EUVD-2022-32827

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2016-1000344

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for...

CipherMind: the Longest Codebook in the World

In recent years, the widespread application of large language models has inspired us to consider using inference for communication encryption. We therefore propose CipherMind, which utilizes intermediate results from deterministic fine-tuning of large model inferences as transmission content. The...

CVE-2022-28382

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to the use of an insecure encryption AES mode Electronic Codebook, aka ECB, an attacker may be able to extract information even from encrypted data, for example by observing repeating byte patterns. The firmware of the...

CVE-2021-0967

In vorbisbookdecodevset of codebook.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-1...

CVE-2020-11829

Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is com.coloros.codebook V2.0.05493e40200722...

Training-Free Watermarking for Autoregressive Image Generation

Invisible image watermarking can protect image ownership and prevent malicious misuse of visual generative models. However, existing generative watermarking methods are mainly designed for diffusion models while watermarking for autoregressive image generation models remains largely underexplored...

ALPINE-CVE-2023-5363

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

SUSE CVE-2008-1419

Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service crash or infinite loop or trigger an integer overflow...

SUSE CVE-2013-7252

kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack...

SUSE CVE-2020-20412

lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file. NOTE: this may overlap CVE-2018-5146...

PT-2022-5147 · Microsoft · Office 365

Name of the Vulnerable Software and Affected Versions: Microsoft Office 365 affected versions not specified Description: The issue is related to a security mechanism in Office 365 Message Encryption OME that uses the Electronic Codebook ECB mode. This allows a remote attacker to potentially acces...

The vulnerability of the Office 365 Message Encryption security mechanism in the Microsoft Office 365 software package allows a perpetrator to gain access to protected information.

The vulnerability of the Office 365 Message Encryption security mechanism OME in the Microsoft Office 365 suite is related to the possibility of using the Electronic Codebook mode. Exploiting this vulnerability could allow a malicious actor to gain access to protected information...

OESA-2022-1833 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under so...

CLSA-2022-1660238929 Fixed CVE-2022-2097 in openssl

CVE-2022-2097: Fix AES OCB encrypt/decrypt for x86 AES-NI...

openssl: AES OCB fails to encrypt some bytes

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...

CVE-2022-30273

The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption mode, traffic is encrypted via the Tiny Encryption Algorithm TEA block-cipher in ECB mode. This mode of operation does n...

CVE-2022-30273

The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption mode, traffic is encrypted via the Tiny Encryption Algorithm TEA block-cipher in ECB mode. This mode of operation does n...

AES OCB fails to encrypt some bytes

...

The vulnerability of the AES OCB mode in the OpenSSL library allows a hacker to disclose protected information.

The vulnerability of the AES OCB mode in the OpenSSL library, where the necessary encryption step is absent. Exploiting this vulnerability can allow a malicious actor to disclose the protected information remotely...