445 matches found
CVE-2025-46632
Initialization vector IV reuse in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an attacker to discern information about or more easily decrypt encrypted messages between client and server...
CVE-2025-46632
Initialization vector IV reuse in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an attacker to discern information about or more easily decrypt encrypted messages between client and server...
CVE-2025-46632
CVE-2025-46632 affects Tenda RX2 Pro (firmware 16.03.30.14). The issue is IV reuse in the web management portal, enabling an attacker to discern information about, or more easily decrypt, messages between client and server. The exploitation details are not provided in the documents, but the CVSS ...
PT-2025-18706 · Tenda · Tenda Rx2 Pro
Name of the Vulnerable Software and Affected Versions: Tenda RX2 Pro version 16.03.30.14 Description: The issue concerns the reuse of the initialization vector IV in the web management portal, which may allow an attacker to discern information or more easily decrypt encrypted messages between the...
CVE-2025-46632
Initialization vector IV reuse in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an attacker to discern information about or more easily decrypt encrypted messages between client and server...
CLSA-2024-1709548308 openssl: Fix of CVE-2023-5363
CVE-2023-5363: process key length and iv length early if present...
OESA-2025-1192 edk2 security update
EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during th...
CVE-2025-0714
The vulnerability exists in the password storage of Mobateks MobaXterm in versions below 25.0. MobaXTerm uses an initialisation vector IV consisting only of zero bytes and a master key to encrypt each password individually. In the default configuration, on opening MobaXTerm, the user is prompted...
CVE-2025-0714 Insecure storage of sensitive information in MobaXTerm <25.0.
The vulnerability exists in the password storage of Mobateks MobaXterm in versions below 25.0. MobaXTerm uses an initialisation vector IV consisting only of zero bytes and a master key to encrypt each password individually. In the default configuration, on opening MobaXTerm, the user is prompted...
CVE-2025-0714
The CVE-2025-0714 issue affects Mobatek MobaXterm versions prior to 25.0. It describes insecure password storage where an IV of zero bytes and a derivative master key are used for each stored password, causing AES-CTR (CFB) ciphertext to depend only on the plaintext and making data at rest easier...
CVE-2025-0714 Insecure storage of sensitive information in MobaXTerm <25.0.
The vulnerability exists in the password storage of Mobateks MobaXterm in versions below 25.0. MobaXTerm uses an initialisation vector IV consisting only of zero bytes and a master key to encrypt each password individually. In the default configuration, on opening MobaXTerm, the user is prompted...
PT-2025-6799 · Mobaxterm · Mobaxterm
Name of the Vulnerable Software and Affected Versions: MobaXterm versions prior to 25.0 Description: The issue exists in the password storage of MobaXterm, where it uses an initialization vector IV consisting only of zero bytes and a master key to encrypt each password individually. In the defaul...
CVE-2022-26083
Generation of weak initialization vector in an IntelR IPP Cryptography software library before version 2021.5 may allow an unauthenticated user to potentially enable information disclosure via local access...
CVE-2022-26083
Generation of weak initialization vector in an IntelR IPP Cryptography software library before version 2021.5 may allow an unauthenticated user to potentially enable information disclosure via local access...
CVE-2022-26083
Generation of weak initialization vector in an IntelR IPP Cryptography software library before version 2021.5 may allow an unauthenticated user to potentially enable information disclosure via local access...
CVE-2022-26083
Affected software: Intel® IPP Cryptography library (before version 2021.5). Issue (root cause): Generation of a weak initialization vector may allow an unauthenticated user to potentially cause information disclosure via local access. Impact: Information disclosure with high impact (confidentiali...
CVE-2022-26083
Generation of weak initialization vector in an IntelR IPP Cryptography software library before version 2021.5 may allow an unauthenticated user to potentially enable information disclosure via local access...
CVE-2022-26083
Generation of weak initialization vector in an IntelR IPP Cryptography software library before version 2021.5 may allow an unauthenticated user to potentially enable information disclosure via local access...
PT-2025-6481 · Intel · Intel Ipp Cryptography
Name of the Vulnerable Software and Affected Versions: IntelR IPP Cryptography software library versions prior to 2021.5 Description: The issue is related to the generation of a weak initialization vector in the IntelR IPP Cryptography software library. This may allow an unauthenticated user to...
PT-2026-2892
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the crypto subsystem, specifically related to the seqiv functionality. After the crypto aead encrypt function is called, the associated request...