6 matches found
CVE-2024-23680
creationtimestamp| type| source ---|---|--- 2024-02-15 16:52:04+00:00| seen| https://t.me/ctinow/185687...
CVE-2024-23680 AWS Encryption SDK for Java Improper Verification of Cryptographic Signature
AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9.0 incorrectly validates some invalid ECDSA signatures...
CVE-2024-23680 AWS Encryption SDK for Java Improper Verification of Cryptographic Signature
AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9.0 incorrectly validates some invalid ECDSA signatures...
CVE-2024-23680
CVE-2024-23680 affects the AWS Encryption SDK for Java (versions 2.0.0–2.2.0 and older than 1.9.0). The issue is that the library incorrectly validates certain invalid ECDSA signatures, with Red Hat/CVE and OSV entries corroborating the vulnerable range and nature. The practical impact stated acr...
br.com.guiabolso:hyperloop-transport (=3.0.1), com.eoniantech:secrets-locker (>=1.0 <=1.2) +8 more potentially affected by CVE-2024-23680 via com.amazonaws:aws-encryption-sdk-java (>=0.0.1 <=1.7.0)
com.amazonaws:aws-encryption-sdk-java MAVEN version =0.0.1, =1.0, =2.3.2, =0.3.0, =2.8.0, =2.11.1 - org.apache.ignite:ignite-aws-ext =1.0.0 - org.dreamhorizon:vertx-cron =1.0.0 - software.amazon.cloudformation:aws-cloudformation-rpdk-java-plugin =2.0.12 Source cves: CVE-2024-23680 Source advisory...
com.yandex.cloud:kms-provider-awscrypto (>=2.0 <=2.6) potentially affected by CVE-2024-23680 via com.amazonaws:aws-encryption-sdk-java (=2.0.0)
com.amazonaws:aws-encryption-sdk-java MAVEN version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.amazonaws:aws-encryption-sdk-java and may be impacted: - com.yandex.cloud:kms-provider-awscrypto =2.0, =2.6 Source cves: CVE-2024-23680 Sourc...