Lucene search
+L

448 matches found

prion
prion
added 2018/06/26 4:29 p.m.15 views

Design/Logic Flaw

Nov json-jwt version = 0.5.0 && 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authentication tag. This attack appear to be exploitable via network connectivity. Th...

5CVSS5.3AI score0.00777EPSS
Exploits0References2Affected Software1
cve
cve
added 2018/06/26 4:0 p.m.100 views

CVE-2018-1000539

CVE-2018-1000539 affects the ruby-json-jwt gem (versions >=0.5.0 and

5.3CVSS5.1AI score0.00777EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2018/06/26 4:0 p.m.22 views

CVE-2018-1000539

Nov json-jwt version = 0.5.0 && 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authentication tag. This attack appear to be exploitable via network connectivity. Th...

5.2AI score0.00777EPSS
Exploits0References2
debiancve
debiancve
added 2018/06/26 4:0 p.m.27 views

CVE-2018-1000539

Nov json-jwt version = 0.5.0 && 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authentication tag. This attack appear to be exploitable via network connectivity. Th...

5.3CVSS5.3AI score0.00777EPSS
Exploits0
osv
osv
added 2018/06/11 9:29 p.m.5 views

CVE-2017-7822

The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should require a length of 1 according to the NIST Special Publication 800-38D specification. This might allow for the authentication key to be determined in some instances. This vulnerability affects Firefox 56...

5.3CVSS5.8AI score0.01415EPSS
Exploits0References4
nvd
nvd
added 2018/06/11 9:29 p.m.15 views

CVE-2017-7822

The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should require a length of 1 according to the NIST Special Publication 800-38D specification. This might allow for the authentication key to be determined in some instances. This vulnerability affects Firefox 56...

5.3CVSS5AI score0.01415EPSS
Exploits0References4
prion
prion
added 2018/06/11 9:29 p.m.21 views

Authentication flaw

The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should require a length of 1 according to the NIST Special Publication 800-38D specification. This might allow for the authentication key to be determined in some instances. This vulnerability affects Firefox 56...

5CVSS6.3AI score0.01415EPSS
Exploits0References4Affected Software1
debiancve
debiancve
added 2018/06/11 9:0 p.m.28 views

CVE-2017-7822

The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should require a length of 1 according to the NIST Special Publication 800-38D specification. This might allow for the authentication key to be determined in some instances. This vulnerability affects Firefox 56...

5.3CVSS7.7AI score0.01415EPSS
Exploits0
cve
cve
added 2018/06/11 9:0 p.m.120 views

CVE-2017-7822

CVE-2017-7822 : The AES-GCM implementation in WebCrypto API accepts a 0-length IV, contrary to NIST SP 800-38D’s 1-byte minimum, potentially enabling leakage of the authentication key in some cases. Affected software is Firefox

5.3CVSS6.3AI score0.01415EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2018/06/11 9:0 p.m.20 views

CVE-2017-7822

The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should require a length of 1 according to the NIST Special Publication 800-38D specification. This might allow for the authentication key to be determined in some instances. This vulnerability affects Firefox 56...

6.4AI score0.01415EPSS
Exploits0References4
rubygems
rubygems
added 2018/04/30 12:0 a.m.14 views

Auth tag forgery vulnerability with AES-GCM encrypted JWT

Ruby's OpenSSL bindings do not check the length of the supplied authentication tag when decrypting an authenticated encryption mode such as AES-GCM, leaving this up to the authors of a gem/app to implement for properly validating the message. json-jwt was not checking for the authentication tag...

5.3CVSS2.2AI score0.00777EPSS
Exploits0References1Affected Software1
nessus
nessus
added 2018/03/21 12:0 a.m.159 views

SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2018:0665-1)

This update for java-180-ibm fixes the following issues : - Removed java-180-ibm-alsa and java-180-ibm-plugin entries in baselibs.conf due to errors in osc sourcevalidator Version update to 8.0.5.10 bsc1082810 - Security fixes: CVE-2018-2639 CVE-2018-2638 CVE-2018-2633 CVE-2018-2637 CVE-2018-2634...

8.3CVSS6.3AI score0.06905EPSS
Exploits0References37
ubuntucve
ubuntucve
added 2017/10/02 12:0 a.m.26 views

CVE-2017-7822

The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should require a length of 1 according to the NIST Special Publication 800-38D specification. This might allow for the authentication key to be determined in some instances. This vulnerability affects Firefox 56...

5.3CVSS6.8AI score0.01415EPSS
Exploits0References3
mozilla
mozilla
added 2017/09/28 12:0 a.m.540 views

Security vulnerabilities fixed in Firefox 56 — Mozilla

A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake addre...

9.8CVSS10AI score0.03641EPSS
Exploits4References19Affected Software1
prion
prion
added 2017/02/08 4:59 p.m.27 views

Authentication flaw

IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden...

4.3CVSS5.6AI score0.03183EPSS
Exploits0References7Affected Software3
nvd
nvd
added 2017/02/08 4:59 p.m.37 views

CVE-2016-0270

IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden...

5.9CVSS5.5AI score0.03099EPSS
Exploits0References7
cvelist
cvelist
added 2017/02/08 4:0 p.m.37 views

CVE-2016-0270

IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden...

5.6AI score0.03099EPSS
Exploits0References7
cve
cve
added 2017/02/08 4:0 p.m.66 views

CVE-2016-0270

IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1 is affected when using TLS with AES-GCM; the vulnerability arises from nonce generation randomness leading to nonce reuse, enabling remote attackers to obtain the authentication key and spoof data (CVE-2016-0270). Th...

5.9CVSS5.5AI score0.03099EPSS
Exploits0References7Affected Software3
n0where
n0where
added 2016/12/24 5:26 a.m.22 views

Tests Crypto Libraries Against Known Attacks: Wycheproof

Rests Crypto Libraries Against Known Attacks Project Wycheproof tests crypto libraries against known attacks. It is developed and maintained by members of Google Security Team, but it is not an official Google product. In cryptography, subtle mistakes can have catastrophic consequences. Good...

6.7AI score
Exploits0References7
osv
osv
added 2016/10/13 7:20 a.m.10 views

MGASA-2016-0342 Updated ruby packages fix a security vulnerability

A bug in openssl module caused using an all 0 IV for AES-GCM ciphers in some cases when setting a key, an iv, and then setting a key a again CVE-2016-779...

7.5CVSS7.5AI score0.03167EPSS
Exploits1References3
Rows per page
Query Builder