Lucene search
K

15 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-0887

Malicious code in bioql PyPI...

2.5CVSS4.9AI score0.00231EPSS
Exploits1References11
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-7534

Malicious code in bioql PyPI...

4.3CVSS4.7AI score0.00481EPSS
Exploits1References5
OSV
OSV
added 2024/12/12 10:0 p.m.27 views

GO-2022-0635 In-band key negotiation issue in AWS S3 Crypto SDK for golang in github.com/aws/aws-sdk-go

A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-CTR. Using this i...

2.5CVSS3.9AI score0.00231EPSS
Exploits1References7
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/31 4:44 p.m.43 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Amazon AWS S3 Crypto SDK for GoLang (CVE-2020-8912)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security restrictions bypass in Amazon AWS S3 Crypto SDK for GoLang caused by a flaw in the in-band key negotiation. CVE-2020-8912. Amazon AWS S3 Crypto SDK for GoLang is included as part of the Base OS...

2.5CVSS4.7AI score0.00231EPSS
Exploits1Affected Software1
Cvelist
Cvelist
added 2022/12/27 9:13 p.m.39 views

CVE-2022-2582 Exposure of unencrypted plaintext hash in github.com/aws/aws-sdk-go

The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it...

4.8AI score0.00481EPSS
Exploits1References2
OSV
OSV
added 2022/02/11 11:26 p.m.67 views

GHSA-F5PG-7WFW-84Q9 CBC padding oracle issue in AWS S3 Crypto SDK for golang

Summary The golang AWS S3 Crypto SDK is impacted by an issue that can result in loss of confidentiality and message forgery. The attack requires write access to the bucket in question, and that the attacker has access to an endpoint that reveals decryption failures without revealing the plaintext...

5.6CVSS5.1AI score0.00348EPSS
Exploits1References10
OSV
OSV
added 2022/02/11 11:26 p.m.26 views

GHSA-76WF-9VGP-PJ7W Duplicate Advisory: Unencrypted md5 plaintext hash in metadata in AWS S3 Crypto SDK for golang

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6jvc-q2x7-pchv. This link is maintained to preserve external references. Original Description Summary The golang AWS S3 Crypto SDK was impacted by an issue that can result in loss of confidentiality. An attacker...

4.3CVSS5.1AI score0.00481EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/02/11 11:23 p.m.70 views

In-band key negotiation issue in AWS S3 Crypto SDK for golang

Summary The golang AWS S3 Crypto SDK is impacted by an issue that can result in loss of confidentiality and message forgery. The attack requires write access to the bucket in question, and that the attacker has access to an endpoint that reveals decryption failures without revealing the plaintext...

2.5CVSS5.7AI score0.00231EPSS
Exploits1References10Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/02/11 12:0 a.m.81 views

Use of a Broken or Risky Cryptographic Algorithm

A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code MAC, which then allows an attacker who has write access to the target's S3 bucket and can observe...

5.6CVSS3.8AI score0.00348EPSS
Exploits1References9Affected Software1
RedHat Linux
RedHat Linux
added 2021/10/14 7:53 a.m.94 views

Important: Red Hat Security Advisory: Red Hat 3scale API Management 2.11.0 Release - Container Images

Red Hat 3scale API Management 2.11.0 Release - Container Images A security update for Red Hat 3scale API Management is now available from the Red Hat Container Catalog. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System...

7.7CVSS6.9AI score0.52838EPSS
Exploits12References4
RedhatCVE
RedhatCVE
added 2020/08/18 7:29 p.m.63 views

CVE-2020-8912

A flaw was found in the AWS S3 Crypto SDK where algorithm parameters for the data encryption key are not authenticated. This flaw allows attackers with S3 bucket write access to change the negotiated encryption algorithm, potentially providing viable brute force methods to recover plaintext. This...

2.1CVSS4.2AI score0.00231EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2020/08/18 7:29 p.m.56 views

CVE-2020-8911

A flaw was found in the AWS S3 Crypto SDK that allows users to encrypt files stored in S3 buckets with AES-CBC, without computing a MAC on the data. This allows for a padding oracle, enabling attackers with both write access to the target S3 bucket and the ability to observe the result of valid...

2.1CVSS4.3AI score0.00348EPSS
Exploits1References5
NVD
NVD
added 2020/08/11 8:15 p.m.47 views

CVE-2020-8911

A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. The SDK allows users to encrypt files with AES-CBC without computing a Message Authentication Code MAC, which then allows an attacker who has write access to the target's S3 bucket and can observe...

5.6CVSS5.9AI score0.00348EPSS
Exploits1References2
NVD
NVD
added 2020/08/11 8:15 p.m.47 views

CVE-2020-8912

A vulnerability in the in-band key negotiation exists in the AWS S3 Crypto SDK for GoLang versions prior to V2. An attacker with write access to the targeted bucket can change the encryption algorithm of an object in the bucket, which can then allow them to change AES-GCM to AES-CTR. Using this i...

2.5CVSS4AI score0.00231EPSS
Exploits1References2
CVE
CVE
added 2020/08/11 7:20 p.m.418 views

CVE-2020-8911

CVE-2020-8911 describes a padding oracle in the AWS S3 Crypto SDK for Go (older GoLang S3 encryption client). The vulnerability arises because AES-CBC encryption was used without a MAC, enabling an attacker with write access to the target S3 bucket to observe decryption outcomes and reconstruct p...

5.6CVSS5.8AI score0.00348EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder