CVE-2025-68701 Jervis has Deterministic AES IV Derivation from Passphrase

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphrase. This vulnerability is fixed in 2.2...

CVE-2025-68701

CVE-2025-68701 affects Jervis (Job DSL/Jenkins shared libraries). Prior to version 2.2, Jervis derives the AES IV deterministically from a passphrase, enabling cryptographic weaknesses as described in multiple sources. The vulnerability is fixed in 2.2; remediation is to upgrade to Jervis 2.2 or ...

Input validation

The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input...

Message Authentication Codes calculated by the Default Encryption Module allow an attacker to silently overwrite blocks in a file (NC-SA-2020-038)

A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file...

CVE-2018-13820

A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information...

Ubee EVW3226 Modem/Router 1.0.20 - Multiple Vulnerabilities

''' Ubee EVW3226 modem/router multiple vulnerabilities -------------------------------------------------- Platforms / Firmware confirmed affected: - Ubee EVW3226, 1.0.20 - Product page: http://www.ubeeinteractive.com/products/cable/evw3226 Vulnerabilities --------------- Insecure session manageme...

ProSoft Technology RadioLinx ControlScape PRNG vulnerability

Industrial automation software used worldwide to create and configure wireless radios that connect devices in environments such as oil and gas is vulnerable to attack by a hacker armed with an antenna from as far as 30 miles away. Though the vulnerability in the ProSoft Technology RadioLinx...