Lucene search
+L

57 matches found

osv
osv
added 2026/03/05 3:15 a.m.9 views

CVE-2024-57854

Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator. Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors. Data::Rand::Obscure uses Perl's built-in rand function, which is not suitable fo...

9.1CVSS5.8AI score0.00409EPSS
Exploits0References3
cvelist
cvelist
added 2026/03/05 2:18 a.m.31 views

CVE-2024-57854 Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator

Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator. Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initialisation vectors. Data::Rand::Obscure uses Perl's built-in rand function, which is not suitable fo...

0.00409EPSS
Exploits0References2
cve
cve
added 2026/03/05 2:18 a.m.16 views

CVE-2024-57854

Summary: CVE-2024-57854 affects Net::NSCA::Client for Perl up to version 0.009002, where a cryptographic weakness arises from using a non-cryptographically secure random number generator. The affected code shifted from Crypt::Random to Data::Rand::Obscure (which relies on Perl’s rand()), enabling...

9.1CVSS5.9AI score0.00409EPSS
Exploits0References3Affected Software1
cnnvd
cnnvd
added 2026/01/02 12:0 a.m.8 views

libtpms 安全特征问题漏洞

libtpms is a software emulation of a Trusted Platform module by the individual developer Stefan Berger. A security signature issue vulnerability exists in libtpms versions 0.10.0 and 0.10.1, which stems from improperly returning initialization vectors, which could weaken subsequent encryption and...

5.5CVSS6.4AI score0.0007EPSS
Exploits1References3
redhatcve
redhatcve
added 2025/11/05 11:5 a.m.10 views

CVE-2025-11690

An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker to retrieve data such as GPS coordinates, encryption keys, initialization vectors,...

8.5CVSS6.5AI score0.00155EPSS
Exploits0References1
nvd
nvd
added 2025/11/04 11:15 a.m.4 views

CVE-2025-11690

An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker to retrieve data such as GPS coordinates, encryption keys, initialization vectors,...

8.5CVSS0.00155EPSS
Exploits0References2
cvelist
cvelist
added 2025/11/04 10:25 a.m.14 views

CVE-2025-11690 IDOR vulnerability in the CFMOTO RIDE API

An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker to retrieve data such as GPS coordinates, encryption keys, initialization vectors,...

8.5CVSS0.00155EPSS
Exploits0References1
euvd
euvd
added 2025/11/04 10:25 a.m.8 views

EUVD-2025-37759

An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker to retrieve data such as GPS coordinates, encryption keys, initialization vectors,...

8.5CVSS6AI score0.00155EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/11/04 10:25 a.m.4 views

CVE-2025-11690 IDOR vulnerability in the CFMOTO RIDE API

An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker to retrieve data such as GPS coordinates, encryption keys, initialization vectors,...

8.5CVSS6.1AI score0.00155EPSS
Exploits0References1
cve
cve
added 2025/11/04 10:25 a.m.30 views

CVE-2025-11690

CVE-2025-11690 corresponds to an Insecure Direct Object Reference (IDOR) in the vehicleId parameter of the CFMOTO RIDE API backend. The issue allows unauthorized access to sensitive data from other users’ vehicles (GPS coordinates, encryption keys, initialization vectors, model numbers, fuel stat...

8.5CVSS6.1AI score0.00155EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2025/11/04 12:0 a.m.7 views

PT-2025-44991

Name of the Vulnerable Software and Affected Versions CFMOTO RIDE affected versions not specified Description An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this...

8.5CVSS6.2AI score0.00155EPSS
Exploits0References6
cnnvd
cnnvd
added 2025/08/22 12:0 a.m.4 views

Reolink App 安全漏洞

Reolink App is a mobile application from Reolink USA. A security vulnerability exists in Reolink App version v4.54.0.4.20250526, which stems from the use of hard-coded encryption keys and initialization vectors, which could lead to the decryption of access tokens and session tokens...

9.8CVSS7.4AI score0.00377EPSS
Exploits1References7
redhatcve
redhatcve
added 2025/05/22 8:51 p.m.3 views

CVE-2021-31254

Buffer overflow in the tencboxread function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file, related invalid IV sizes...

7.8CVSS7.5AI score0.01453EPSS
Exploits1References1
cnnvd
cnnvd
added 2024/08/13 12:0 a.m.4 views

AMD Graphics Driver 安全漏洞

AMD Graphics Driver is an integrated graphics driver from Ultraviolet Semiconductor AMD. A security vulnerability exists in AMD Graphics Driver that stems from the presence of weak and predictable initialization vectors that allow an attacker with privileges to reuse IV values to reverse engineer...

1.9CVSS6.3AI score0.00135EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2024/08/13 12:0 a.m.7 views

PT-2024-12269 · Unknown · Power Management Firmware

Name of the Vulnerable Software and Affected Versions: Power Management Firmware affected versions not specified Description: The generation of weak and predictable Initialization Vector IV in Power Management Firmware may allow an attacker with privileges to reuse IV values to reverse-engineer...

1.9CVSS6.9AI score0.00135EPSS
Exploits0References6
veracode
veracode
added 2023/12/22 5:25 a.m.20 views

Weak Cryptography

blinksocks is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the usage of weak encryption algorithms and fixed initialization vectors IV within /presets/ssr-auth-chain.js. This issue can be exploited by an attacker to disclose sensitive encrypted information via brute...

7.5CVSS6.2AI score0.00274EPSS
Exploits0References2Affected Software1
cnnvd
cnnvd
added 2023/11/16 12:0 a.m.8 views

PyPinkSign Security Vulnerability

PyPinkSign is a Python library for NPKI certificates from the individual developer Jung Sang-jun! A security vulnerability exists in PyPinkSign version v0.5.1, which stems from the use of non-random or static IVs for cipher block linking CBC mode in AES encryption, which could lead to information...

7.5CVSS6.5AI score0.00403EPSS
Exploits0References4
cnnvd
cnnvd
added 2023/04/27 12:0 a.m.7 views

Hyundai Gen5W_L 安全漏洞

Hyundai Gen5WL is an automotive standard navigation infotainment system from Hyundai, South Korea. A security vulnerability exists in the Hyundai Gen5WL, which stems from an information leakage vulnerability that allows an attacker to read AES keys and initialization vectors from memory, which...

7.8CVSS7.4AI score0.00347EPSS
Exploits1References3
susecve
susecve
added 2023/02/16 3:2 a.m.5 views

SUSE CVE-2022-46397

FP.io VPP Vector Packet Processor 22.10, 22.06, 22.02, 21.10, 21.06, 21.01, 20.09, 20.05, 20.01, 19.08, and 19.04 Generates a Predictable IV with CBC Mode...

7.5CVSS7AI score0.0062EPSS
Exploits0References3
susecve
susecve
added 2023/02/15 6:11 a.m.4 views

SUSE CVE-2007-3528

The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC cryptography by 1 discarding random bits by the blowfish::makeivec function in libdar/crypto.cpp that results in predictable and repeating IV values, and 2 direct use of a password for keying, which makes it easier for context-dependent...

5CVSS6.9AI score0.0176EPSS
Exploits0References3
Rows per page
Query Builder