MAL-2023-8227 Malicious code in nequi-aws-kms (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f31f502dc3ccd6a55cacb7aaeb1c7e6d18a66345ca5b79b21809095bcf232fa7 The OpenSSF Package Analysis project identified 'nequi-aws-kms' @ 0.1.6 npm as malicious. It is considered malicious because: - The package...

Malicious code in nequi-aws-kms (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f31f502dc3ccd6a55cacb7aaeb1c7e6d18a66345ca5b79b21809095bcf232fa7 The OpenSSF Package Analysis project identified 'nequi-aws-kms' @ 0.1.6 npm as malicious. It is considered malicious because: - The package...

Security issues in AWS KMS and AWS Encryption SDKs: in-band protocol negotiation and robustness

Authors: Thai "thaidn" Duong Summary The following security vulnerabilities was discovered and reported to Amazon, affecting AWS KMS and all versions of AWS Encryption SDKs prior to version 2.0.0: Information leakage: an attacker can create ciphertexts that would leak the user’s AWS account ID,...

GHSA-WQGP-VPHW-HPHF Security issues in AWS KMS and AWS Encryption SDKs: in-band protocol negotiation and robustness

Authors: Thai "thaidn" Duong Summary The following security vulnerabilities was discovered and reported to Amazon, affecting AWS KMS and all versions of AWS Encryption SDKs prior to version 2.0.0: Information leakage: an attacker can create ciphertexts that would leak the user’s AWS account ID,...

GHSA-H45P-W933-JXH3 Improper Verification of Cryptographic Signature in aws-encryption-sdk-javascript

Impact This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages. This ESDK supports a streaming mode where callers may stream the plaintext of signed messages before the ECDSA signature is validated. In...

GHSA-89V2-G37M-G3FF Improper Verification of Cryptographic Signature in aws-encryption-sdk-cli

Impact This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages. This ESDK supports a streaming mode where callers may stream the plaintext of signed messages before the ECDSA signature is validated. In...

Improper Verification of Cryptographic Signature in aws-encryption-sdk-cli

Impact This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages. This ESDK supports a streaming mode where callers may stream the plaintext of signed messages before the ECDSA signature is validated. In...

Improper Verification of Cryptographic Signature in aws-encryption-sdk

Impact This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages. This ESDK supports a streaming mode where callers may stream the plaintext of signed messages before the ECDSA signature is validated. In...

GHSA-X5H4-9GQW-942J Improper Verification of Cryptographic Signature in aws-encryption-sdk

Impact This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages. This ESDK supports a streaming mode where callers may stream the plaintext of signed messages before the ECDSA signature is validated. In...

GHSA-55XH-53M6-936R Improper Verification of Cryptographic Signature in aws-encryption-sdk-java

Impact This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages. This update addresses an issue where certain invalid ECDSA signatures incorrectly passed validation. These signatures provide defense in depth...

Improper Verification of Cryptographic Signature in aws-encryption-sdk-java

Impact This advisory addresses several LOW severity issues with streaming signed messages and restricting processing of certain types of invalid messages. This update addresses an issue where certain invalid ECDSA signatures incorrectly passed validation. These signatures provide defense in depth...

How to work with Amazon EBS encryption using Veeam Backup for AWS

Challenge You want to backup or restore instances with encrypted volumes. You receive one of the following related errors while working with encrypted volumes: Encrypted snapshots with EBS default key cannot be shared The default encryption key in the region of your service account is aws/ebs...