Lucene search
+L

40 matches found

vulnersOsv
vulnersOsv
added 2026/04/24 3:59 p.m.9 views

core-aws (>=1.1.0 <=1.3.0), mind-castle (=0.4.7) potentially affected by CVE-2026-6550 via aws-encryption-sdk (>=4.0.0 <=4.0.3)

aws-encryption-sdk PYPI version =4.0.0, =1.1.0, =1.3.0 - mind-castle =0.4.7 Source cves: CVE-2026-6550 Source advisory: OSV:GHSA-V638-38FC-RHFV...

5.7CVSS5.8AI score0.00096EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/24 3:59 p.m.9 views

aws-encryption-sdk-cli (>=2.1.0 <=3.1.0), cloudformation-cli-python-lib (>=2.1.9 <=2.1.16) +4 more potentially affected by CVE-2026-6550 via aws-encryption-sdk (>=2.0.0 <=3.3.0)

aws-encryption-sdk PYPI version =2.0.0, =2.1.0, =2.1.9, =1.0.0, =1.0.1, =0.4.8, =25.11.0, =25.14.1 Source cves: CVE-2026-6550 Source advisory: OSV:GHSA-V638-38FC-RHFV...

5.7CVSS5.4AI score0.00096EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/04/24 3:59 p.m.18 views

AWS Encryption SDK for Python: Key commitment policy bypass via shared key cache

Summary AWS Encryption SDK ESDK for Python is a client-side encryption library. An issue exists where, under certain circumstances, a specific cryptographic algorithm downgrade in the caching layer might allow an authenticated local threat actor to bypass key commitment policy enforcement via a...

5.7CVSS5.6AI score0.00096EPSS
Exploits0References7Affected Software1
vulnersOsv
vulnersOsv
added 2026/04/20 8:12 p.m.10 views

cloudformation-cli-python-lib (>=2.1.12 <=2.1.16), core-aws (>=1.0.0 <=1.0.4) +3 more potentially affected by CVE-2026-6550 via aws-encryption-sdk (>=3.1.0 <=3.3.0)

aws-encryption-sdk PYPI version =3.1.0, =2.1.12, =1.0.0, =1.0.1, =0.4.8, =25.11.0, =25.14.1 Source cves: CVE-2026-6550 Source advisory: SNYK:PYTHON-AWSENCRYPTIONSDK-16115497...

5.7CVSS5.4AI score0.00096EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/20 8:12 p.m.8 views

core-aws (>=1.1.0 <=1.3.0), mind-castle (=0.4.7) potentially affected by CVE-2026-6550 via aws-encryption-sdk (>=4.0.0 <=4.0.3)

aws-encryption-sdk PYPI version =4.0.0, =1.1.0, =1.3.0 - mind-castle =0.4.7 Source cves: CVE-2026-6550 Source advisory: SNYK:PYTHON-AWSENCRYPTIONSDK-16115497...

5.7CVSS5.8AI score0.00096EPSS
Exploits0
Snyk
Snyk
added 2026/04/20 8:12 p.m.10 views

Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')

Overview aws-encryption-sdk is an AWS Encryption SDK implementation for Python Affected versions of this package are vulnerable to Selection of Less-Secure Algorithm During Negotiation 'Algorithm Downgrade' via the shared key cache. An attacker can bypass key commitment policy enforcement by...

5.7CVSS5.7AI score0.00096EPSS
Exploits0References2
CVE
CVE
added 2026/04/20 7:20 p.m.16 views

CVE-2026-6550

The vulnerability CVE-2026-6550 affects the AWS Encryption SDK for Python in its caching layer. A cryptographic downgrade in the key cache could allow an authenticated local actor to bypass key commitment policy enforcement, enabling ciphertext to be decrypted into multiple possible plaintexts. A...

5.7CVSS5.7AI score0.00096EPSS
Exploits0References4
Hacker One
Hacker One
added 2026/03/22 4:44 a.m.17 views

AWS VDP: V2Plugin.Decrypt panics on empty ciphertext (Remote DoS)

A vulnerability was discovered in the "aws-encryption-provider" component where the "V2Plugin.Decrypt" function accessed the ciphertext slice without checking if it was empty, leading to a panic and crashing the entire gRPC server process...

5.8AI score
Exploits0
Hacker One
Hacker One
added 2026/03/22 4:40 a.m.14 views

AWS VDP: V1Plugin.Decrypt panics on empty ciphertext (Remote DoS)

A vulnerability was discovered in the aws-encryption-provider component of the pkg/plugin/plugin.go file at revision 4341c70. The vulnerability caused the V1Plugin.Decrypt function to panic when passed an empty ciphertext, crashing the entire gRPC server process. This was due to the function...

5.8AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.19 views

EUVD-2020-0050

Malware in sbrugna...

8.1CVSS7.9AI score0.00394EPSS
Exploits1References5
vulnersOsv
vulnersOsv
added 2025/08/12 9:40 a.m.14 views

cn.jarkata:jarkata-encrypt (=1.0.0), cn.ponfee:commons-core (>=1.1 <=1.4) +242 more potentially affected by CVE-2025-8885 via org.bouncycastle:bcprov-ext-jdk18on (>=1.71 <=1.77)

org.bouncycastle:bcprov-ext-jdk18on MAVEN version =1.71, =1.1, =2.4.1, =3.0.0 - com.clever-cloud.pulsar4s:pulsar4s-akka-streams2.12 =2.9.1 - com.clever-cloud.pulsar4s:pulsar4s-akka-streams2.13 =2.9.1 - com.clever-cloud.pulsar4s:pulsar4s-akka-streams3 =2.9.1 -...

6.3CVSS6.7AI score0.00541EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 9:43 a.m.7 views

CVE-2024-23680

AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9.0 incorrectly validates some invalid ECDSA signatures...

5.3CVSS5.3AI score0.0021EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:11 p.m.10 views

CVE-2020-8897

A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript prior to versions 2.0.0. Due to the non-committing property of AES-GCM and other AEAD ciphers such as AES-GCM-SIV or XChaCha20Poly1305 used by the SDKs to encrypt messages, an attacker can craft a...

8.1CVSS6.7AI score0.00394EPSS
Exploits1References1
Citrix
Citrix
added 2024/12/02 12:0 a.m.10 views

Unable to encrypt Identity disk on AWS when using encrypted master image

The AMI was created using an encrypted instance\snapshot. However, the MCS machines appear with identity disk "Not encrypted"...

7.2AI score
Exploits0
Github Security Blog
Github Security Blog
added 2024/01/19 9:30 p.m.23 views

Duplicate Advisory: Improper Verification of Cryptographic Signature in aws-encryption-sdk-java

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-55xh-53m6-936r. This link is maintained to preserve external references. Original Description AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9.0 incorrectly validates some invalid ECDSA...

5.3CVSS5.5AI score0.0021EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2024/01/19 9:15 p.m.22 views

Code injection

AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9.0 incorrectly validates some invalid ECDSA signatures...

5CVSS7.1AI score0.0021EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/01/19 8:44 p.m.33 views

CVE-2024-23680 AWS Encryption SDK for Java Improper Verification of Cryptographic Signature

AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9.0 incorrectly validates some invalid ECDSA signatures...

5.5AI score0.0021EPSS
Exploits0References3
OSV
OSV
added 2024/01/19 8:44 p.m.23 views

CVE-2024-23680 AWS Encryption SDK for Java Improper Verification of Cryptographic Signature

AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9.0 incorrectly validates some invalid ECDSA signatures...

5.3CVSS6.1AI score0.0021EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/08/27 1:3 p.m.6 views

Malicious code in aws-encryption-sdk-javascript (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ded7612b942b1e3da52d4dfc7abcb64d6ad4bd30d80fac04815238838f9f4763 The OpenSSF Package Analysis project identified 'aws-encryption-sdk-javascript' @ 23.0.0 npm as malicious. It is considered malicious because: -...

6.9AI score
Exploits0
OSV
OSV
added 2023/08/27 1:3 p.m.18 views

MAL-2023-7919 Malicious code in aws-encryption-sdk-javascript (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ded7612b942b1e3da52d4dfc7abcb64d6ad4bd30d80fac04815238838f9f4763 The OpenSSF Package Analysis project identified 'aws-encryption-sdk-javascript' @ 23.0.0 npm as malicious. It is considered malicious because: -...

7.1AI score
Exploits0
Rows per page
Query Builder