Lucene search
K

8 matches found

Cvelist
Cvelist
added 2025/11/12 9:32 p.m.9 views

CVE-2025-64429 DuckDB Encryption Crypto implementation is vulnerable

DuckDB is a SQL database management system. DuckDB implemented block-based encryption of DB on the filesystem starting with DuckDB 1.4.0. There are a few issues related to this implementation. The DuckDB can fall back to an insecure random number generator pcg32 to generate cryptographic keys or...

6.9CVSS0.00101EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-47727

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00523EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:59 p.m.7 views

CVE-2022-44795

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG. That can lead to prediction of the generated URL. As a result, a...

6.5CVSS6.3AI score0.00523EPSS
Exploits0References1
NVD
NVD
added 2022/11/07 4:15 a.m.18 views

CVE-2022-44795

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG. That can lead to prediction of the generated URL. As a result, a...

6.5CVSS0.00523EPSS
Exploits0References1
Prion
Prion
added 2022/11/07 4:15 a.m.13 views

Information disclosure

An issue was discovered in Object First Ootbi BETA build 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG. That can lead to prediction of the generated URL. As a result, a...

4CVSS6.2AI score0.00523EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/11/07 12:0 a.m.52 views

CVE-2022-44795

CVE-2022-44795 affects Object First Ootbi BETA, versions 1.0.7.712 through 1.0.13.1610 (fixed in 1.0.13.1611). The root cause is an insecure RNG used to create the URL for the support bundle, which could allow an attacker with credentials to predict the URL and access system logs, resulting in lo...

6.5CVSS6.2AI score0.00523EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/11/07 12:0 a.m.5 views

Object First 安全特征问题特征问题漏洞

Object First is a Veeam best-of-breed storage solution from Object First. A security signature issue vulnerability exists in Object First version 1.0.7.712, which stems from the use of an insecure RNG in the command that creates URLs for support packages, which could allow an attacker to access...

6.5CVSS6.5AI score0.00523EPSS
Exploits0References2
Huntr
Huntr
added 2021/09/26 10:31 a.m.9 views

Use of a Broken or Risky Cryptographic Algorithm in idno/known

Description In the referenced code, known uses an insecure RNG to generate a password because, in its words; this should "mitigate security holes if cleanup fails" - unfortunately, if the cleanup fails - an attacker may be able to predict the password to the created account. Proof of Concept See...

0.4AI score
Exploits0
Rows per page
Query Builder