Malicious code in foxy-node-google-pay-decrypt (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-1812 Malicious code in foxy-node-google-pay-decrypt (npm)

--- -= Per source details. Do not edit below this line.=-...

DEBIAN-CVE-2022-49094

In the Linux kernel, the following vulnerability has been resolved: net/tls: fix slab-out-of-bounds bug in decryptinternal The memory size of tlsctx-rx.iv for AES128-CCM is 12 setting in tlssetswoffload. The return value of cryptoaeadivsize for "ccmaes" is 16. So memcpy require 16 bytes from 12...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an improperly set tlsctx-rx.iv memory size for AES128-CCM in the decryptinternal function, which results in ...

IBM Cognos Controller 加密问题漏洞

IBM Cognos Controller is a suite of business intelligence and planning solutions from International Business Machines IBM. The product features process automation, financial audit control, and the creation and management of financial reports. IBM Cognos Controller suffers from an encryption issue...

SUSE CVE-2024-2408

The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817...

PT-2025-5976 · Audiocodes · Audiocodes One Voice Operations Center

Name of the Vulnerable Software and Affected Versions: AudioCodes One Voice Operations Center OVOC versions prior to 8.4.582 Description: An issue was discovered due to the use of a hard-coded key, allowing an attacker to decrypt sensitive data, such as passwords extracted from the topology file...

IBM Storage Protect 加密问题漏洞

IBM Storage Protect IBM Spectrum Protect is a backup software from International Business Machines IBM. It provides comprehensive data data disaster recovery capabilities for physical file servers, virtual environments, and various applications. IBM Storage Protect has an encryption issue...

CVE-2024-50690

SunGrow WiNet-SV200.001.00.P027 and earlier versions contains a hardcoded password that can be used to decrypt all firmware updates...

IBM DevOps Velocity和IBM UrbanCode Velocity 加密问题漏洞

IBM DevOps Velocity and IBM UrbanCode Velocity are both products of International Business Machines IBM.IBM DevOps Velocity is an enterprise-class release management application that supports cloud-native and local deployments.IBM UrbanCode Velocity is an enterprise-class release management and...

PT-2025-3699 · Undefined · Undefined

🔗 DarkWebInformer.com - Cyber Threat Intelligence 📌 CVE ID: GHSA-qcg2-98h8-485j 🔗 Aliases: CVE-2024-8474 🔹 Details: OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the application log, which an unauthorized actor can use to...

DEBIAN-CVE-2025-0306

A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service...

UBUNTU-CVE-2025-0306

A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service...

CVE-2025-0306

CVE-2025-0306 concerns the Ruby interpreter and a Marvin Attack that can decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service. The connected docs corroborate Ruby advisories for EulerOS (ruby package security advisories Eul...

Ruby 安全漏洞

Ruby is a cross-platform, object-oriented, dynamically typed programming language from the personal developer Yukihiro Matsumoto. A security vulnerability exists in Ruby that stems from vulnerability to the Marvin attack, which allows an attacker to decrypt previously encrypted messages or forge...

CVE-2024-8474

OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN traffic...

The vulnerability of the sec_pkcs7_decoder_start_decrypt() function in Mozilla Firefox and Thunderbird email client allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the secpkcs7decoderstartdecrypt function in Mozilla Firefox and Thunderbird’s email client is related to the reallocation of memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected...

CVE-2024-41763

IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

IBM Cognos Analytics Mobile 安全漏洞

IBM Cognos Analytics Mobile is an application from International Business Machines IBM, Inc. integrates reporting, modeling, analytics, dashboards, cases, and event management. A security vulnerability exists in IBM Cognos Analytics Mobile version 1.1.14 that stems from the use of...

PT-2024-39758 · Unknown · Dlp Extension

Name of the Vulnerable Software and Affected Versions: DLP Extension version 11.11.1.3 Description: A hardcoded cryptographic key vulnerability existed in DLP Extension, allowing the decryption of previously encrypted user credentials. Recommendations: For DLP Extension version 11.11.1.3, update ...