. The credentials are encrypted but the encryption key is stored in the same registry location. Authenticated users can access both the credentials and the encryption key. If...
CVE-2025-35054
Newforma Info Exchange NIX stores credentials used to configure NPCS in 'HKLM\Software\WOW6432Node\Newforma\Credentials'. The credentials are encrypted but the encryption key is stored in the same registry location. Authenticated users can access both the credentials and the encryption key. If...
CVE-2025-35054
Newforma Info Exchange NIX stores credentials used to configure NPCS in 'HKLM\Software\WOW6432Node\Newforma\Credentials'. The credentials are encrypted but the encryption key is stored in the same registry location. Authenticated users can access both the credentials and the encryption key. If...
CVE-2025-35054 Newforma Info Exchange (NIX) insufficiently protected credentials
Newforma Info Exchange NIX stores credentials used to configure NPCS in 'HKLM\Software\WOW6432Node\Newforma\Credentials'. The credentials are encrypted but the encryption key is stored in the same registry location. Authenticated users can access both the credentials and the encryption key. If...
CVE-2025-35054
CVE-2025-35054 affects Newforma Info Exchange (NIX). The root issue is insufficient protection of credentials stored in HKLM\Software\WOW6432Node\Newforma\Credentials, where both the credentials and the encryption key reside in the same registry location. Authenticated users can access both, and ...