Lucene search
K

460 matches found

OSV
OSV
added 2017/11/17 4:29 a.m.29 views

PYSEC-2017-26

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...

5.3CVSS4.5AI score0.00905EPSS
Exploits0References2
PyPA
PyPA
added 2017/11/17 4:29 a.m.5 views

PYSEC-2017-26

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...

5.3CVSS6.9AI score0.00905EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2017/11/17 4:29 a.m.22 views

CVE-2017-1000246

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...

5.3CVSS6.8AI score0.00905EPSS
Exploits0References2
OSV
OSV
added 2017/11/17 4:29 a.m.3 views

UBUNTU-CVE-2017-1000246

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...

5.3CVSS6.7AI score0.00905EPSS
Exploits0References3
OSV
OSV
added 2017/11/17 4:29 a.m.5 views

DEBIAN-CVE-2017-1000246

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...

5.3CVSS7.7AI score0.00905EPSS
Exploits0References1
RubySec
RubySec
added 2017/10/24 12:0 a.m.24 views

Incorrect handling of initialization vector in the GCM mode in OpenSSL

The openssl gem for Ruby uses the same initialization vector IV in GCM Mode aes--gcm when the IV is set before the key, which makes it easier for context-dependent attackers to bypass the encryption protection mechanism...

7.5CVSS4.3AI score0.03167EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2017/09/29 12:0 a.m.8 views

Mozilla Firefox Information Disclosure Vulnerability (CNVD-2017-32532)

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in WebExtensions in versions of Mozilla Firefox prior to Mozilla Firefox 56, which stems from the implementation of AES-GCM in the WebCrypto API accepting an IV...

5.3CVSS6.9AI score0.01415EPSS
Exploits0References1
Broadcom
Broadcom
added 2017/09/29 12:0 a.m.8 views

BSA-2017-444

Security Advisory ID : BSA-2017-444 Component : DENX Das U-Boot Revision : 3.0: Final Das U-Boot is a devicebootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector and improper...

4.6CVSS6.6AI score0.00309EPSS
Exploits0
CERT
CERT
added 2017/09/08 12:0 a.m.562 views

Das U-Boot AES-CBC encryption implementation contains multiple vulnerabilities

Overview Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector and improper handling of an error condition may allow attacks against the underlying...

6.4CVSS4.6AI score0.00309EPSS
Exploits0References2
OSV
OSV
added 2017/09/01 9:29 p.m.4 views

UBUNTU-CVE-2017-12871

The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector IV...

5.9CVSS6.2AI score0.00486EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2017/09/01 9:29 p.m.4 views

CVE-2017-12871

The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector IV...

5.9CVSS5.5AI score0.00486EPSS
Exploits0References3
Prion
Prion
added 2017/09/01 9:29 p.m.15 views

Design/Logic Flaw

The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector IV...

4.3CVSS5.7AI score0.00486EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2017/09/01 9:29 p.m.26 views

CVE-2017-12871

The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector IV...

5.9CVSS6.2AI score0.00486EPSS
Exploits0References2
OSV
OSV
added 2017/09/01 9:29 p.m.4 views

DEBIAN-CVE-2017-12871

The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector IV...

5.9CVSS6.8AI score0.00486EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2017/09/01 9:0 p.m.23 views

CVE-2017-12871

The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector IV...

5.9CVSS5.6AI score0.00486EPSS
Exploits0
CNVD
CNVD
added 2017/08/29 12:0 a.m.3 views

Lemur has an unspecified vulnerability

Lemur is a Python based TLS certificate management tool. A security vulnerability exists in Lemur version 0.1.4, which stems from the program's failure to use a random IV when encrypting AES.No detailed information about the vulnerability is currently available...

7.5CVSS7.3AI score0.01509EPSS
Exploits0References1
PyPA
PyPA
added 2017/08/09 4:29 p.m.8 views

PYSEC-2017-50

Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting AES in CBC mode...

7.5CVSS7AI score0.01509EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2017/08/01 2:29 p.m.4 views

CVE-2017-11133

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. To encrypt messages, AES in CBC mode is used with a pseudo-random secret. This secret and the IV are generated with math.random in previous versions and with...

7.5CVSS5.8AI score0.00675EPSS
Exploits0References1
NVD
NVD
added 2017/06/30 3:29 a.m.17 views

CVE-2017-7905

A Weak Cryptography for Passwords issue was discovered in General Electric GE Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Versio...

9.8CVSS9.4AI score0.01281EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/06/30 2:35 a.m.21 views

CVE-2017-7905

A Weak Cryptography for Passwords issue was discovered in General Electric GE Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Versio...

9.3AI score0.01281EPSS
Exploits0References2
Rows per page
Query Builder