207 matches found
SUSE CVE-2023-43637
Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would always have the last 16 bytes predetermined to be "arfoobarfoobarfo". This issue happens because "deriveVaultKey" calls "retrieveCloudKey" which will always return "foobarfoobarfoobarfoobarfoobarfo...
CVE-2026-25811
PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application derives the tenant identifier directly from the email domain provided by the user, without validating domain ownership or registration. This allows cross-tenant data access...
UBUNTU-CVE-2026-2100
NULL dereference via CDeriveKey with specific NULL parameters...
EVE Has Partially Predetermined Vault Key
Impact The deriveVaultKey function calls retrieveCloudKey which always returns "foobarfoobarfoobarfoobarfoobarfo". When merged with the randomly generated 32-byte key using mergeKeys 16 bytes from each, the last 16 bytes are always "arfoobarfoobarfo". This enables an attacker with physical access...
PT-2026-6420
Impact The deriveVaultKey function calls retrieveCloudKey which always returns "foobarfoobarfoobarfoobarfoobarfo". When merged with the randomly generated 32-byte key using mergeKeys 16 bytes from each, the last 16 bytes are always "arfoobarfoobarfo". This enables an attacker with physical access...
Multiple Vulnerabilities in Node.js (Wednesday, May 14, 2025 Security Releases). Nessus Plugin ID 236766
In Node.js, the ReadFileUtf8 internal binding leaks memory due to a corrupted pointer in uvfss.file: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory...
[SECURITY] Fedora 42 Update: rust-rkyv_derive0.7-0.7.46-1.fc42
Derive macro for rkyv...
[SECURITY] Fedora 43 Update: rust-rkyv_derive0.7-0.7.46-1.fc43
Derive macro for rkyv...
Fedora 43 : rust-rkyv0.7 / rust-rkyv_derive0.7 (2026-35d1dee2ab)
The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-35d1dee2ab advisory. https://rustsec.org/advisories/RUSTSEC-2026-0001 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
Fedora 44 : rust-rkyv0.7 / rust-rkyv_derive0.7 (2026-f08ea66b23)
The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-f08ea66b23 advisory. https://rustsec.org/advisories/RUSTSEC-2026-0001 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...
@conglomerate/weaver (>=2.1.1 <=2.6.1), @derivative/derive (>=0.1.0 <=0.1.1) +10 more potentially affected by CVE-2025-69263 via pnpm (>=0.21.0 <=10.18.3)
pnpm NPM version =0.21.0, =2.1.1, =0.1.0, =0.1.0, =3.7.16, =2.3.0, =0.1.0, =0.2.7, =1.0.4, =1.0.7 Source cves: CVE-2025-69263 Source advisory: OSV:GHSA-7VHP-VF5G-R2FW...
EUVD-2024-55350
Dormakaba Saflok System 6000 contains a predictable key generation algorithm that allows attackers to derive card access keys from a 32-bit unique identifier. Attackers can exploit the deterministic key generation process by calculating valid access keys using a simple mathematical transformation...
CVE-2024-58311 Dormakaba Saflok System 6000 Key Generation Cryptographic Weakness
Dormakaba Saflok System 6000 contains a predictable key generation algorithm that allows attackers to derive card access keys from a 32-bit unique identifier. Attackers can exploit the deterministic key generation process by calculating valid access keys using a simple mathematical transformation...
PT-2025-50973
Name of the Vulnerable Software and Affected Versions Dormakaba Saflok System 6000 affected versions not specified Description The Dormakaba Saflok System 6000 uses a key generation algorithm that is predictable. This allows attackers to calculate card access keys from a 32-bit unique identifier...
TencentOS Server 4: nodejs20 (TSSA-2025:0415)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0415 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
[SECURITY] Fedora 41 Update: rust-get-size-derive2-0.7.1-1.fc41
Derives the GetSize trait...
[SECURITY] Fedora 42 Update: rust-get-size-derive2-0.7.1-1.fc42
Derives the GetSize trait...
Fedora 42 : python-uv-build / ruff / rust-get-size-derive2 / rust-get-size2 / etc (2025-e60a4ba4d7)
The remote Fedora 42 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-e60a4ba4d7 advisory. uv / python-uv-build 0.9.7 https://github.com/astral-sh/uv/releases/tag/0.9.7 0.9.6 This release contains an upgrade to Astral's fork of asynczip, which...
MAL-2025-187096 Malicious code in gammarayburst-quasarjet-radiometric-lyra (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cacef3e59b76a6802cdb5a0e99fd3ba2fc957f0dfecb68349f709e0d0256ce91 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-174239 Malicious code in goditu-tufabm-dibat (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e980c8dc7a879ef7feb007e1f498fe8d2edc90d11ff69aa62dd13e2163f9773b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...