Lucene search
K

12 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/07 3:48 p.m.8 views

CVE-2026-14969

A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an attacker with privileged filesystem access to detect plaintext equality across encrypted entries by comparing ciphertext block...

4.4CVSS5.9AI score0.00077EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/09 6:30 p.m.14 views

EUVD-2026-35489

Issue summary: When an application drives an AES-OCB context through the public EVPCipher one-shot interface, the application-supplied initialisation vector IV is silently discarded. Impact summary: Every message encrypted under the same key uses the same effective nonce regardless of the IV...

7.5CVSS5.8AI score0.0032EPSS
Exploits0References7
NVD
NVD
added 2026/06/05 11:16 a.m.13 views

CVE-2026-11347

The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...

8.5CVSS0.00073EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 7:22 a.m.9 views

CVE-2026-50210

The device encrypts data using AES-CBC with static zero-filled Initialization Vectors IVs, making it susceptible to replay attacks and known-plaintext decryption...

6.9CVSS5.8AI score0.00245EPSS
Exploits0References2
OSV
OSV
added 2025/12/12 3:10 p.m.5 views

CVE-2025-54981 Apache StreamPark: Weak Encryption Algorithm in StreamPark

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...

7.5CVSS6AI score0.0022EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.12 views

PT-2025-50940

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are...

7.1AI score0.0022EPSS
Exploits0References2
OSV
OSV
added 2025/05/14 7:15 p.m.2 views

CVE-2025-2900

IBM Semeru Runtime 8.0.302.0 through 8.0.442.0, 11.0.12.0 through 11.0.26.0, 17.0.0.0 through 17.0.14.0, and 21.0.0.0 through 12.0.6.0 is vulnerable to a denial of service caused by a buffer overflow and subsequent crash, due to a defect in its native AES/CBC encryption implementation...

7.5CVSS6.1AI score0.00221EPSS
Exploits0References1
OSV
OSV
added 2024/11/01 11:9 a.m.3 views

OESA-2024-2330 botan2 security update

Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API...

5.9CVSS7AI score0.00546EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:28 a.m.4 views

SUSE CVE-2018-9860

An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processing malformed TLS-CBC ciphertext could cause the receiving side to include in the HMAC computation exactly 64K bytes of data following the record buffer, aka an over-read. The MAC comparison will...

7.5CVSS6.6AI score0.01382EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2022/08/30 4:7 p.m.4 views

openssl: AES OCB fails to encrypt some bytes

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...

5.3CVSS6.7AI score0.04425EPSS
Exploits0References5
OSV
OSV
added 2022/07/05 12:0 a.m.4 views

UBUNTU-CVE-2022-2097

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...

5.3CVSS6.7AI score0.04425EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2015/01/22 9:34 p.m.6 views

SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack

A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining CBC mode. This flaw allows a man-in-the-middle MITM attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a...

4.3CVSS6.6AI score0.99999EPSS
Exploits7References4
Rows per page
Query Builder