Lucene search
K

44 matches found

RedHat Linux
RedHat Linux
added 2023/08/01 1:45 p.m.5 views

cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE

A vulnerability was found in cjose. The cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the tag length from the actual Authentication Tag provided in the JSON Web Encryption JWE. A fixed length of 16 octets must ...

8.6CVSS5.7AI score0.006EPSS
Exploits1References5
OSV
OSV
added 2022/07/13 12:0 a.m.67 views

GHSA-64X4-9HC6-R2H6 Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library

Summary The Azure Storage Encryption library in Java and other languages is vulnerable to a CBC Padding Oracle attack, similar to CVE-2020-8911. The library is not vulnerable to the equivalent of CVE-2020-8912, but only because it currently only supports AES-CBC as encryption mode. Severity...

4.7CVSS4.9AI score0.00521EPSS
Exploits0References4
OSV
OSV
added 2022/06/27 9:15 p.m.4 views

UBUNTU-CVE-2022-31085

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by...

6.1CVSS7.2AI score0.00257EPSS
Exploits0References4
OSV
OSV
added 2022/02/03 6:53 p.m.7 views

CLSA-2022-1643914390 Fix of CVE: CVE-2021-4122

CVE-2021-4122: fix possible attacks against data confidentiality through LUKS2 online reencryption extension crash recovery...

4.3CVSS6.9AI score0.0028EPSS
Exploits0References1
OSV
OSV
added 2021/09/20 8:45 p.m.2 views

GHSA-59G9-7GFX-C72P Infinite loop in Tomcat due to parsing error

Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service...

7.5CVSS7.1AI score0.07182EPSS
Exploits0References9
vulnersOsv
vulnersOsv
added 2021/06/01 9:17 p.m.4 views

cloudformation-cli-python-lib (=2.1.9) potentially affected by unknown CVE via aws-encryption-sdk (=2.0.0)

aws-encryption-sdk PYPI version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on aws-encryption-sdk and may be impacted: - cloudformation-cli-python-lib =2.1.9 Source cves: unknown CVE Source advisory: OSV:GHSA-X5H4-9GQW-942J...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/01 7:14 a.m.49 views

Google Discloses Severe Bug in Libgcrypt Encryption Library—Impacting Many Projects

A "severe" vulnerability in GNU Privacy Guard GnuPG's Libgcrypt encryption software could have allowed an attacker to write arbitrary data to the target machine, potentially leading to remote code execution. The flaw, which affects version 1.9.0 of libgcrypt, was discovered on January 28 by Tavis...

0.9AI score
Exploits0
CNVD
CNVD
added 2020/06/23 12:0 a.m.7 views

jsrsasign package data forgery issue vulnerability

jsrsasign package is an open source encryption library from the Japanese software developer Kenji Urashima . A security vulnerability exists in jsrsasign package version 8.0.18 and earlier Node.js. No detailed vulnerability details are provided at this time...

7.5CVSS6.7AI score0.01116EPSS
Exploits1References1
CNVD
CNVD
added 2020/06/23 12:0 a.m.7 views

jsrsasign package buffer overflow vulnerability (CNVD-2021-20284)

jsrsasign package is an open source encryption library from the Japanese software developer Kenji Urashima . A security vulnerability exists in jsrsasign package versions prior to 8.0.18 Node.js. An attacker could exploit this vulnerability to cause memory corruption...

9.8CVSS6.5AI score0.02592EPSS
Exploits1References1
Prion
Prion
added 2017/09/25 9:29 p.m.13 views

Code injection

The encryption library in Cisco IOS Software 15.21T, 15.21T1, and 15.22T, Cisco NX-OS in Cisco MDS 9222i Multiservice Modular Switch, Cisco MDS 9000 18/4-Port Multiservice Module, and Cisco MDS 9000 Storage Services Node module before 5.26, and Cisco IOS in Cisco VPN Services Port Adaptor for...

4.3CVSS7.1AI score0.00688EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2017/09/25 9:0 p.m.18 views

CVE-2011-4667

The encryption library in Cisco IOS Software 15.21T, 15.21T1, and 15.22T, Cisco NX-OS in Cisco MDS 9222i Multiservice Modular Switch, Cisco MDS 9000 18/4-Port Multiservice Module, and Cisco MDS 9000 Storage Services Node module before 5.26, and Cisco IOS in Cisco VPN Services Port Adaptor for...

5.7AI score0.00688EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2017/03/23 12:0 a.m.13 views

codeigniter -- multiple vulnerabilities

The CodeIgniter changelog reports: Fixed a header injection vulnerability in common function setstatusheader under Apache thanks to Guillermo Caminer from Flowgate. Fixed byte-safety issues in Encrypt Library DEPRECATED when mbstring.funcoverload is enabled. Fixed byte-safety issues in Encryption...

1.6AI score
Exploits0References1
CNVD
CNVD
added 2016/08/04 12:0 a.m.4 views

Magento Encryption Library Information Disclosure Vulnerability

Magento Encryption Library is an encryption library developed by the U.S. company Magento. An information disclosure vulnerability exists in Magento Encryption Library. An attacker can exploit this vulnerability to obtain sensitive data...

7.5CVSS6.2AI score0.00846EPSS
Exploits0References1
OSV
OSV
added 2016/04/20 12:0 a.m.2 views

UBUNTU-CVE-2016-0665

Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Security: Encryption...

5.5CVSS6.7AI score0.01031EPSS
Exploits0References4
OSV
OSV
added 2015/10/01 8:51 a.m.7 views

SUSE-SU-2015:1707-1 Security update for libssh

The encryption library libssh was updated to fix one security issue. The following vulnerability was fixed: CVE-2015-3146: Unauthenticated remote attackers could crash the server or client with specially crafted packages...

7.5CVSS7.4AI score0.0391EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2015/04/28 12:0 a.m.7 views

Vulnerabilities of the Gentoo Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

Multiple vulnerabilities exist in the openssl package up to version 0.9.8d of the Gentoo Linux operating system. Exploitation of these vulnerabilities may lead to violations of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

10CVSS6.8AI score0.48575EPSS
Exploits10References6Affected Software1
ThreatPost
ThreatPost
added 2014/04/16 12:32 p.m.67 views

April 2014 Oracle Critical Patch Update

Software maker and database management company Oracle yesterday released its quarterly Critical Patch Update. The release resolves more than 100 security vulnerabilities, many of which received high common vulnerability scoring system base scores and should be applied as soon as possible. Product...

5CVSS0.4AI score0.99999EPSS
Exploits88References5
OpenVAS
OpenVAS
added 2013/03/15 12:0 a.m.21 views

Fedora Update for mingw-gnutls FEDORA-2013-3453

Check for the Version of mingw-gnutls OpenVAS Vulnerability Test Fedora Update for mingw-gnutls FEDORA-2013-3453 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

4CVSS6.4AI score0.0644EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2013/02/18 12:0 a.m.40 views

Fedora Update for mingw-gnutls FEDORA-2013-2128

Check for the Version of mingw-gnutls OpenVAS Vulnerability Test Fedora Update for mingw-gnutls FEDORA-2013-2128 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

4CVSS6.4AI score0.0644EPSS
Exploits1References2
Fedora
Fedora
added 2013/02/17 3:31 a.m.29 views

[SECURITY] Fedora 17 Update: mingw-gnutls-2.12.20-1.fc17

GnuTLS TLS/SSL encryption library. This library is cross-compiled for MinGW...

4CVSS2.4AI score0.0644EPSS
Exploits1
Rows per page
Query Builder