57 matches found
CVE-2024-57854
Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator. Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors. Data::Rand::Obscure uses Perl's built-in rand function, which is not suitable fo...
CVE-2024-57854 Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator
Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator. Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors. Data::Rand::Obscure uses Perl's built-in rand function, which is not suitable fo...
CVE-2024-57854
Summary: CVE-2024-57854 affects Net::NSCA::Client for Perl up to version 0.009002, where a cryptographic weakness arises from using a non-cryptographically secure random number generator. The affected code shifted from Crypt::Random to Data::Rand::Obscure (which relies on Perl’s rand()), enabling...
libtpms 安全特征问题漏洞
libtpms is a software emulation of a Trusted Platform module by the individual developer Stefan Berger. A security signature issue vulnerability exists in libtpms versions 0.10.0 and 0.10.1, which stems from improperly returning initialization vectors, which could weaken subsequent encryption and...
CVE-2025-11690
An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker to retrieve data such as GPS coordinates, encryption keys, initialization vectors,...
CVE-2025-11690
An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker to retrieve data such as GPS coordinates, encryption keys, initialization vectors,...
CVE-2025-11690 IDOR vulnerability in the CFMOTO RIDE API
An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker to retrieve data such as GPS coordinates, encryption keys, initialization vectors,...
EUVD-2025-37759
An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker to retrieve data such as GPS coordinates, encryption keys, initialization vectors,...
CVE-2025-11690 IDOR vulnerability in the CFMOTO RIDE API
An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker to retrieve data such as GPS coordinates, encryption keys, initialization vectors,...
CVE-2025-11690
CVE-2025-11690 corresponds to an Insecure Direct Object Reference (IDOR) in the vehicleId parameter of the CFMOTO RIDE API backend. The issue allows unauthorized access to sensitive data from other users’ vehicles (GPS coordinates, encryption keys, initialization vectors, model numbers, fuel stat...
PT-2025-44991
Name of the Vulnerable Software and Affected Versions CFMOTO RIDE affected versions not specified Description An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this...
Reolink App 安全漏洞
Reolink App is a mobile application from Reolink USA. A security vulnerability exists in Reolink App version v4.54.0.4.20250526, which stems from the use of hard-coded encryption keys and initialization vectors, which could lead to the decryption of access tokens and session tokens...
CVE-2021-31254
Buffer overflow in the tencboxread function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file, related invalid IV sizes...
AMD Graphics Driver 安全漏洞
AMD Graphics Driver is an integrated graphics driver from Ultraviolet Semiconductor AMD. A security vulnerability exists in AMD Graphics Driver that stems from the presence of weak and predictable initialization vectors that allow an attacker with privileges to reuse IV values to reverse engineer...
PT-2024-12269 · Unknown · Power Management Firmware
Name of the Vulnerable Software and Affected Versions: Power Management Firmware affected versions not specified Description: The generation of weak and predictable Initialization Vector IV in Power Management Firmware may allow an attacker with privileges to reuse IV values to reverse-engineer...
Weak Cryptography
blinksocks is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the usage of weak encryption algorithms and fixed initialization vectors IV within /presets/ssr-auth-chain.js. This issue can be exploited by an attacker to disclose sensitive encrypted information via brute...
PyPinkSign Security Vulnerability
PyPinkSign is a Python library for NPKI certificates from the individual developer Jung Sang-jun! A security vulnerability exists in PyPinkSign version v0.5.1, which stems from the use of non-random or static IVs for cipher block linking CBC mode in AES encryption, which could lead to information...
Hyundai Gen5W_L 安全漏洞
Hyundai Gen5WL is an automotive standard navigation infotainment system from Hyundai, South Korea. A security vulnerability exists in the Hyundai Gen5WL, which stems from an information leakage vulnerability that allows an attacker to read AES keys and initialization vectors from memory, which...
SUSE CVE-2022-46397
FP.io VPP Vector Packet Processor 22.10, 22.06, 22.02, 21.10, 21.06, 21.01, 20.09, 20.05, 20.01, 19.08, and 19.04 Generates a Predictable IV with CBC Mode...
SUSE CVE-2007-3528
The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC cryptography by 1 discarding random bits by the blowfish::makeivec function in libdar/crypto.cpp that results in predictable and repeating IV values, and 2 direct use of a password for keying, which makes it easier for context-dependent...