CVE-2024-41260

A static initialization vector IV in the encrypt function of netbird management's service from v0.23.2 to v0.29.1 allows attackers to obtain sensitive information email addresses when in possession of the audit events database...

CVE-2024-41260

A static initialization vector IV in the encrypt function of netbird management's service from v0.23.2 to v0.29.1 allows attackers to obtain sensitive information email addresses when in possession of the audit events database...

NetBird 安全漏洞

NetBird is an open source network security platform open sourced by netbirdio. A security vulnerability exists in NetBird version 0.28.4, which stems from a static initialization vector IV in the encryption function that allows an attacker to obtain sensitive information...

PT-2024-29338

Name of the Vulnerable Software and Affected Versions netbird version 0.28.4 Description The issue concerns a static initialization vector IV used in the encrypt function, allowing attackers to obtain sensitive information. This static IV is utilized in the github.com/netbirdio/netbird code...

CentOS 8 : libreoffice (CESA-2023:0089)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:0089 advisory. - libreoffice: Execution of Untrusted Macros Due to Improper Certificate Validation CVE-2022-26305 - libreoffice: Static Initialization Vector Allows t...

GHSA-FXFF-WXXV-C2JC PyPinkSign uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption

PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining CBC mode in AES encryption. This vulnerability can lead to the disclosure of information and communications...

CVE-2023-48056

PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining CBC mode in AES encryption. This vulnerability can lead to the disclosure of information and communications...

CVE-2023-48053

Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining CBC mode in AES encryption. This vulnerability can lead to the disclosure of information and communications...

PYSEC-2023-245

PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining CBC mode in AES encryption. This vulnerability can lead to the disclosure of information and communications...

Archery Security Vulnerabilities

Archery is an open source set of vulnerability assessment and management tools. A security vulnerability exists in Archery version v1.10.0 that stems from the use of non-random or static IVs for Cipher Block Linking CBC mode in AES encryption, which could lead to information and communication...

PT-2023-30686 · Unknown · Pypinksign

Name of the Vulnerable Software and Affected Versions: PyPinkSign version 0.5.1 Description: The issue concerns the use of a non-random or static Initialization Vector IV in Cipher Block Chaining CBC mode for Advanced Encryption Standard AES encryption. This can potentially lead to the disclosure...

PyPinkSign Security Vulnerability

PyPinkSign is a Python library for NPKI certificates from the individual developer Jung Sang-jun! A security vulnerability exists in PyPinkSign version v0.5.1, which stems from the use of non-random or static IVs for cipher block linking CBC mode in AES encryption, which could lead to information...

Akuvox E11 安全特征问题漏洞

Akuvox E11 is a SIP visual doorbell from Akuvox designed for villas, houses and apartments. A security vulnerability exists in Akuvox E11 that stems from the inclusion of a feature that encrypts a message and then forwards it.The IV vector and key are static, which could allow an attacker to...

libreoffice security update

7.1.8.1-8.0.1 - Replace colors with Oracle colors Orabug: 32120093 - Build with --with-vendor='Oracle America, Inc.' - Added the --with-hamcrest option to configure. 1:7.1.8.1-8 - Resolves: rhbz2134759 Untrusted Macros - Resolves: rhbz2134757 Weak Master Keys - Resolves: rhbz2134755 Static...

RHEL 9 : libreoffice (RHSA-2023:0304)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0304 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor...

libreoffice security update

6.4.7.2-12.0.1 - Replace colors with Oracle colors Orabug: 32120093 - Build with --with-vendor='Oracle America, Inc.' - Added the --with-hamcrest option to configure. 1:6.4.7.2-12 - Resolves: rhbz2134752 CVE-2022-26305 Untrusted Macros - Resolves: rhbz2134751 CVE-2022-26307 Weak Master Keys -...

GHSA-CHG9-3C3P-CH23 Lemur uses static IV per key

Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting AES in CBC mode...

GitHub Security Lab: Java: Static initialization vector

This bug was reported directly to GitHub Security Lab...

mod_auth_openidc 安全特征问题漏洞

modauthopenidc is a software application. It is an authentication/authorization module for the Apache 2.x HTTP server that is used as an OpenID Connect dependency to authenticate users against the OpenID Connect provider. A security vulnerability exists in Zmartzone modauthopenidc that stems from...

PT-2021-6452 · Unknown +5 · Mod Auth Openidc +5

Name of the Vulnerable Software and Affected Versions: mod auth openidc versions prior to 2.4.9 Description: The issue is related to the AES GCM encryption in mod auth openidc, which uses a static IV and AAD. This creates a static nonce and can lead to known cryptographic issues since the same ke...