72 matches found
EUVD-2017-0161
Malware in sbrugna...
EUVD-2003-0134
Malware in sbrugna...
EUVD-2025-21702
Malicious code in bioql PyPI...
CVE-2025-40918
Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, i...
BIT-CILIUM-OPERATOR-2024-28860
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to chosen plaintext, key...
CVE-2024-28860
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to chosen plaintext, key...
CVE-2024-28860 Insecure IPsec transport encryption in Cilium
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to chosen plaintext, key...
SUSE CVE-2016-6225
xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does not properly set the initialization vector IV for encryption, which makes it easier for context-dependent attackers to obtain sensitive information from encrypted backup files via a Chosen-Plaintext attack. NOTE: this...
GHSA-Q643-W9JP-Q2QG Hardcoded Initialization Vector in parsel
All versions of parsel have a default hardcoded initialization vector. In cases where the IV is not provided, the package defaults to a hardcoded IV which renders the cipher vulnerable to chosen plaintext attacks. Recommendation The package is deprecated and will not be updated. Consider using an...
Weak Encryption Standards
parsel uses weak encryption standards. The configuration exists through the use of a default, hardcoded, Initialization Vector IV and causes the cipher to be vulnerable to chosen plaintext attacks...
Hardcoded Initialization Vector
Overview All versions of parsel have a default hardcoded initialization vector. In cases where the IV is not provided, the package defaults to a hardcoded IV which renders the cipher vulnerable to chosen plaintext attacks. Recommendation The package is deprecated and will not be updated. Consider...
Insecure Encryption
Overview parsel is a gem to encrypt and decrypt data with a given key. Affected versions of this package are vulnerable to Insecure Encryption. In cases where an initialisation vector is not supplied to the encrypt or decrypt call in parsel.rb, the initialisation vector used by the library is set...
CVE-2013-7469
Seafile through 6.2.11 always uses the same Initialization Vector IV with Cipher Block Chaining CBC Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks...
DEBIAN-CVE-2013-7469
Seafile through 6.2.11 always uses the same Initialization Vector IV with Cipher Block Chaining CBC Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks...
UBUNTU-CVE-2013-7469
Seafile through 6.2.11 always uses the same Initialization Vector IV with Cipher Block Chaining CBC Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks...
Code injection
Seafile through 6.2.11 always uses the same Initialization Vector IV with Cipher Block Chaining CBC Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks...
CVE-2013-7469
Seafile through 6.2.11 always uses the same Initialization Vector IV with Cipher Block Chaining CBC Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks...
CVE-2013-7469
Seafile through 6.2.11 always uses the same Initialization Vector IV with Cipher Block Chaining CBC Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks...
CVE-2019-8919
The seadroid aka Seafile Android Client application through 2.2.13 for Android always uses the same Initialization Vector IV with Cipher Block Chaining CBC Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks...
CVE-2019-8919
The seadroid aka Seafile Android Client application through 2.2.13 for Android always uses the same Initialization Vector IV with Cipher Block Chaining CBC Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks...