Lucene search
K

75 matches found

OSV
OSV
added 2023/07/14 12:15 p.m.1 views

DEBIAN-CVE-2023-2975

Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misl...

5.3CVSS6.9AI score0.00525EPSS
Exploits0References1
OSV
OSV
added 2023/07/14 12:15 p.m.8 views

UBUNTU-CVE-2023-2975

Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misl...

5.3CVSS6.9AI score0.00525EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2023/07/14 11:16 a.m.35 views

CVE-2023-2975

Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misl...

5.3CVSS7AI score0.00525EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/07/14 11:16 a.m.3 views

CVE-2023-2975 AES-SIV implementation ignores empty associated data entries

Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misl...

5.5AI score0.00525EPSS
Exploits0References3
OSV
OSV
added 2023/07/14 11:16 a.m.41 views

CVE-2023-2975 AES-SIV implementation ignores empty associated data entries

Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misl...

5.3CVSS6.9AI score0.00525EPSS
Exploits0References9
CNNVD
CNNVD
added 2023/07/14 12:0 a.m.3 views

OpenSSL 授权问题漏洞

OpenSSL is an open source capable general-purpose cryptographic library from the OpenSSL team that implements the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. It supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...

5.3CVSS6.7AI score0.00525EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2023/07/07 12:0 a.m.9 views

PT-2023-4553 · Openssl +7 · Openssl +7

Name of the Vulnerable Software and Affected Versions: OpenSSL affected versions not specified Description: The AES-SIV cipher implementation in OpenSSL contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. This issue can mislead...

7.5CVSS6.5AI score0.05533EPSS
Exploits0References105
Microsoft CVE
Microsoft CVE
added 2021/12/16 8:0 a.m.4 views

Hardcoded static IV and AAD with a reused key in AES GCM encryption in mod_auth_openidc

...

5.9CVSS7AI score0.01503EPSS
Exploits0
Kitploit
Kitploit
added 2021/06/16 12:30 p.m.36 views

Gundog - Guided Hunting In Microsoft 365 Defender

Gundog provides you with guided hunting in Microsoft 365 Defender. Especially if not only for Email and Endpoint Alerts at the moment. Functionality You provide an AlertID you might received via Email notification and gundog will then hunt for as much as possible associated data. It does not give...

6.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/06/10 12:0 a.m.4 views

PT-2021-6452 · Unknown +5 · Mod Auth Openidc +5

Name of the Vulnerable Software and Affected Versions: mod auth openidc versions prior to 2.4.9 Description: The issue is related to the AES GCM encryption in mod auth openidc, which uses a static IV and AAD. This creates a static nonce and can lead to known cryptographic issues since the same ke...

7.5CVSS6.3AI score0.02731EPSS
Exploits2References83
Cvelist
Cvelist
added 2020/10/29 3:50 p.m.21 views

CVE-2019-4547

IBM Security Directory Server 6.4.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 165949...

5.3CVSS5AI score0.01054EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/08/26 7:0 p.m.17 views

CVE-2019-4699

IBM Security Guardium Data Encryption GDE 3.0.0.2 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 171931...

2.7CVSS3.3AI score0.00499EPSS
Exploits0References2
Prion
Prion
added 2018/08/06 2:29 p.m.13 views

Information disclosure

IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 127400...

4CVSS4.1AI score0.00984EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2017/08/21 12:0 a.m.19 views

Nimbus JOSE+JWT Security Bypass Vulnerability

Nimbus JOSE+JWT is an open source Java library . Nimbus JOSE+JWT fails to perform integer overflow detection, allowing remote attackers to exploit vulnerabilities to perform HMAC bypass attacks by sniffing AAD and ciphertext...

7.5CVSS8AI score0.00888EPSS
Exploits0References1
CNVD
CNVD
added 2015/03/20 12:0 a.m.2 views

OpenSSL 'ASN1_item_ex_d2i' Function Denial of Service Vulnerability

OpenSSL is an open source implementation of SSL used to enable strong encryption of network communications and is now widely used in a variety of web applications. A denial of service vulnerability exists in the 'ASN1itemexd2i' function of OpenSSL 'crypto/asn1/tasndec.c'. Due to the program faili...

5CVSS6.9AI score0.0837EPSS
Exploits0References1
Rows per page
Query Builder