OpenSSL 安全漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...

CVE-2025-48613

In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the original image was previously signed with the same key. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-68703

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the salt is derived from sha256Sumpassphrase. Two encryption operations with the same password will have the same derived key. This vulnerability is fixed in 2.2...

Jervis 加密问题漏洞

Jervis is an automation tool from the individual developer Sam Gleske. A cryptographic issue vulnerability exists in versions prior to Jervis 2.2 that stems from the SHA-256 and derived salt values from a passphrase, resulting in the same key being generated for the same passphrase...

CVE-2025-30189

CVE-2025-30189 affects Open-Xchange OX Dovecot Pro (and dovecot-based components) where enabling authentication caching causes incorrect caching: multiple users sharing the same cache key leads to the cached entry being reused for subsequent logins. The issue is described in multiple advisories (...

CVE-2025-30189

When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...

EUVD-2015-9392

Malware in sbrugna...

Ethereum RLPx 安全漏洞

Ethereum RLPx is a TCP-based transport protocol from Ethereum used for communication between Ethernet nodes. A security vulnerability exists in Ethereum RLPx that stems from two CTR streams based on the same key, IV, and random number, potentially facilitating decryption on a private network...

CVE-2020-14474

The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by using a key enveloping technique. The recovered key material is the same for every device...

CVE-2019-12121

An issue was detected in ONAP Portal through Dublin. By executing a padding oracle attack using the ONAPPORTAL/processSingleSignOn UserId field, an attacker is able to decrypt arbitrary information encrypted with the same symmetric key as UserId. All Portal setups are affected...

Cisco Clean Access多个远程安全漏洞

Cisco Clean Access CCA是一种用于自动检测、隔离、清除受恶意代码感染的设备访问网络的软件解决方案。 CCA的实现上存在两个安全漏洞，远程攻击得可能利用这些漏洞获取非授权访问或得到敏感信息。 CCA与Cisco Clean Access Manager CAM交互时，交互双方需要相同的密钥，CAM端的密钥在CAM和CAS初始化时设定，CCA实现上的漏洞使此密钥不可被更改，网络上所有相关的设备共享了相同的密钥，可能导致非授权访问。此漏洞的Cisco Bug ID为CSCsd48626，影响如下的CCA版本： CCA releases 3.6.x - 3.6.4.2 CCA...