24 matches found
EUVD-2022-5649
Malicious code in bioql PyPI...
EUVD-2022-2297
Malicious code in bioql PyPI...
SUSE CVE-2024-33662
Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function...
ROS-20241008-02
A vulnerability in the Portainer container management platform is related to an improperly used algorithm encryption algorithm in the AesEncrypt function. Exploitation of the vulnerability could allow an attacker acting remotely to compromise the confidentiality, integrity, and availability of...
Portainer improperly uses an encryption algorithm in the AesEncrypt function
Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function...
GHSA-9MJW-79R6-C9M8 Portainer improperly uses an encryption algorithm in the AesEncrypt function
Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function...
CVE-2024-33662
Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function...
Portainer 安全漏洞
Portainer is a lightweight user management interface for managing Docker environments and Docker hosts from Portainer Open Source. A security vulnerability exists in Portainer versions prior to 2.20.2 that stems from incorrect use of a cryptographic algorithm in the AesEncrypt function...
CVE-2024-33662
CVE-2024-33662 affects Portainer and is due to improper use of an encryption algorithm in the AesEncrypt function. The CVE entry indicates a base score of 7.5 (HIGH) with NETWORK attack vector, HIGH impact on confidentiality, integrity, and availability, and requires low privileges with no user i...
CVE-2024-33662
Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function...
CVE-2024-33662
Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function...
PT-2024-25421 · Portainer +2 · Portainer +2
Name of the Vulnerable Software and Affected Versions: Portainer versions prior to 2.20.2 Description: The issue is related to the improper use of an encryption algorithm in the AesEncrypt function. This flaw can lead to weak encryption. There is no information provided about the estimated number...
GHSA-44PR-MGCP-V36R SimpleSAMLphp Unauthenticated encryption in CBC mode
SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...
CVE-2017-12871
The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector IV...
CVE-2017-12871
The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector IV...
CVE-2017-12871
The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector IV...
CVE-2017-12871
The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector IV...
CVE-2017-12870
SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...
DEBIAN-CVE-2017-12870
SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...
Code injection
SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...