Lucene search
K

207 matches found

SUSE CVE
SUSE CVE
added 2026/03/12 10:0 a.m.4 views

SUSE CVE-2023-43637

Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would always have the last 16 bytes predetermined to be "arfoobarfoobarfo". This issue happens because "deriveVaultKey" calls "retrieveCloudKey" which will always return "foobarfoobarfoobarfoobarfoobarfo...

7.8CVSS5.8AI score0.00134EPSS
Exploits0References3
NVD
NVD
added 2026/02/09 10:16 p.m.6 views

CVE-2026-25811

PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application derives the tenant identifier directly from the email domain provided by the user, without validating domain ownership or registration. This allows cross-tenant data access...

9.1CVSS0.00269EPSS
Exploits0References1
OSV
OSV
added 2026/02/09 12:0 a.m.2 views

UBUNTU-CVE-2026-2100

NULL dereference via CDeriveKey with specific NULL parameters...

7.5CVSS5.8AI score0.0116EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/04 11:21 p.m.15 views

EVE Has Partially Predetermined Vault Key

Impact The deriveVaultKey function calls retrieveCloudKey which always returns "foobarfoobarfoobarfoobarfoobarfo". When merged with the randomly generated 32-byte key using mergeKeys 16 bytes from each, the last 16 bytes are always "arfoobarfoobarfo". This enables an attacker with physical access...

7.8CVSS7.2AI score0.00134EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.4 views

PT-2026-6420

Impact The deriveVaultKey function calls retrieveCloudKey which always returns "foobarfoobarfoobarfoobarfoobarfo". When merged with the randomly generated 32-byte key using mergeKeys 16 bytes from each, the last 16 bytes are always "arfoobarfoobarfo". This enables an attacker with physical access...

7.8CVSS5.4AI score0.00134EPSS
Exploits0References7
Broadcom
Broadcom
added 2026/01/27 12:0 a.m.15 views

Multiple Vulnerabilities in Node.js (Wednesday, May 14, 2025 Security Releases). Nessus Plugin ID 236766

In Node.js, the ReadFileUtf8 internal binding leaks memory due to a corrupted pointer in uvfss.file: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory...

7.5CVSS7.5AI score0.00763EPSS
Exploits1
Fedora
Fedora
added 2026/01/23 1:16 a.m.6 views

[SECURITY] Fedora 42 Update: rust-rkyv_derive0.7-0.7.46-1.fc42

Derive macro for rkyv...

5.9AI score
Exploits0
Fedora
Fedora
added 2026/01/23 12:56 a.m.9 views

[SECURITY] Fedora 43 Update: rust-rkyv_derive0.7-0.7.46-1.fc43

Derive macro for rkyv...

5.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/23 12:0 a.m.6 views

Fedora 43 : rust-rkyv0.7 / rust-rkyv_derive0.7 (2026-35d1dee2ab)

The remote Fedora 43 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-35d1dee2ab advisory. https://rustsec.org/advisories/RUSTSEC-2026-0001 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

5.6AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.6 views

Fedora 44 : rust-rkyv0.7 / rust-rkyv_derive0.7 (2026-f08ea66b23)

The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-f08ea66b23 advisory. https://rustsec.org/advisories/RUSTSEC-2026-0001 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

5.6AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/01/07 7:6 p.m.10 views

@conglomerate/weaver (>=2.1.1 <=2.6.1), @derivative/derive (>=0.1.0 <=0.1.1) +10 more potentially affected by CVE-2025-69263 via pnpm (>=0.21.0 <=10.18.3)

pnpm NPM version =0.21.0, =2.1.1, =0.1.0, =0.1.0, =3.7.16, =2.3.0, =0.1.0, =0.2.7, =1.0.4, =1.0.7 Source cves: CVE-2025-69263 Source advisory: OSV:GHSA-7VHP-VF5G-R2FW...

8.8CVSS6AI score0.0031EPSS
Exploits1
EUVD
EUVD
added 2025/12/12 9:31 p.m.5 views

EUVD-2024-55350

Dormakaba Saflok System 6000 contains a predictable key generation algorithm that allows attackers to derive card access keys from a 32-bit unique identifier. Attackers can exploit the deterministic key generation process by calculating valid access keys using a simple mathematical transformation...

9.8CVSS6.3AI score0.00374EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/12 7:57 p.m.4 views

CVE-2024-58311 Dormakaba Saflok System 6000 Key Generation Cryptographic Weakness

Dormakaba Saflok System 6000 contains a predictable key generation algorithm that allows attackers to derive card access keys from a 32-bit unique identifier. Attackers can exploit the deterministic key generation process by calculating valid access keys using a simple mathematical transformation...

9.8CVSS6.5AI score0.00374EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.8 views

PT-2025-50973

Name of the Vulnerable Software and Affected Versions Dormakaba Saflok System 6000 affected versions not specified Description The Dormakaba Saflok System 6000 uses a key generation algorithm that is predictable. This allows attackers to calculate card access keys from a 32-bit unique identifier...

9.8CVSS6.4AI score0.00374EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.5 views

TencentOS Server 4: nodejs20 (TSSA-2025:0415)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0415 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

7.5CVSS7.1AI score0.00763EPSS
Exploits1References5
Fedora
Fedora
added 2025/11/15 1:45 a.m.10 views

[SECURITY] Fedora 41 Update: rust-get-size-derive2-0.7.1-1.fc41

Derives the GetSize trait...

7AI score
Exploits0
Fedora
Fedora
added 2025/11/15 1:35 a.m.6 views

[SECURITY] Fedora 42 Update: rust-get-size-derive2-0.7.1-1.fc42

Derives the GetSize trait...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/11/15 12:0 a.m.3 views

Fedora 42 : python-uv-build / ruff / rust-get-size-derive2 / rust-get-size2 / etc (2025-e60a4ba4d7)

The remote Fedora 42 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-e60a4ba4d7 advisory. uv / python-uv-build 0.9.7 https://github.com/astral-sh/uv/releases/tag/0.9.7 0.9.6 This release contains an upgrade to Astral's fork of asynczip, which...

5.6AI score
Exploits0References1
OSV
OSV
added 2025/11/13 3:23 a.m.6 views

MAL-2025-187096 Malicious code in gammarayburst-quasarjet-radiometric-lyra (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cacef3e59b76a6802cdb5a0e99fd3ba2fc957f0dfecb68349f709e0d0256ce91 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/12 7:18 p.m.3 views

MAL-2025-174239 Malicious code in goditu-tufabm-dibat (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e980c8dc7a879ef7feb007e1f498fe8d2edc90d11ff69aa62dd13e2163f9773b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
Rows per page
Query Builder