233 matches found
EUVD-2026-2022
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. This vulnerability is fixed in 2.2...
Jervis 加密问题漏洞
Jervis is an automation tool from the personal developer Sam Gleske. Versions of Jervis prior to 2.2 suffer from a cryptographic issue vulnerability that stems from the lack of authentication in AES/CBC/PKCS5Padding, which makes it susceptible to padded predicate attacks and ciphertext manipulati...
UBUNTU-CVE-2025-67897
In Sequoia before 2.1.0, aeskeyunwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet...
PT-2025-51146
Name of the Vulnerable Software and Affected Versions Sequoia versions prior to 2.1.0 Description A flaw exists in Sequoia that, when provided with a short ciphertext during the aes key unwrap process, causes a panic. An attacker can exploit this to cause an application crash by sending a special...
CVE-2025-54981
Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...
Weak Encryption
org.apache.streampark, streampark is vulnerable to weak encryption. The vulnerability is due to the use of AES encryption in ECB mode along with a weak random number generator for protecting sensitive data, which allows an attacker to potentially expose or recover sensitive authentication...
Apache StreamPark uses a Weak Encryption Algorithm
Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...
CVE-2025-54981
Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...
CVE-2025-54981 Apache StreamPark: Weak Encryption Algorithm in StreamPark
Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...
PT-2025-50981
Name of the Vulnerable Software and Affected Versions Gladinet CentreStack and Triofox versions prior to 16.12.10420.56791 Description Gladinet CentreStack and Triofox utilize hardcoded values in their AES cryptoscheme implementation. This weakens security, particularly for publicly exposed...
GHSA-JQG8-M35Q-JH7J Apache Syncope's AES encryption stores hard-coded passwords in internal database
Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option. When AES is configured, the default key value, hard-coded in the source code, is always used. This allows a malicious attacker, once obtained...
PT-2025-47918
Name of the Vulnerable Software and Affected Versions Apache Syncope versions prior to 3.0.15 Apache Syncope versions prior to 4.0.3 Description Apache Syncope, when configured to use AES encryption for storing user passwords in its internal database, utilizes a hard-coded default key. This allow...
A Fuzzy Logic-Based Cryptographic Framework for Real-Time Dynamic Key Generation for Enhanced Data Encryption
With the ever-growing demand for cybersecurity, static key encryption mechanisms are increasingly vulnerable to adversarial attacks due to their deterministic and non-adaptive nature. Brute-force attacks, key compromise, and unauthorized access have become highly common cyber threats. This resear...
Siemens SIMATIC S7-1500 Exposure of Resource to Wrong Sphere (CVE-2019-12904)
In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. The C implementation is used on platforms where an assembly-language implementation is unavailable. NOTE: the vendor's position is...
Underflow in aes_key_unwrap function
The aeskeyunwrap function would panic if passed a ciphertext that was too short. In a debug build, it would panic due to a subtraction underflow. In a release build, it would use the small negative quantity to allocate a vector. Since the allocator expects an unsigned quantity, the negative value...
GHSA-97W9-V595-3H5Q cryptidy allows code execution via untrusted data due to pickle.loads
cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aesdecryptmessage in symmetricencryption.py...
CVE-2025-63675
cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aesdecryptmessage in symmetricencryption.py...
RejSCore: Rejection Sampling Core for Multivariate-Based Public Key Cryptography
Post-quantum multivariate public key cryptography MPKC schemes resist quantum threats but require heavy operations, such as rejection sampling, which challenge resource-limited devices. Prior hardware designs have addressed various aspects of MPKC signature generation. However, rejection sampling...
UBUNTU-CVE-2025-12194
Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All API modules, Legion of the Bouncy Castle Inc. Bouncy Castle for Java LTS bcprov-lts8on on All API modules allows Excessive Allocation. This vulnerability is associated wi...
EUVD-2025-35634
Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password serverSecretKey using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted...