Astra Linux - уязвимость в firefox

The NSCDeriveKey function inadvertently assumed that the phKey parameter was always non-NULL. When the parameter was passed as NULL, a segmentation fault occurred, resulting in crashes. This behavior conflicts with the PKCS11 v3.0 specification, which allows phKey to be NULL for certain mechanism...

WordPress WPvivid 0.9.123 Payload Generator / Scanner

This Python script is a proof of concept tool designed to generate a crafted payload targeting the WPvivid Backup Migration plugin mechanism in WordPress. The script encrypts a JSON object containing file data using AES-CBC with a null key and IV, formats it according to the plugin's expected...

📄 WordPress WPvivid 0.9.123 Arbitrary File Write

This Metasploit module exploits an unauthenticated arbitrary file write vulnerability in the WPvivid Backup plugin used in WordPress websites. The vulnerability allows an attacker to send a specially crafted encrypted payload to the vulnerable endpoint using the parameter wpvividaction=sendtosite...

Exploit for CVE-2026-1357

🧨 CVE-2026-1357 – WPvivid Null-Key Exploit Tool CVE-2026-135...

Improper Authentication

github.com/edgelesssys/contrast is vulnerable to Improper Authentication. The vulnerability is due to unauthenticated LUKS2 volume metadata and support for null key-encryption algorithms, which allows an attacker to craft a malicious volume that opens with any passphrase and captures all written...

Files or Directories Accessible to External Parties

Overview Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties via the secure persistent volume feature. An attacker can access confidential data stored in persistent volumes by providing a crafted LUKS2 volume with a null key-encryption algorithm...

EUVD-2023-47928

Malicious code in bioql PyPI...

SUSE CVE-2024-11705

NSCDeriveKey inadvertently assumed that the phKey parameter is always non-NULL. When it was passed as NULL, a segmentation fault SEGV occurred, leading to crashes. This behavior conflicted with the PKCS11 v3.0 specification, which allows phKey to be NULL for certain mechanisms. This vulnerability...

DEBIAN-CVE-2021-47186

In the Linux kernel, the following vulnerability has been resolved: tipc: check for null after calling kmemdup kmemdup can return a null pointer so need to check for it, otherwise the null key will be dereferenced later in tipccryptokeyxmit as can be seen in the trace 1. 1...

PT-2024-13095 · Qualcomm · Snapdragon +259

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue occurs during the key unwrapping process when an empty or NULL encrypted key is provided, resulting in a transient Denial of Service DOS...

CVE-2023-2986

The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated...

Authentication flaw

The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. This is due to insufficient encryption on the user being supplied during the abandoned cart link decode through the plugin. This allows unauthenticated...

CVE-2023-0751

When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple providers at once resulting in the second and subsequent devices silently using a NULL key as the user key file. If a user only uses a key file without a user passphrase, the master key is...

CVE-2023-0751

CVE-2023-0751 affects GELI on FreeBSD: reading a key file from stdin fails to reuse the key file when initializing multiple providers, causing the second and subsequent devices to use a NULL user key. If only a key file is provided (no passphrase), the master key may be encrypted with an empty ke...

CVE-2023-0751 GELI silently omits the keyfile if read from stdin

When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple providers at once resulting in the second and subsequent devices silently using a NULL key as the user key file. If a user only uses a key file without a user passphrase, the master key is...

GELI 安全漏洞

GELI is a block device level disk encryption utility from the freeBSD Foundation. A security vulnerability exists in GELI that stems from the fact that when reading a key file from standard input, it does not reuse the key file to initialize multiple providers at once, causing the second and...

CVE-2022-31260

In Montala ResourceSpace through 9.8 before r19636, csvexportresultsmetadata.php allows attackers to export collection metadata via a non-NULL k value...

CVE-2022-31260

In Montala ResourceSpace through 9.8 before r19636, csvexportresultsmetadata.php allows attackers to export collection metadata via a non-NULL k value...

PT-2022-20648 · Montala · Resourcespace

Name of the Vulnerable Software and Affected Versions: Montala ResourceSpace versions prior to r19636 Description: The issue allows attackers to export collection metadata via a non-NULL k value in the csv export results metadata.php file. Recommendations: For versions prior to r19636, update to ...

Intland codeBeamer ALM 安全漏洞

Intland Software codeBeamer ALM is an application lifecycle management platform from Intland Software, Germany. The platform supports application lifecycle management, requirements management, risk management and software development. A security vulnerability exists in Intland codeBeamer ALM 10,...