44 matches found
cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE
A vulnerability was found in cjose. The cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the tag length from the actual Authentication Tag provided in the JSON Web Encryption JWE. A fixed length of 16 octets must ...
GHSA-64X4-9HC6-R2H6 Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library
Summary The Azure Storage Encryption library in Java and other languages is vulnerable to a CBC Padding Oracle attack, similar to CVE-2020-8911. The library is not vulnerable to the equivalent of CVE-2020-8912, but only because it currently only supports AES-CBC as encryption mode. Severity...
UBUNTU-CVE-2022-31085
LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by...
CLSA-2022-1643914390 Fix of CVE: CVE-2021-4122
CVE-2021-4122: fix possible attacks against data confidentiality through LUKS2 online reencryption extension crash recovery...
GHSA-59G9-7GFX-C72P Infinite loop in Tomcat due to parsing error
Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service...
cloudformation-cli-python-lib (=2.1.9) potentially affected by unknown CVE via aws-encryption-sdk (=2.0.0)
aws-encryption-sdk PYPI version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on aws-encryption-sdk and may be impacted: - cloudformation-cli-python-lib =2.1.9 Source cves: unknown CVE Source advisory: OSV:GHSA-X5H4-9GQW-942J...
Google Discloses Severe Bug in Libgcrypt Encryption Library—Impacting Many Projects
A "severe" vulnerability in GNU Privacy Guard GnuPG's Libgcrypt encryption software could have allowed an attacker to write arbitrary data to the target machine, potentially leading to remote code execution. The flaw, which affects version 1.9.0 of libgcrypt, was discovered on January 28 by Tavis...
jsrsasign package data forgery issue vulnerability
jsrsasign package is an open source encryption library from the Japanese software developer Kenji Urashima . A security vulnerability exists in jsrsasign package version 8.0.18 and earlier Node.js. No detailed vulnerability details are provided at this time...
jsrsasign package buffer overflow vulnerability (CNVD-2021-20284)
jsrsasign package is an open source encryption library from the Japanese software developer Kenji Urashima . A security vulnerability exists in jsrsasign package versions prior to 8.0.18 Node.js. An attacker could exploit this vulnerability to cause memory corruption...
Code injection
The encryption library in Cisco IOS Software 15.21T, 15.21T1, and 15.22T, Cisco NX-OS in Cisco MDS 9222i Multiservice Modular Switch, Cisco MDS 9000 18/4-Port Multiservice Module, and Cisco MDS 9000 Storage Services Node module before 5.26, and Cisco IOS in Cisco VPN Services Port Adaptor for...
CVE-2011-4667
The encryption library in Cisco IOS Software 15.21T, 15.21T1, and 15.22T, Cisco NX-OS in Cisco MDS 9222i Multiservice Modular Switch, Cisco MDS 9000 18/4-Port Multiservice Module, and Cisco MDS 9000 Storage Services Node module before 5.26, and Cisco IOS in Cisco VPN Services Port Adaptor for...
codeigniter -- multiple vulnerabilities
The CodeIgniter changelog reports: Fixed a header injection vulnerability in common function setstatusheader under Apache thanks to Guillermo Caminer from Flowgate. Fixed byte-safety issues in Encrypt Library DEPRECATED when mbstring.funcoverload is enabled. Fixed byte-safety issues in Encryption...
Magento Encryption Library Information Disclosure Vulnerability
Magento Encryption Library is an encryption library developed by the U.S. company Magento. An information disclosure vulnerability exists in Magento Encryption Library. An attacker can exploit this vulnerability to obtain sensitive data...
UBUNTU-CVE-2016-0665
Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Security: Encryption...
SUSE-SU-2015:1707-1 Security update for libssh
The encryption library libssh was updated to fix one security issue. The following vulnerability was fixed: CVE-2015-3146: Unauthenticated remote attackers could crash the server or client with specially crafted packages...
Vulnerabilities of the Gentoo Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information
Multiple vulnerabilities exist in the openssl package up to version 0.9.8d of the Gentoo Linux operating system. Exploitation of these vulnerabilities may lead to violations of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...
April 2014 Oracle Critical Patch Update
Software maker and database management company Oracle yesterday released its quarterly Critical Patch Update. The release resolves more than 100 security vulnerabilities, many of which received high common vulnerability scoring system base scores and should be applied as soon as possible. Product...
Fedora Update for mingw-gnutls FEDORA-2013-3453
Check for the Version of mingw-gnutls OpenVAS Vulnerability Test Fedora Update for mingw-gnutls FEDORA-2013-3453 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
Fedora Update for mingw-gnutls FEDORA-2013-2128
Check for the Version of mingw-gnutls OpenVAS Vulnerability Test Fedora Update for mingw-gnutls FEDORA-2013-2128 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
[SECURITY] Fedora 17 Update: mingw-gnutls-2.12.20-1.fc17
GnuTLS TLS/SSL encryption library. This library is cross-compiled for MinGW...