GHSA-F659-372H-6X3X netty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on failures

HKDFexpand: returns non-NULL on failure. The byte is filled with zeros and has no way to distinguish success from failure. Since this output is used as HKDF key material for the response AEAD, a failure silently produces an all-zero key. When EVPHPKECTXexport fails it also returns an empty byte...

ECOVACS robot vacuums 安全漏洞

ECOVACS robot vacuums is a line of vacuum cleaners from the Chinese company ECOVACS. A security vulnerability exists in ECOVACS robot vacuums that stems from insecure Wi-Fi communication using predictable AES encryption keys...

CVE-2025-32874

An issue was discovered in Kaseya Rapid Fire Tools Network Detective through 2.0.16.0. A vulnerability exists in the EncryptionUtil class because symmetric encryption is implemented in a deterministic and non-randomized fashion. The method Encryptbyte clearData derives both the encryption key and...

CVE-2025-32874

An issue was discovered in Kaseya Rapid Fire Tools Network Detective through 2.0.16.0. A vulnerability exists in the EncryptionUtil class because symmetric encryption is implemented in a deterministic and non-randomized fashion. The method Encryptbyte clearData derives both the encryption key and...

CVE-2023-49256 Predictable encryption passphrase used in publicly accessible configuration file

It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key...

CVE-2023-27169

Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation...

Wrong And Predictable Encryption

github.com/golang/crypto is vulnerable to predictable encryption. In the keystream generation of more than 256 GiB in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa, it can first generate incorrect output and finally cycling back to the previously...

[Onapsis Security Advisory 2015-012] SAP Mobile Platform DataVault Predictable Encryption Password for Secure Storage

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2015-012: SAP Mobile Platform DataVault Predictable Encryption Password for Secure Storage 1. Impact on Business - --------------------- By exploiting this vulnerability an attacker with access to a vulnerable mobile device...

CVE-2007-2727

The mcryptcreateiv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls phprandr with an uninitialized seed variable and therefore always generates the same initialization vector IV, which might allow context-dependent attackers to decrypt...