Astra Linux - уязвимость в ceph

A key length flaw was discovered in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed during the encryption algorithm process, resulting in the creation of a non-random key. Such a key is weaker and can be exploited to compromise the confidentiality...

CVE-2025-11379

The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...

EUVD-2025-201141

The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated...

EUVD-2021-14253

Malware in sbrugna...

EUVD-2023-30647

Malicious code in bioql PyPI...

EUVD-2022-28486

Malicious code in bioql PyPI...

CVE-2022-23408

wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections without AEAD using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in internal.c...

CVE-2021-27499

Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application layer encryption of the communication protocol between the Ypsomed mylife App and mylife Cloud uses non-random IVs, which allows...

WordPress plugin Civi 访问控制错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An access control...

WordPress plugin NEX-Forms – Ultimate Form Builder – Contact forms and much more 信息泄露漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin NEX-Forms - Ultimate Form Builder - Contact forms and much...

Synology Multiple NAS Servers Credentials Management Errors (CVE-2016-6554)

Synology NAS servers DS107, firmware version 3.1-1639 and prior, and DS116, DS213, firmware versions prior to 5.2-5644-1, use non-random default credentials of: guest:blank and admin:blank . A remote network attacker can gain privileged access to a vulnerable device. This plugin only works with...

BIT-GOLANG-2022-30629 Session tickets lack random ticket_age_add in crypto/tls

Non-random values for ticketageadd in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption...

PyPinkSign uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption

PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining CBC mode in AES encryption. This vulnerability can lead to the disclosure of information and communications...

PYSEC-2023-245

PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining CBC mode in AES encryption. This vulnerability can lead to the disclosure of information and communications...

Archery Security Vulnerabilities

Archery is an open source set of vulnerability assessment and management tools. A security vulnerability exists in Archery version v1.10.0 that stems from the use of non-random or static IVs for Cipher Block Linking CBC mode in AES encryption, which could lead to information and communication...

Oracle Linux 9 : skopeo (ELSA-2023-2283)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2283 advisory. 2:1.11.2-0.1 - update to the latest content of https://github.com/containers/skopeo/tree/release-1.11 https://github.com/containers/skopeo/commit/3f987...

Oracle Linux 9 : buildah (ELSA-2023-2253)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2253 advisory. - fix CVE-2022-2990 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...

USN-6063-1 ceph vulnerabilities

Mark Kirkwood discovered that Ceph incorrectly handled certain key lengths. An attacker could possibly use this issue to create non-random encryption keys. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. CVE-2021-3979 It was discovered that Ceph incorrectly handled the volumes...

CVE-2023-26855

The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords...

Design/Logic Flaw

The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords...