Lucene search
K

15 matches found

Debian CVE
Debian CVE
added 2026/07/07 3:48 p.m.6 views

CVE-2026-14969

A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an attacker with privileged filesystem access to detect plaintext equality across encrypted entries by comparing ciphertext block...

4.4CVSS5.9AI score0.00077EPSS
Exploits0
CVE
CVE
added 2026/07/07 3:48 p.m.9 views

CVE-2026-14969

The CVE-2026-14969 entry concerns 389-ds-base. The LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC, enabling a privileged attacker with filesystem access to detect plaintext equality across encrypted entries by ciphertext block comparison. ...

4.4CVSS5.9AI score0.00077EPSS
Exploits0References2Affected Software3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/12 8:36 p.m.13 views

Malicious code in chalk-pro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ac66dfb6013c32d34c6ce83bdba4628b67539e81df27fe18dcf71d3de05ff8ce Package is published as 'chalk-pro' homepage chalk-pro.com but its main entry is a verbatim copy of nodemailer's API — a typosquat impersonating both...

5.4AI score
Exploits0References2
NVD
NVD
added 2025/11/24 5:16 p.m.7 views

CVE-2025-63433

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. The key is stored as a static value within the application's code. An attacker with the ability to intercept network traffic can use this hardcoded key to decrypt,...

4.6CVSS0.00167EPSS
Exploits1References2
CVE
CVE
added 2025/11/24 12:0 a.m.19 views

CVE-2025-63433

Summary of CVE-2025-63433 : Xtooltech Xtool AnyScan Android Application 4.40.40 and earlier uses a hardcoded cryptographic key and IV stored statically in code to decrypt update metadata. This enables an attacker who can intercept network traffic to use the hardcoded key to decrypt, modify, and r...

4.6CVSS6.4AI score0.00167EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/10/21 7:21 p.m.3 views

CVE-2025-56801

The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector IV in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data. NOTE: the Supplier's position is that...

5.1CVSS5.8AI score0.00129EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-20187

Malware in sbrugna...

7.5CVSS7.5AI score0.00892EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2022-23942

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure...

7.5CVSS7AI score0.03319EPSS
Exploits0References2
PyPA
PyPA
added 2022/04/26 4:15 p.m.8 views

PYSEC-2022-43150

Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure...

7.5CVSS6.7AI score0.03319EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/04/26 4:15 p.m.4 views

UBUNTU-CVE-2022-23942

Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure...

7.5CVSS5.8AI score0.03319EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2021/12/16 8:0 a.m.4 views

Hardcoded static IV and AAD with a reused key in AES GCM encryption in mod_auth_openidc

...

5.9CVSS7AI score0.01503EPSS
Exploits0
NVD
NVD
added 2021/09/07 5:15 a.m.24 views

CVE-2021-33484

An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. An attacker can download a copy of the installer, decompile it, and discover a hardcoded IV used to encrypt the username and userid in the comment POST request. Additionally, the attacker can decrypt the encrypted...

7.5CVSS0.00892EPSS
Exploits1References2
OSV
OSV
added 2020/09/04 5:34 p.m.7 views

GHSA-Q643-W9JP-Q2QG Hardcoded Initialization Vector in parsel

All versions of parsel have a default hardcoded initialization vector. In cases where the IV is not provided, the package defaults to a hardcoded IV which renders the cipher vulnerable to chosen plaintext attacks. Recommendation The package is deprecated and will not be updated. Consider using an...

7AI score
Exploits0References1
OSV
OSV
added 2017/10/27 8:29 p.m.6 views

CVE-2017-15582

In net.MCrypt in the "Diary with lock" aka WriteDiary application 4.72 for Android, hardcoded SecretKey and iv variables are used for the AES parameters, which makes it easier for attackers to obtain the cleartext of stored diary entries...

7.5CVSS5.8AI score0.01087EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2015/07/17 12:0 a.m.57 views

Impero Education Pro Remote Command Execution

/ If you're unsure what Impero is, it's essentially a corporate/educational RAT. Vendor site: https://www.imperosoftware.co.uk/ They recently were in the news about how they implemented "anti-radicalisation" shit or something. They had a booth at BETT back in January. They gave out donuts. Those...

0.2AI score
Exploits0
Rows per page
Query Builder