162 matches found
EUVD-2023-57852
Malicious code in bioql PyPI...
SUSE-SU-2025:02773-1 Security update for libgcrypt
This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts bsc1221107...
Security update for libgcrypt
This update for libgcrypt fixes the following issues: CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts bsc1221107. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...
Security update for libgcrypt
This update for libgcrypt fixes the following issues: CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts bsc1221107. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...
CVE-2025-6982 Hardcoded DES Decryption Keys in TP-Link Archer C50 V3/V4/V5 and C20 V5
Use of Hard-coded Credentials in TP-Link Archer C50 V3 = 180703/V4 = 250117 /V5 = 200407 , and C20 V5 USV5260419 or EUV5260317 allows attackers to decrypt the config.xml files...
CVE-2025-6982
CVE-2025-6982 affects TP-Link Archer C50 V3/V4/V5 firmware with hard-coded DES decryption keys, allowing offline decryption of config.xml and potential exposure of admin credentials and settings. Affected versions are V3 (<=180703), V4 (<=250117), and V5 (
CVE-2015-20112
RLPx 5 has two CTR streams based on the same key, IV, and nonce. This can facilitate decryption on a private network...
CVE-2025-6513
Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it...
Ivanti Workspace Control 安全漏洞
Ivanti Workspace Control is a suite of workspace control software from Ivanti USA. The software includes features such as user management, application management and report management. A security vulnerability exists in Ivanti Workspace Control versions prior to 10.19.10.0, which stems from a...
CVE-2025-24461
In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint...
CVE-2024-35537
TVS Motor Company Limited TVS Connect Android v4.6.0 and IOS v5.0.0 was discovered to insecurely handle the RSA key pair, allowing attackers to possibly access sensitive information via decryption...
CVE-2022-45170
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Cryptographic Issue can occur under the /api/v1/vencrypt/decrypt/file endpoint. A malicious user, logged into a victim's account, is able to decipher a file without knowing the key set by the user...
CVE-2021-29443
jose is an npm library providing a number of cryptographic operations. In vulnerable versions AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed JWEDecryptionFailed would be thrown. A...
CVE-2020-11005
The WindowsHello open source library NuGet HaemmerElectronics.SeppPenner.WindowsHello, before version 1.0.4, has a vulnerability where encrypted data could potentially be decrypted without needing authentication. If the library is used to encrypt text and write the output to a txt file, another...
CVE-2009-5057
The S/MIME feature in Open Ticket Request System OTRS before 2.3.4 does not configure the RANDFILE and HOME environment variables for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations,...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection due to the improper handling of environment variables during the decryption process. An attacker with control over .ejson files can execute arbitrary commands on the host system by injecting malicious keys or encrypted...
Tenda RX2 Pro Information Disclosure Vulnerability
Tenda RX2 Pro is a high performance WiFi 6 signal amplifier from Tenda China. The Tenda RX2 Pro suffers from an information disclosure vulnerability that originates from the explicit transmission of sensitive information in the web management portal, which can be exploited by an attacker to decry...
The vulnerability of the EVP_DecryptUpdate function in the OpenSSL library of the Sante PACS Server web server allows a hacker to execute arbitrary code.
The vulnerability of the EVPDecryptUpdate function in the OpenSSL library of the Sante PACS Server web server system is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by sending specially crafte...
CVE-2025-27498
aes-gcm is a pure Rust implementation of the AES-GCM. In decryptinplacedetached, the decrypted ciphertext which is the correct ciphertext is exposed even if the tag is incorrect. This is because in decryptinplace in asconcore.rs, tag verification causes an error to be returned with the plaintext...
CVE-2024-52881
An issue was discovered in AudioCodes One Voice Operations Center OVOC before 8.4.582. Due to the use of a hard-coded key, an attacker is able to decrypt sensitive data such as passwords extracted from the topology file...