Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.11 views

CVE-2026-6550

Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python before version 3.3.1 and before version 4.0.5 might allow an authenticated local threat actor to bypass key commitment policy enforcement via a shared key cache, resulting in ciphertext that can be...

5.7CVSS5.4AI score0.00096EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/24 3:59 p.m.8 views

EUVD-2026-23943

AWS Encryption SDK for Python: Key commitment policy bypass via shared key cache...

5.7CVSS5.1AI score0.00096EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/20 7:20 p.m.7 views

CVE-2026-6550 Key commitment policy bypass via shared key cache in AWS Encryption SDK for Python

Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python before version 3.3.1 and before version 4.0.5 might allow an authenticated local threat actor to bypass key commitment policy enforcement via a shared key cache, resulting in ciphertext that can be...

5.7CVSS5.7AI score0.00096EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.13 views

Amazon AWS Encryption SDK 安全漏洞

Amazon AWS Encryption SDK is a development toolkit used by Amazon, Inc., for encryption purposes. Versions of the AWS Encryption SDK prior to 3.3.1 and 4.0.5 contained security vulnerabilities. These vulnerabilities were due to issues with the encryption algorithm, which could allow authenticated...

5.7CVSS5.8AI score0.00096EPSS
Exploits0References1
Veracode
Veracode
added 2026/03/24 8:47 a.m.17 views

Missing Cryptographic Key Commitment

software.amazon.encryption.s3, amazon-s3-encryption-client-java is vulnerable to missing cryptographic key commitment. The vulnerability is due to improper validation of encrypted data keys when stored in instruction files instead of metadata, which allows an attacker with write access to the S3...

6CVSS5.8AI score0.00103EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/12/22 6:15 p.m.6 views

GO-2025-4250 Amazon S3 Encryption Client has a Key Commitment Issue in github.com/aws/amazon-s3-encryption-client-go

Amazon S3 Encryption Client has a Key Commitment Issue in github.com/aws/amazon-s3-encryption-client-go...

6CVSS6.9AI score0.00094EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2025/12/17 8:38 p.m.7 views

net.snowflake:snowflake-jdbc-thin (=4.0.0), org.apache.hadoop:hadoop-aws (=3.4.2) +6 more potentially affected by CVE-2025-14763 via software.amazon.encryption.s3:amazon-s3-encryption-client-java (>=3.1.1 <=3.5.0)

software.amazon.encryption.s3:amazon-s3-encryption-client-java MAVEN version =3.1.1, =2.7.0, =2.7.0, =2.7.0, =2.7.0, =2.7.0, =2.7.0, =2.7.2 Source cves: CVE-2025-14763 Source advisory: SNYK:JAVA-SOFTWAREAMAZONENCRYPTIONS3-14465279...

6CVSS5.8AI score0.00103EPSS
Exploits0
OSV
OSV
added 2025/12/17 8:7 p.m.7 views

CVE-2025-14759

Missing cryptographic key commitment in the Amazon S3 Encryption Client for .NET may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To...

6CVSS6.7AI score0.00094EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2021/06/01 12:0 a.m.9 views

PT-2021-24353 · Amazon Web Services · Aws Encryption Sdk For Java

Name of the Vulnerable Software and Affected Versions: AWS Encryption SDK for Java versions 2.0.0 through 2.2.0 AWS Encryption SDK for Java versions less than 1.9.0 Description: The issue concerns the incorrect validation of some invalid ECDSA signatures. This affects the integrity of the...

6.9CVSS7.4AI score0.0021EPSS
Exploits0References12
PyPA
PyPA
added 2020/11/16 12:15 p.m.13 views

PYSEC-2020-261

A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript prior to versions 2.0.0. Due to the non-committing property of AES-GCM and other AEAD ciphers such as AES-GCM-SIV or XChaCha20Poly1305 used by the SDKs to encrypt messages, an attacker can craft a...

8.1CVSS7.2AI score0.00394EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2020/11/16 12:0 a.m.6 views

Amazon AWS Encryption SDK Encryption Issues Vulnerabilities

The Amazon AWS Encryption SDK is a development toolkit for encryption applications from Amazon.com, USA. A security vulnerability exists in the AWS Encryption SDK that stems from the SDK's use of the non-submit attribute of AES-GCM as well as other AEAD ciphers such as AES-GCM-SIV or...

8.1CVSS7.2AI score0.00394EPSS
Exploits1References3
ThreatPost
ThreatPost
added 2016/03/11 12:0 p.m.11 views

On How Amazon is Approaching Encryption, OS X Ransomware KeRanger, and More

Mike Mimoso and Chris Brook discuss the week in news, including how Amazon is backtracking on encryption when it comes to their devices, a new set of alleged passcode bypasses for iOS, and the new OS X ransomware KeRanger. Download: ThreatpostNewsWrapMarch112016.mp3 Music by Chris Gonsalves...

3.2AI score
Exploits0References2
Rows per page
Query Builder