179 matches found
Quantum Computers Are Not a Threat to 128-bit Symmetric Keys
The advancing threat of cryptographically-relevant quantum computers has made it urgent to replace currently-deployed asymmetric cryptography primitives—key exchange ECDH and digital signatures RSA, ECDSA, EdDSA—which are vulnerable to Shor’s quantum algorithm. It does not, however, impact existi...
EUVD-2025-209440
The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applications. OECH1 encodings should be considered exploitable and immediately replaced by any other...
CVE-2025-8095
The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applications. OECH1 encodings should be considered exploitable and immediately replaced by any other...
CVE-2025-8095 Recoverable obfuscation using the OECH1 prefix encoding in OpenEdge
The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applications. OECH1 encodings should be considered exploitable and immediately replaced by any other...
CVE-2025-8095
CVE-2025-8095 describes a vulnerability in the OECH1 prefix encoding used by the OpenEdge platform. The encoding is cryptographically weak and unsuitable for stored encodings or enterprise applications; OECH1 should be considered exploitable and immediately replaced with a supported prefix encodi...
CVE-2025-8095
The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applications. OECH1 encodings should be considered exploitable and immediately replaced by any other...
CVE-2025-8095 Recoverable obfuscation using the OECH1 prefix encoding in OpenEdge
The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applications. OECH1 encodings should be considered exploitable and immediately replaced by any other...
PT-2026-32625
Name of the Vulnerable Software and Affected Versions OpenEdge affected versions not specified Description The OECH1 prefix encoding, used to obfuscate values across the platform, is cryptographically weak. This makes it unsuitable for enterprise applications and stored encodings, as the...
rPGP's integrity protection of encrypted data was not always checked
Summary For some messages, rPGP returned incorrectly decrypted data without signaling that integrity protection was invalid. Details When decrypting SEIPD Symmetrically Encrypted and Integrity Protected Data Packet, rPGP previously did not under all circumstances report the absence of valid...
CVE-2025-57796
Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained...
CVE-2021-33846
Fresenius Kabi Vigilant Software Suite Mastermed Dashboard version 2.0.1.3 issues authentication tokens to authenticated users that are signed with a symmetric encryption key. An attacker in possession of the key can issue valid JWTs and impersonate arbitrary users...
Insecure Deserialization
cryptidy is vulnerable to insecure deserialization. The vulnerability is due to the use of pickle.loads on untrusted data in the aesdecryptmessage function within symmetricencryption.py, which allows an attacker to execute arbitrary code by supplying crafted serialized input...
egovframe-common-components 安全漏洞
egovframe-common-components is a collection of commonly used functions open-sourced by the e-Government Standard Framework Center. A security vulnerability exists in egovframe-common-components version 4.3.1 and earlier, which stems from a design flaw in symmetric encryption that could lead to an...
CVE-2025-63675
cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aesdecryptmessage in symmetricencryption.py...
cryptidy allows code execution via untrusted data due to pickle.loads
cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aesdecryptmessage in symmetricencryption.py...
CVE-2025-63675
cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aesdecryptmessage in symmetricencryption.py...
CVE-2025-63675
The vulnerability CVE-2025-63675 affects cryptidy up to version 1.2.4. The root cause is deserialization of untrusted data via pickle.loads in aes_decrypt_message within cryptidy/symmetric_encryption.py, enabling code execution. Multiple sources (Red Hat, OSV, GHSA, Snyk, CVE records) corroborate...
EUVD-2025-37311
cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aesdecryptmessage in symmetricencryption.py...
EUVD-2021-20520
Malware in sbrugna...
EUVD-2004-1020
Malware in sbrugna...