364 matches found
CVE-2023-0751 GELI silently omits the keyfile if read from stdin
When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple providers at once resulting in the second and subsequent devices silently using a NULL key as the user key file. If a user only uses a key file without a user passphrase, the master key is...
CVE-2023-0751 GELI silently omits the keyfile if read from stdin
When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple providers at once resulting in the second and subsequent devices silently using a NULL key as the user key file. If a user only uses a key file without a user passphrase, the master key is...
CVE-2023-0751
CVE-2023-0751 affects GELI on FreeBSD: reading a key file from stdin fails to reuse the key file when initializing multiple providers, causing the second and subsequent devices to use a NULL user key. If only a key file is provided (no passphrase), the master key may be encrypted with an empty ke...
CVE-2023-22474
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server uses the request header x-forwarded-for to determine the client IP address. If Parse Server doesn't run behind a proxy server, then a client can set this header and Parse Server wi...
Parse Server 安全漏洞
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A security vulnerability exists in Parse Server versions prior to 5.4.1, which stems from a vulnerability that allows bypassing the Parse Server masterKeyIps security mechanism by setting the...
libreoffice: Weak Master Keys
A flaw was found in LibreOffice, where the master key was poorly encoded, resulting in weakening its entropy from 128 to 43 bits. This issue makes the stored passwords that are encrypted with a single master key provided by the user vulnerable to a brute force attack if an attacker has access to...
libreoffice: Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password
A flaw was found in LibreOffice, where the required initialization vector for encryption was always the same. Stored passwords are encrypted with a single master key provided by the user. This issue weakens the security of the encryption, making them vulnerable if an attacker has access to the...
libreoffice: Weak Master Keys
A flaw was found in LibreOffice, where the master key was poorly encoded, resulting in weakening its entropy from 128 to 43 bits. This issue makes the stored passwords that are encrypted with a single master key provided by the user vulnerable to a brute force attack if an attacker has access to...
PT-2022-36234 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.78 Description: The issue concerns the use of the keyrings subsystem for fscrypt master key in fscrypt. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...
Ubuntu: Security Advisory (USN-5694-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5694-1: LibreOffice vulnerabilities
It was discovered that LibreOffice incorrectly handled links using the Office URI Schemes. If a user were tricked into opening a specially crafted document, a remote attacker could use this issue to execute arbitrary scripts. CVE-2022-3140 Thomas Florian discovered that LibreOffice incorrectly...
Ubuntu: Security Advisory (USN-5661-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5661-1: LibreOffice vulnerabilities
It was discovered that LibreOffice incorrectly validated macro signatures. If a user were tricked into opening a specially crafted document, a remote attacker could possibly use this issue to execute arbitrary macros. CVE-2022-26305 It was discovered that Libreoffice incorrectly handled encryptin...
USN-5661-1 libreoffice vulnerabilities
It was discovered that LibreOffice incorrectly validated macro signatures. If a user were tricked into opening a specially crafted document, a remote attacker could possibly use this issue to execute arbitrary macros. CVE-2022-26305 It was discovered that Libreoffice incorrectly handled encryptin...
Ubuntu 20.04 LTS : LibreOffice vulnerabilities (USN-5661-1)
The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5661-1 advisory. It was discovered that LibreOffice incorrectly validated macro signatures. If a user were tricked into opening a specially crafted document, a remote...
GHSA-2M6G-CRV8-P3C6 Parse Server vulnerable to brute force guessing of user sensitive data via search patterns
Impact Internal fields keys used internally by Parse Server, prefixed by and protected fields user defined can be used as query constraints. Internal and protected fields are removed by Parse Server from query results and are only returned to the client using a valid master key. However, using...
CVE-2022-36079 Parse Server vulnerable to brute force guessing of user sensitive data via search patterns
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Internal fields keys used internally by Parse Server, prefixed by and protected fields user defined can be used as query constraints. Internal and protected fields are removed by Parse Server a...
PT-2022-23167 · Unknown · Parse Server
Name of the Vulnerable Software and Affected Versions: Parse Server versions prior to 4.10.14 Parse Server versions prior to 5.2.5 Description: Internal fields keys used internally by Parse Server, prefixed by and protected fields user defined can be used as query constraints. These fields are...
CVE-2022-26307
A flaw was found in LibreOffice, where the master key was poorly encoded, resulting in weakening its entropy from 128 to 43 bits. This issue makes the stored passwords that are encrypted with a single master key provided by the user vulnerable to a brute force attack if an attacker has access to...
CVE-2022-26306
A flaw was found in LibreOffice, where the required initialization vector for encryption was always the same. Stored passwords are encrypted with a single master key provided by the user. This issue weakens the security of the encryption, making them vulnerable if an attacker has access to the...