Microsoft Windows 加密问题漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from the U.S.-based Microsoft Corporation Microsoft. Microsoft Windows suffers from an encryption problem vulnerability. An attacker exploiting this vulnerability could elevate privileges. The following products and...

Jervis 加密问题漏洞

Jervis is an automation tool from the personal developer Sam Gleske. Versions of Jervis prior to 2.2 suffer from a cryptographic issue vulnerability that stems from the lack of authentication in AES/CBC/PKCS5Padding, which makes it susceptible to padded predicate attacks and ciphertext manipulati...

CVE-2023-43757

Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. As for the affected...

CVE-2023-50126

Missing encryption in the RFID tags of the Hozard alarm system Alarmsysteem v1.0 allow attackers to create a cloned tag via brief physical proximity to one of the original tags, which results in an attacker being able to bring the alarm system to a disarmed state...

CVE-2021-41061

In RIOT-OS 2021.01, nonce reuse in 802.15.4 encryption in the ieee820154security component allows attackers to break encryption by triggering reboots...

CVE-2022-23105

Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations...

CVE-2020-7567

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 all references, all versions that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller and broke t...

CVE-2020-10256

An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. An insecure random number generator was used to generate various keys. An attacker with access to the user's encrypted data may be able to...

CVE-2024-39206

An issue discovered in MSP360 Backup Agent v7.8.5.15 and v7.9.4.84 allows attackers to obtain network share credentials used in a backup due to enginesettings.list being encrypted with a hard coded key...

CVE-2021-41278

Functions SDK for EdgeX is meant to provide all the plumbing necessary for developers to get started in processing/transforming/exporting data out of the EdgeX IoT platform. In affected versions broken encryption in app-functions-sdk “AES” transform in EdgeX Foundry releases prior to Jakarta allo...

CVE-2021-22170

Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content...

CVE-1999-0007

Information from SSL-encrypted sessions via PKCS 1...

CVE-2019-7594

Metasys® ADS/ADX servers and NAE/NIE/NCE engines prior to 9.0 make use of a hardcoded RC2 key for certain encryption operations involving the Site Management Portal SMP...

CVE-2025-61739

CVE-2025-61739 concerns nonce reuse that enables a replay attack or decryption of captured packets. Documents identify the affected products as Johnson Controls IQ Panels2, IQ Panels2+, IQHub, IQPanel 4, and PowerG, with the issue rooted in nonce reuse and/or weak RNG affecting confidentiality an...

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Cartridge for IBM Cloud Pak for Data version 5.2.2 Vulnerability Details CVEID:CVE-2025-45767 DESCRIPTION: jose v6.0.10 was discovered to contain weak encryption. NOTE: this is disputed by a third party because the claim o...

EUVD-2025-203084

Apache StreamPark has a hard-coded encryption key...

CVE-2025-54947

In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the system uses a fixed, immutable key for encryption instead of dynamically generating or securely configuring the key. Attackers may obtain...

CVE-2025-54947 Apache StreamPark: Use hard-coded key vulnerability

In Apache StreamPark versions 2.0.0 through 2.1.7, a security vulnerability involving a hard-coded encryption key exists. This vulnerability occurs because the system uses a fixed, immutable key for encryption instead of dynamically generating or securely configuring the key. Attackers may obtain...

AVEVA Edge 加密问题漏洞

AVEVA Edge is a highly scalable and flexible HMI/SCADA software from UK-based Jianwei Software AVEVA. AVEVA Edge suffers from an encryption issue vulnerability that stems from an attacker being able to reverse engineer an Edge user's application native password or Active Directory password by...

DuckDB 加密问题漏洞

DuckDB is an in-process SQL OLAP database management system from DuckDB open source. A cryptographic issue vulnerability exists in DuckDB versions 1.4.0 through prior to 1.4.2, which stems from a cryptographic implementation issue that could lead to key disclosure or bypass integrity checks...