PT-2023-19183 · Unknown · Fizz Library

Name of the Vulnerable Software and Affected Versions: fizz library versions prior to v2023.01.30.00 Description: The issue is related to a CHECK failure that can be triggered remotely in the fizz library. This behavior occurs when the client-supported cipher advertisement changes between the...

The vulnerability of the Cipher.update_into function in the Python programming language-based cryptography interpreter allows a attacker to compromise the integrity and accessibility of the output data.

The vulnerability of the Cipher.updateinto function in the Python programming language’s cryptographic library is related to insufficient checking of unusual or exceptional states. Exploiting this vulnerability could allow a malicious actor to compromise the integrity and accessibility of the...

Denial Of Services (DoS)

openssl is vulnerable to Denial Of Services DoS. The vulnerability exists due to the bug in the AES-XTS cipher decryption implementation for 64 bit ARM platform, which reads the past input buffer, leading to an application crash...

CVE-2023-2443

Rockwell Automation ThinManager product allows the use of medium strength ciphers. If the client requests an insecure cipher, a malicious actor could potentially decrypt traffic sent between the client and server API...

openssl: Using a Custom Cipher with NID_undef may lead to NULL encryption

A flaw was found in OpenSSL, where it incorrectly handles legacy custom ciphers passed to the EVPEncryptInitex2, EVPDecryptInitex2 and EVPCipherInitex2 functions as well as other similarly named encryption and decryption initialization functions. Instead of using the custom cipher directly, it...

CVE-2023-2197

HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKMAESCBCPAD or CKMAESCBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in orde...

CVE-2023-2197

HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKMAESCBCPAD or CKMAESCBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in orde...

Design/Logic Flaw

HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKMAESCBCPAD or CKMAESCBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in orde...

CVE-2023-2197 Vault Enterprise Vulnerable to Padding Oracle Attacks When Using a CBC-based Encryption Mechanism with a HSM

HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKMAESCBCPAD or CKMAESCBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in orde...

CVE-2023-2197

HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKMAESCBCPAD or CKMAESCBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in orde...

K000133752: OpenSSL vulnerability CVE-2023-1255

Security Advisory Description Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash ...

HashiCorp Vault 加密问题漏洞

HashiCorp Vault is a private key access management tool from HashiCorp USA. A security vulnerability exists in HashiCorp Vault Enterprise that stems from the Vault not properly applying HMAC to messages sent from the HSM when using a CBC-based encryption mechanism...

CVE-2023-2158

Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious actor is able to gain access to another user's account by crafting a custom "Remember Me" token. This is possible due to the use of a hard-coded cipher which was used when generating the token. A...

CVE-2023-2158

Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious actor is able to gain access to another user's account by crafting a custom "Remember Me" token. This is possible due to the use of a hard-coded cipher which was used when generating the token. A...

CVE-2023-2158 Impersonation through User-Controlled Token

Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious actor is able to gain access to another user's account by crafting a custom "Remember Me" token. This is possible due to the use of a hard-coded cipher which was used when generating the token. A...

CVE-2023-2158 Impersonation through User-Controlled Token

Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious actor is able to gain access to another user's account by crafting a custom "Remember Me" token. This is possible due to the use of a hard-coded cipher which was used when generating the token. A...

PT-2023-18284 · Code Dx · Code Dx

Name of the Vulnerable Software and Affected Versions: Code Dx versions prior to 2023.4.2 Description: The issue allows a malicious actor to gain access to another user's account by crafting a custom "Remember Me" token. This is possible due to the use of a hard-coded cipher when generating the...

SUSE CVE-2023-1255

Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The...

CVE-2023-1255

A vulnerability was found in OpenSSL. This security flaw occurs because the AES-XTS cipher decryption implementation for the 64-bit ARM platform contains an issue that could cause it to read past the input buffer, leading to a crash...

ALPINE-CVE-2023-1255

Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The...