46 matches found
CVE-2026-50210
The device encrypts data using AES-CBC with static zero-filled Initialization Vectors IVs, making it susceptible to replay attacks and known-plaintext decryption...
EUVD-2026-34222
The device encrypts data using AES-CBC with static zero-filled Initialization Vectors IVs, making it susceptible to replay attacks and known-plaintext decryption...
CVE-2026-50210
The CVE-2026-50210 entry describes a cryptographic weakness in a device that encrypts data with AES-CBC using static zero-filled Initialization Vectors (IVs). This configuration can enable replay attacks and known-plaintext decryption, with the CVSS metrics indicating Medium severity (network vec...
CVE-2026-50210 Weak Static Cryptographic Initialization Vectors
The device encrypts data using AES-CBC with static zero-filled Initialization Vectors IVs, making it susceptible to replay attacks and known-plaintext decryption...
CVE-2026-50210
The device encrypts data using AES-CBC with static zero-filled Initialization Vectors IVs, making it susceptible to replay attacks and known-plaintext decryption...
CVE-2026-50210 Weak Static Cryptographic Initialization Vectors
The device encrypts data using AES-CBC with static zero-filled Initialization Vectors IVs, making it susceptible to replay attacks and known-plaintext decryption...
PT-2026-46162
The device encrypts data using AES-CBC with static zero-filled Initialization Vectors IVs, making it susceptible to replay attacks and known-plaintext decryption...
Fortra GoAnywhere 安全漏洞
Fortra GoAnywhere is a secure file transfer solution provided by the American company Fortra. There were security vulnerabilities in versions of Fortra GoAnywhere MFT 7.10.0 and earlier, as well as in GoAnywhere Agents 2.2.0 and earlier. These vulnerabilities stemmed from the use of static IVs fo...
CVE-2024-57854
Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator. Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors. Data::Rand::Obscure uses Perl's built-in rand function, which is not suitable fo...
CVE-2024-57854
Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator. Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors. Data::Rand::Obscure uses Perl's built-in rand function, which is not suitable fo...
CVE-2024-57854
Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator. Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors. Data::Rand::Obscure uses Perl's built-in rand function, which is not suitable fo...
CVE-2024-57854 Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator
Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator. Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors. Data::Rand::Obscure uses Perl's built-in rand function, which is not suitable fo...
CVE-2024-57854
CVE-2024-57854 affects Net::NSCA::Client (Perl) up to version 0.009002. The issue comes from using a non-cryptographically secure random number generator for IVs: v0.003 migrated to Data::Rand::Obscure, which relies on Perl’s rand() and is not suitable for cryptographic purposes. The connected de...
libtpms 安全特征问题漏洞
libtpms is a software emulation of a Trusted Platform module by the individual developer Stefan Berger. A security signature issue vulnerability exists in libtpms versions 0.10.0 and 0.10.1, which stems from improperly returning initialization vectors, which could weaken subsequent encryption and...
CVE-2025-11690
An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker to retrieve data such as GPS coordinates, encryption keys, initialization vectors,...
CVE-2025-11690
An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker to retrieve data such as GPS coordinates, encryption keys, initialization vectors,...
EUVD-2025-37759
An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker to retrieve data such as GPS coordinates, encryption keys, initialization vectors,...
CVE-2025-11690 IDOR vulnerability in the CFMOTO RIDE API
An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker to retrieve data such as GPS coordinates, encryption keys, initialization vectors,...
CVE-2025-11690
CVE-2025-11690 corresponds to an Insecure Direct Object Reference (IDOR) in the vehicleId parameter of the CFMOTO RIDE API backend. The issue allows unauthorized access to sensitive data from other users’ vehicles (GPS coordinates, encryption keys, initialization vectors, model numbers, fuel stat...
CVE-2025-11690 IDOR vulnerability in the CFMOTO RIDE API
An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker to retrieve data such as GPS coordinates, encryption keys, initialization vectors,...