GHSA-JG6F-48FF-5XRW IBC-Go has Non-deterministic JSON Unmarshalling of IBC Acknowledgement

Name: ASA-2025-004: Non-deterministic JSON Unmarshalling of IBC Acknowledgement can result in a chain halt Component: IBC-Go Criticality: Critical Considerable Impact; Almost Certain Likelihood per ACMv1.2 Affected versions: IBC-Go = v7; Earlier IBC-Go versions may also be affected. Affected user...

IBC-Go has Non-deterministic JSON Unmarshalling of IBC Acknowledgement

Name: ASA-2025-004: Non-deterministic JSON Unmarshalling of IBC Acknowledgement can result in a chain halt Component: IBC-Go Criticality: Critical Considerable Impact; Almost Certain Likelihood per ACMv1.2 Affected versions: IBC-Go = v7; Earlier IBC-Go versions may also be affected. Affected user...

OESA-2025-1191 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during th...

UBUNTU-CVE-2022-49698

In the Linux kernel, the following vulnerability has been resolved: netfilter: use getrandomu32 instead of prandom bh might occur while updating per-cpu rndstate from user context, ie. localout path. BUG: using smpprocessorid in preemptible 00000000 code: nginx/2725 caller is...

ZF Roll Stability Support Plus 安全漏洞

ZF Roll Stability Support Plus ZF RSSPlus is an industrial control application from ZF Corporation. A security vulnerability exists in ZF Roll Stability Support Plus that originates in the deterministic security access service seed resulting in authentication bypass...

A stack overflow re2c 2.2 exists due to infinite recursion issues in src/dfa/dead_rules.cc.

...

CVE-2024-11147

ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root...

CVE-2024-11147

CVE-2024-11147 affects ECOVACS robot lawnmowers and vacuums. A deterministic root password generated from the model and serial number allows an attacker with shell access to login as root. Provided documents identify the affected product scope and root-password mechanism, but do not specify patch...

CVE-2024-52331 ECOVACS lawnmowers and vacuums deterministic firmware encryption key

ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that will be successfully decrypted and installed by the robot...

ECOVACS robot lawnmowers和vacuums 信任管理问题漏洞

ECOVACS robot vacuums and ECOVACS robot lawnmowers are both products of the Chinese company ECOVACS.ECOVACS robot vacuums are a line of vacuum cleaners.ECOVACS robot lawnmowers are a line of lawnmowers. A security vulnerability exists in the ECOVACS robot lawnmowers and vacuums that stems from th...

PT-2025-1627 · Ecovacs · Ecovacs Robot Lawnmowers/Vacuums

Name of the Vulnerable Software and Affected Versions: ECOVACS robot lawnmowers and vacuums affected versions not specified Description: The issue concerns the use of a deterministic root password in ECOVACS robot lawnmowers and vacuums, which is generated based on the model and serial number. An...

PT-2025-2929 · Ecovacs · Ecovacs

Name of the Vulnerable Software and Affected Versions: ECOVACS robot lawnmowers and vacuums affected versions not specified Description: The issue concerns the use of a deterministic symmetric key for decrypting firmware updates in ECOVACS robots. This allows an attacker to create and encrypt...

CVE-2024-53845 AES/CBC Constant IV Vulnerability in ESPTouch v2

ESPTouch is a connection protocol for internet of things devices. In the ESPTouchV2 protocol, while there is an option to use a custom AES key, there is no option to set the IV Initialization Vector prior to versions 5.3.2, 5.2.4, 5.1.6, and 5.0.8. The IV is set to zero and remains constant...

assemblylift-cli (>=0.4.0-alpha.5 <=0.4.0-alpha.11), assemblylift-core (>=0.4.0-alpha.10 <=0.4.0-alpha.11) +93 more potentially affected by CVE-2024-51756 via cap-primitives (>=0.10.0 <=3.0.0)

cap-primitives CARGO version =0.10.0, =0.4.0-alpha.5, =0.4.0-alpha.10, =0.1.0, =0.3.0, =0.1.0, =0.7.0, =1.0.11, =0.1.0, =0.1.1, =0.1.0, =0.3.0, =0.5.2, =0.1.1, =0.1.0, =0.1.0, =0.2.3 and more Source cves: CVE-2024-51756 Source advisory: OSV:RUSTSEC-2024-0445...

auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +106 more potentially affected by CVE-2024-51745 via wasmtime (>=0.10.0 <=1.0.2)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 and more Source cves: CVE-2024-51745 Source advisory: OSV:RUSTSEC-2024-0438...

CVE-2024-47763

Wasmtime is an open source runtime for WebAssembly. Wasmtime's implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The runtime crash may be undefined behavior if Wasmtime was compiled with Rust 1.80 or prior. The runtim...

DEBIAN-CVE-2024-47763

Wasmtime is an open source runtime for WebAssembly. Wasmtime's implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The runtime crash may be undefined behavior if Wasmtime was compiled with Rust 1.80 or prior. The runtim...

CLSA-2024-1728056381 gnutls: Fix of CVE-2024-28834

CVE-2024-28834: fix side-channel leak in the deterministic ECDSA...

CLSA-2024-1728056228 gnutls: Fix of CVE-2024-28834

CVE-2024-28834: fix side-channel leak in the deterministic ECDSA...

CLSA-2024-1726769216 gnutls: Fix of CVE-2024-28834

CVE-2024-28834: fix side-channel leak in the deterministic ECDSA...