Lucene search
+L

15 matches found

euvd
euvd
added 2026/07/07 3:48 p.m.7 views

EUVD-2026-42052

A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an attacker with privileged filesystem access to detect plaintext equality across encrypted entries by comparing ciphertext block...

4.4CVSS5.9AI score0.00077EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/07/07 3:47 p.m.6 views

CVE-2026-14969

A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an attacker with privileged filesystem access to detect plaintext equality across encrypted entries by comparing ciphertext block...

4.4CVSS5.9AI score0.00077EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/07/07 12:0 a.m.11 views

PT-2026-56200

Name of the Vulnerable Software and Affected Versions 389-ds-base affected versions not specified Description A flaw exists in the LDBM backend attribute encryption where a hardcoded static initialization vector is used for AES-CBC and 3DES-CBC operations. This allows an attacker with privileged...

4.4CVSS6.1AI score0.00077EPSS
Exploits0References7
ossf
ossf
added 2026/06/12 8:34 p.m.16 views

Malicious code in chalk-plus-ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08276c56353501373a202d28f6af6ee2a7c0b20d28a07d99c4c16309df46269c package.json declares postinstall=node lib/utils/index.js, which spawns a detached child process running lib/utils/smtp-connection/index.js. That...

5.9AI score
Exploits0References3
nessus
nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 8 : mod_auth_openidc:2.3 (AXSA:2022-3591:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3591:01 advisory. modauthopenidc: open redirect in oidcvalidateredirecturl CVE-2021-32786 modauthopenidc: hardcoded static IV and AAD with a reused key in AES GCM...

6.1CVSS5.6AI score0.02364EPSS
Exploits2References5
redhatcve
redhatcve
added 2026/01/09 11:28 a.m.7 views

CVE-2021-33484

An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. An attacker can download a copy of the installer, decompile it, and discover a hardcoded IV used to encrypt the username and userid in the comment POST request. Additionally, the attacker can decrypt the encrypted...

7.5CVSS6.8AI score0.00892EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2025/11/24 12:0 a.m.3 views

CVE-2025-63433

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. The key is stored as a static value within the application's code. An attacker with the ability to intercept network traffic can use this hardcoded key to decrypt,...

6.4AI score0.00167EPSS
Exploits1References2
redhatcve
redhatcve
added 2025/10/22 12:11 a.m.23 views

CVE-2025-56801

The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector IV in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data. NOTE: the Supplier's position is that...

5.1CVSS6.8AI score0.00129EPSS
Exploits2References1
euvd
euvd
added 2025/10/21 12:0 a.m.5 views

EUVD-2025-35229

The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector IV in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data...

5.1CVSS6.3AI score0.00129EPSS
Exploits2References2
cvelist
cvelist
added 2025/10/21 12:0 a.m.12 views

CVE-2025-56801

The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector IV in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data. NOTE: the Supplier's position is that...

0.00129EPSS
Exploits2References2
redhatcve
redhatcve
added 2025/08/24 12:13 a.m.4 views

CVE-2025-55619

Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering...

9.8CVSS7.3AI score0.00377EPSS
Exploits1References1
osv
osv
added 2025/08/22 5:15 p.m.8 views

CVE-2025-55619

Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering...

9.8CVSS5.8AI score0.00377EPSS
Exploits1References6
osv
osv
added 2021/09/07 5:15 a.m.4 views

CVE-2021-33484

An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. An attacker can download a copy of the installer, decompile it, and discover a hardcoded IV used to encrypt the username and userid in the comment POST request. Additionally, the attacker can decrypt the encrypted...

7.5CVSS5.8AI score0.00892EPSS
Exploits1References2
snyk
snyk
added 2020/01/22 8:37 a.m.3 views

Insecure Encryption

Overview parsel is a library that allows you to encrypt and decrypt data with a given key. Affected versions of this package are vulnerable to Insecure Encryption. In cases where an initialisation vector is not supplied to the encrypt or decrypt call in parsel.rb, the initialisation vector used b...

7CVSS6.7AI score
Exploits0References3
snyk
snyk
added 2020/01/22 8:37 a.m.2 views

Insecure Encryption

Overview parsel is a gem to encrypt and decrypt data with a given key. Affected versions of this package are vulnerable to Insecure Encryption. In cases where an initialisation vector is not supplied to the encrypt or decrypt call in parsel.rb, the initialisation vector used by the library is set...

7CVSS6.7AI score
Exploits0References3
Rows per page
Query Builder