210 matches found
AArch64cryptolib 路径遍历漏洞
AArch64cryptolib is an open source scratch implementation of a cryptographic primitive by Arm Software. A path traversal vulnerability exists in versions prior to AArch64cryptolib 20230220, which stems from the inability of the armv8decaesgcmfull API to validate authentication tags for AES-GCM...
SUSE CVE-2010-3074
SSLCipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a watermark attack...
SUSE CVE-2016-7440
The C software implementation of AES Encryption and Decryption in wolfSSL formerly CyaSSL before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences...
PT-2023-15648 · Arm · Armv8
Name of the Vulnerable Software and Affected Versions: ARMv8 affected versions not specified Description: The AES instructions on the ARMv8 platform do not have an algorithm that is intrinsically resistant to side-channel attacks. The vendor notes that while power side channel attacks are possibl...
CVE-2022-37710
Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: 1 keybackup.data License Encryption Key or 2 Eaglesoft.Server.Configuration.data DbEncryptKeyPrimary Encryption Key. Applicable files are encrypted with keys and salt that are hardcoded into a DLL or...
Juiker 信任管理问题漏洞
Juiker is an instant messaging software for government and business organizations from Juiker. Juiker suffers from a security vulnerability that stems from the application's use of hard-coded AES keys in the source code. A physical attacker with root access to Android could use the AES key to...
CLSA-2022-1660238929 Fixed CVE-2022-2097 in openssl
CVE-2022-2097: Fix AES OCB encrypt/decrypt for x86 AES-NI...
openssl: AES OCB fails to encrypt some bytes
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...
AES OCB fails to encrypt some bytes
...
The vulnerability of the AES OCB mode in the OpenSSL library allows a hacker to disclose protected information.
The vulnerability of the AES OCB mode in the OpenSSL library, where the necessary encryption step is absent. Exploiting this vulnerability can allow a malicious actor to disclose the protected information remotely...
CVE-2022-28382
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to the use of an insecure encryption AES mode Electronic Codebook, aka ECB, an attacker may be able to extract information even from encrypted data, for example by observing repeating byte patterns. The firmware of the...
CVE-2022-28382
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to the use of an insecure encryption AES mode Electronic Codebook, aka ECB, an attacker may be able to extract information even from encrypted data, for example by observing repeating byte patterns. The firmware of the...
The vulnerability of the AES GCM encryption function of the authentication and authorization module for the Apache 2.x HTTP server Mod_auth_openidc allows a perpetrator to access confidential data.
The vulnerability of the AES GCM module’s authentication and authorization function for the Apache 2.x HTTP server Modauthopenidc is related to the use of static IVs and AADs. Exploiting this vulnerability allows a malicious actor to gain access to confidential data...
What is AES Advanced Encryption Standard ❓
In any case, AES cipher is the famous framework that aids in digital encoding facts making use of a maintained 128-digit, 192-piece, or 256-cycle symmetric encryption estimate from the Advanced Encryption Standard AES, additionally called FIPS 197. The AES is a PC protection general for obtaining...
The vulnerability of the implementation of the Advanced Encryption Standard (AES) encryption algorithm in software for remote control of computers via TeamViewer allows a hacker to circumvent security restrictions and gain unauthorized access to protected information.
The vulnerability of the AES encryption algorithm implemented in software for remote control of computers via TeamViewer is related to weak password requirements. Exploiting this vulnerability could allow a hacker to circumvent security restrictions and gain unauthorized access to protected...
samba: Netlogon elevation of privilege vulnerability (Zerologon)
A flaw was found in the Microsoft Windows Netlogon Remote Protocol MS-NRPC, where it reuses a known, static, zero-value initialization vector IV in AES-CFB8 mode. This flaw allows an unauthenticated attacker to impersonate a domain-joined computer, including a domain controller, and possibly obta...
PT-2021-18221 · Unknown · Jose-Node-Cjs-Runtime
Name of the Vulnerable Software and Affected Versions: jose-node-cjs-runtime versions prior to 3.11.4 Description: The AES CBC HMAC SHA2 Algorithm decryption in the jose-node-cjs-runtime package has a timing difference when a padding error occurs, creating a padding oracle. This allows an adversa...
libssh: denial of service when handling AES-CTR (or DES) ciphers
A flaw was found in the way libssh handled AES-CTR or DES ciphers if enabled ciphers. The server or client could crash when the connection hasn't been fully initialized and the system tries to cleanup the ciphers when closing the connection. The biggest threat from this vulnerability is system...
CVE-2020-11877
airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector IV for AES-256 CBC encryption. NOTE: the vendor states that this IV is used only within unreachable code...
wolfssl
This is a collection of files related to the wolfSSL library, a cryptographic library for embedded systems. The library is designed to be compatible with Arduino projects and provides a range of cryptographic functions, including SSL/TLS, RSA, and AES. The files include: IDE/ARDUINO/README.md: A...