CVE-2022-43995

Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer...

CVE-2022-43995

Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer...

PT-2022-5350 · Sudo +5 · Sudo +5

Name of the Vulnerable Software and Affected Versions: Sudo versions 1.8.0 through 1.9.12 Description: The issue is related to an array-out-of-bounds error in the plugins/sudoers/auth/passwd.c file of the Sudo program when using the crypt password backend. This error can result in a heap-based...

Malicious code in crypt-osj (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 866ab4f1ee9ce8e2e4d4737ae37177fe6a206cc888d00e8d9b3af8e323434910 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-2250 Malicious code in crypt-osj (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 866ab4f1ee9ce8e2e4d4737ae37177fe6a206cc888d00e8d9b3af8e323434910 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-35928

AES Crypt is a file encryption software for multiple platforms. AES Crypt for Linux built using the source on GitHub and having the version number 3.11 has a vulnerability with respect to reading user-provided passwords and confirmations via command-line prompts. Passwords lengths were not checke...

Code injection

AES Crypt is a file encryption software for multiple platforms. AES Crypt for Linux built using the source on GitHub and having the version number 3.11 has a vulnerability with respect to reading user-provided passwords and confirmations via command-line prompts. Passwords lengths were not checke...

CVE-2022-35928 AES Crypt for Linux Password Security Vulnerability

AES Crypt is a file encryption software for multiple platforms. AES Crypt for Linux built using the source on GitHub and having the version number 3.11 has a vulnerability with respect to reading user-provided passwords and confirmations via command-line prompts. Passwords lengths were not checke...

CVE-2022-35928

AES Crypt for Linux (v3.11) reads passwords/confirmations from the command line without validating input length, potentially causing buffer overruns. The issue is not present when using -p or -k, and the fix is in commit 68761851b595e96c68c3f46bfc21167e72c6a22c and will be shipped in release 3.16...

CVE-2022-35928 AES Crypt for Linux Password Security Vulnerability

AES Crypt is a file encryption software for multiple platforms. AES Crypt for Linux built using the source on GitHub and having the version number 3.11 has a vulnerability with respect to reading user-provided passwords and confirmations via command-line prompts. Passwords lengths were not checke...

CVE-2022-35928 AES Crypt for Linux Password Security Vulnerability

AES Crypt is a file encryption software for multiple platforms. AES Crypt for Linux built using the source on GitHub and having the version number 3.11 has a vulnerability with respect to reading user-provided passwords and confirmations via command-line prompts. Passwords lengths were not checke...

Packetizer AES Crypt 授权问题漏洞

Packetizer AES Crypt is an advanced file encryption utility from Packetizer. Easily and securely encrypt files using the industry standard Advanced Encryption Standard AES. A security vulnerability exists in Packetizer AES Crypt version 3.11, which stems from a failure to check the length of the...

Fedora: Security Advisory for golang-github-xordataexchange-crypt (FEDORA-2022-37aef44d1e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for golang-github-xordataexchange-crypt (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: golang-github-xordataexchange-crypt-0.0.2-12.20190412gitb2862e3.fc35

Store and retrieve encrypted configs from etcd or consul...

Input validation

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Improper Input Validation Vulnerability...

Fedora: Security Advisory for golang-github-xordataexchange-crypt (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-github-xordataexchange-crypt-0.0.2-12.20190412gitb2862e3.fc36

Store and retrieve encrypted configs from etcd or consul...

GSD-2022-1004088 dm crypt: make printing of the key constant-time

dm crypt: make printing of the key constant-time This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.317 by commit...

GSD-2022-1004006 dm crypt: make printing of the key constant-time

dm crypt: make printing of the key constant-time This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.282 by commit...