75 matches found
DEBIAN-CVE-2023-2975
Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misl...
UBUNTU-CVE-2023-2975
Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misl...
CVE-2023-2975
Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misl...
CVE-2023-2975 AES-SIV implementation ignores empty associated data entries
Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misl...
CVE-2023-2975 AES-SIV implementation ignores empty associated data entries
Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misl...
OpenSSL 授权问题漏洞
OpenSSL is an open source capable general-purpose cryptographic library from the OpenSSL team that implements the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. It supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...
PT-2023-4553 · Openssl +7 · Openssl +7
Name of the Vulnerable Software and Affected Versions: OpenSSL affected versions not specified Description: The AES-SIV cipher implementation in OpenSSL contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. This issue can mislead...
Hardcoded static IV and AAD with a reused key in AES GCM encryption in mod_auth_openidc
...
Gundog - Guided Hunting In Microsoft 365 Defender
Gundog provides you with guided hunting in Microsoft 365 Defender. Especially if not only for Email and Endpoint Alerts at the moment. Functionality You provide an AlertID you might received via Email notification and gundog will then hunt for as much as possible associated data. It does not give...
PT-2021-6452 · Unknown +5 · Mod Auth Openidc +5
Name of the Vulnerable Software and Affected Versions: mod auth openidc versions prior to 2.4.9 Description: The issue is related to the AES GCM encryption in mod auth openidc, which uses a static IV and AAD. This creates a static nonce and can lead to known cryptographic issues since the same ke...
CVE-2019-4547
IBM Security Directory Server 6.4.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 165949...
CVE-2019-4699
IBM Security Guardium Data Encryption GDE 3.0.0.2 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 171931...
Information disclosure
IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 127400...
Nimbus JOSE+JWT Security Bypass Vulnerability
Nimbus JOSE+JWT is an open source Java library . Nimbus JOSE+JWT fails to perform integer overflow detection, allowing remote attackers to exploit vulnerabilities to perform HMAC bypass attacks by sniffing AAD and ciphertext...
OpenSSL 'ASN1_item_ex_d2i' Function Denial of Service Vulnerability
OpenSSL is an open source implementation of SSL used to enable strong encryption of network communications and is now widely used in a variety of web applications. A denial of service vulnerability exists in the 'ASN1itemexd2i' function of OpenSSL 'crypto/asn1/tasndec.c'. Due to the program faili...