Open Source Point of Sale 加密问题漏洞

Open Source Point of Sale is an open-source sales point system based on the Open Source Point of Sale framework. Versions of Open Source Point of Sale 3.4.2 and earlier had encryption-related vulnerabilities. These vulnerabilities stemmed from a function in the Employee Login component called...

WWBN AVideo 加密问题漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained vulnerabilities related to encryption. These vulnerabilities stemmed from the use of weak RSA keys and the lack of authentication at the endpoint, which could lead...

SAMSUNG Galaxy Store 安全漏洞

SAMSUNG Galaxy Store is an application store owned by South Korean company Samsung. Versions of SAMSUNG Galaxy Store prior to version 4.6.03.8 contained security vulnerabilities. These vulnerabilities stemmed from improper encryption signature verification, which could allow local attackers to...

CVE-2025-64429

DuckDB 1.4.0–pre-1.4.2 encryption implementation is vulnerable due to multiple cryptographic weaknesses: insecure RNG (pcg32 fallback), possible memory wipe omission (memset) leaving secrets, and header manipulation could downgrade from GCM to CTR, bypassing integrity. There may also be unhandled...

CVE-2025-64429

DuckDB is a SQL database management system. DuckDB implemented block-based encryption of DB on the filesystem starting with DuckDB 1.4.0. There are a few issues related to this implementation. The DuckDB can fall back to an insecure random number generator pcg32 to generate cryptographic keys or...

EUVD-2003-0007

Malware in sbrugna...

EUVD-2006-4395

Malware in sbrugna...

EUVD-2017-4609

Malware in sbrugna...

EUVD-2002-2151

Malware in sbrugna...

EUVD-2021-29005

Malicious code in bioql PyPI...

Encryption Backdoor in Military/Police Radios

I wrote about this in 2023. Here's the story: Three Dutch security analysts discovered the vulnerabilities­--five in total--­in a European radio standard called TETRA Terrestrial Trunked Radio, which is used in radios made by Motorola, Damm, Hytera, and others. The standard has been used in radio...

Ivanti Endpoint Manager < 2022 SU8 Security Update 1 / 2024 < 2024 SU3 July 2025 Security Update

The version of Ivanti Endpoint Manager running on the remote host is prior to 2022 SU8 Security Update 1 or 2024 prior to 2024 SU3. It is, therefore, affected by multiple vulnerabilities: - Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8...

The vulnerability of the web interface of the “Central Archive of Medical Images” information system, due to deficiencies in encryption mechanisms, allows attackers to compromise the confidentiality and accessibility of the protected information.

The vulnerability of the web interface of the “Central Archive of Medical Images” information system is related to deficiencies in encryption mechanisms. Exploiting this vulnerability could allow an attacker, operating remotely, to compromise the confidentiality and accessibility of the protected...

The vulnerability of the web interface of the “Central Medical Imaging Archive” information system, due to deficiencies in access control, allows unauthorized access to protected information.

The vulnerability of the web interface of the “Central Archive of Medical Images” information system is related to deficiencies in encryption mechanisms. Exploiting this vulnerability could allow an attacker, operating remotely, to compromise the confidentiality and accessibility of the protected...

Siemens SCALANCE X-200RNA Switch Devices Exposure of Sensitive Information to an Unauthorized Actor (CVE-2016-0704)

An oracle protection mechanism in the getclientmasterkey function in s2srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier fo...

The vulnerability of Hikvision’s DS-2CD2432F-IW IP camera software, related to encryption deficiencies, allows intruders to exploit their privileges.

The vulnerability of Hikvision’s DS-2CD2432F-IW IP camera software relates to the use of a default SSID without encryption or Wi-Fi authentication. Exploiting this vulnerability could allow an attacker to gain increased privileges remotely...

Cisco Firepower Management Center 安全漏洞

Cisco Firepower Management Center FMC is the next generation firewall management center software from Cisco. Cisco Firepower Management Center has security vulnerabilities that stem from improper encryption of sensitive information stored in the GUI configuration manager. An attacker could exploi...

The vulnerability of the graphical distributed cross-platform IRC client Quassel, related to errors in information encryption, allows a intruder to gain access to confidential data.

The vulnerability of the graphical distributed cross-platform IRC client Quassel is related to the “--require-ssl” parameter, which is activated without support for SSL or TLS. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data...

The vulnerability of the sftunnel function in Cisco Firepower Management Center (FMC) and Cisco Firepower Threat Defense (FTD) allows a attacker to obtain the device’s registration hash.

The vulnerability of the sftunnel function in Cisco Firepower Management Center FMC and Cisco Firepower Threat Defense FTD is related to encryption errors. Exploiting this vulnerability can allow a malicious actor to obtain a device’s registration hash...

Hackers Can Clone Millions of Toyota, Hyundai, and Kia Keys

Encryption flaws in a common anti-theft feature expose vehicles from major manufacturers...