Lucene search
K

378 matches found

CVE
CVE
added 2022/08/20 7:41 p.m.67 views

CVE-2022-38493

CVE-2022-38493 affects Rhonabwy 0.9.99 through 1.1.x prior to 1.1.7, where the RSA private key length is not validated before RSA-OAEP decryption. The underlying issue allows an attacker to cause a Denial of Service via a crafted JWE (JSON Web Encryption) token. Multiple connected sources (Red Ha...

7.5CVSS7.3AI score0.00291EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/08/20 12:0 a.m.6 views

PT-2022-24426 · Rhonabwy · Rhonabwy

Name of the Vulnerable Software and Affected Versions: Rhonabwy versions 0.9.99 through 1.1.x before 1.1.7 Description: The issue allows attackers to cause a Denial of Service via a crafted JWE JSON Web Encryption token, as the software does not check the RSA private key length before RSA-OAEP...

7.5CVSS7.3AI score0.00291EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2022/08/17 12:0 a.m.44 views

SUSE SLED15: ceph / ceph-base / ceph-common / ceph-fuse / etc (SUSE-SU-2022:2818-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2818-1 advisory. - Update to 16.2.9-536-g41a9f9a5573: - bsc1195359, bsc1200553 rgw: check bucket shard init status in...

6.5CVSS6.9AI score0.00436EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2022/05/05 7:56 a.m.5 views

ceph: Ceph volume does not honour osd_dmcrypt_key_size

A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks...

6.5CVSS5.8AI score0.00436EPSS
Exploits0References4
Mageia
Mageia
added 2022/04/13 4:6 p.m.55 views

Updated ceph packages fix security vulnerability

Updated ceph packages fix security vulnerabilities: the key length for encrypted devices created using ceph-volume is incorrect. This is due to a bug in cephvolume/util/encryption.py which is fixed by this new version. CVE-2021-3979...

6.5CVSS3.2AI score0.00436EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2022/04/04 10:23 a.m.4 views

ceph: Ceph volume does not honour osd_dmcrypt_key_size

A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks...

6.5CVSS5.8AI score0.00436EPSS
Exploits0References4
OSV
OSV
added 2022/02/19 11:3 a.m.4 views

OESA-2022-1528 ceph security update

User space components of the Ceph file system. Security Fixes: The key length for encrypted devices created using ceph-volume is incorrect. This is due to a bug in cephvolume/util/encryption.py, where upon writing a key using osddmcryptkeysize it does not pass the key size to the format and open...

6.5CVSS6.9AI score0.00436EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2022/01/12 11:22 p.m.56 views

CVE-2021-3979

A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks...

6.5CVSS1.4AI score0.00436EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/01/11 12:0 a.m.6 views

Red Hat Ceph Storage 授权问题漏洞

Red Hat Ceph Storage is a suite of scalable, open software-defined storage platforms from Red Hat USA. An authorization issue vulnerability exists in Red Hat Ceph Storage, where an attacker can exploit the fact that the key length is incorrectly passed in the encryption algorithm to create a...

6.5CVSS6.8AI score0.00436EPSS
Exploits0References16
OSV
OSV
added 2021/11/04 9:15 p.m.5 views

CVE-2021-43398

Crypto++ aka Cryptopp 8.6.0 and earlier contains a timing leakage in MakePublicKey. There is a clear correlation between execution time and private key length, which may cause disclosure of the length information of the private key. This might allow attackers to conduct timing attacks. NOTE: this...

5.3CVSS5AI score
Exploits0References3
OSV
OSV
added 2021/11/04 9:15 p.m.3 views

UBUNTU-CVE-2021-43398

DISPUTED Crypto++ aka Cryptopp 8.6.0 and earlier contains a timing leakage in MakePublicKey. There is a clear correlation between execution time and private key length, which may cause disclosure of the length information of the private key. This might allow attackers to conduct timing attacks...

5.3CVSS6.2AI score0.01899EPSS
Exploits1References4
Cvelist
Cvelist
added 2021/11/04 8:6 p.m.19 views

CVE-2021-43398

Crypto++ aka Cryptopp 8.6.0 and earlier contains a timing leakage in MakePublicKey. There is a clear correlation between execution time and private key length, which may cause disclosure of the length information of the private key. This might allow attackers to conduct timing attacks. NOTE: this...

5.4AI score0.01899EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/11/04 12:0 a.m.3 views

Crypto++ 安全漏洞

Crypto++ is a C++ cryptographic method library. A security vulnerability exists in Crypto++ a.k.a. Cryptopp versions 8.6.0 and earlier, which stems from the software containing a timing leak in MakePublicKey. There is a significant correlation between the private key execution time and the privat...

5.3CVSS6AI score0.01899EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2021/11/04 12:0 a.m.3 views

PT-2021-23829 · Crypto++ · Crypto++

Name of the Vulnerable Software and Affected Versions: Crypto++ aka Cryptopp versions 8.6.0 and earlier Description: The issue concerns a timing leakage in the MakePublicKey function, where there is a correlation between execution time and private key length. This could potentially allow attacker...

5.3CVSS7AI score0.01899EPSS
Exploits1References10
RedHat Linux
RedHat Linux
added 2021/08/10 4:14 p.m.2 views

hivex: Buffer overflow when provided invalid node key length

A flaw was found in the hivex library. It is caused due to a lack of bounds check within the hivexopen function. An attacker could input a specially crafted Windows Registry hive file which would cause hivex to read memory beyond its normal bounds or cause the program to crash. The highest threat...

5.8CVSS7.1AI score0.01916EPSS
Exploits0References4
Prion
Prion
added 2021/07/13 6:15 a.m.24 views

Memory corruption

Improper length check of public exponent in RSA import key function could cause memory corruption. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables...

7.2CVSS7.7AI score0.00166EPSS
Exploits0References1
Kitploit
Kitploit
added 2021/06/30 12:30 p.m.47 views

Forblaze - A Python Mac Steganography Payload Generator

Forblaze is a project designed to provide steganography capabilities to Mac OS payloads. Using python3, it will build an Obj-C file for you which will be compiled to pull desired encrypted URLs out of the stego file, fetch payloads over https, and execute them directly into memory. It utilizes...

7.5AI score
Exploits0References1
OpenVAS
OpenVAS
added 2021/06/17 12:0 a.m.6 views

Huawei Data Communication: The length of the peer public key does not meet security requirements

Check whether the peer public key of the RSA, DSA and ECC is too short. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

7.3AI score
Exploits0
Cvelist
Cvelist
added 2021/06/09 5:0 a.m.33 views

CVE-2020-11241

Out of bound read will happen if EAPOL Key length is less than expected while processing NAN shared key descriptor attribute in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdrago...

7.6AI score0.00598EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2021/06/08 10:50 p.m.3 views

hivex: Buffer overflow when provided invalid node key length

A flaw was found in the hivex library. It is caused due to a lack of bounds check within the hivexopen function. An attacker could input a specially crafted Windows Registry hive file which would cause hivex to read memory beyond its normal bounds or cause the program to crash. The highest threat...

5.8CVSS7.1AI score0.01916EPSS
Exploits0References4
Rows per page
Query Builder