SUSE CVE-2017-7822

The AES-GCM implementation in WebCrypto API accepts 0-length IV when it should require a length of 1 according to the NIST Special Publication 800-38D specification. This might allow for the authentication key to be determined in some instances. This vulnerability affects Firefox 56...

SUSE CVE-2017-1000246

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...

SUSE CVE-2020-7069

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data...

libreoffice security update

7.1.8.1-8.0.1 - Replace colors with Oracle colors Orabug: 32120093 - Build with --with-vendor='Oracle America, Inc.' - Added the --with-hamcrest option to configure. 1:7.1.8.1-8 - Resolves: rhbz2134759 Untrusted Macros - Resolves: rhbz2134757 Weak Master Keys - Resolves: rhbz2134755 Static...

libreoffice: Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password

A flaw was found in LibreOffice, where the required initialization vector for encryption was always the same. Stored passwords are encrypted with a single master key provided by the user. This issue weakens the security of the encryption, making them vulnerable if an attacker has access to the...

RHEL 9 : libreoffice (RHSA-2023:0304)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0304 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor...

libreoffice security update

6.4.7.2-12.0.1 - Replace colors with Oracle colors Orabug: 32120093 - Build with --with-vendor='Oracle America, Inc.' - Added the --with-hamcrest option to configure. 1:6.4.7.2-12 - Resolves: rhbz2134752 CVE-2022-26305 Untrusted Macros - Resolves: rhbz2134751 CVE-2022-26307 Weak Master Keys -...

libreoffice: Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password

A flaw was found in LibreOffice, where the required initialization vector for encryption was always the same. Stored passwords are encrypted with a single master key provided by the user. This issue weakens the security of the encryption, making them vulnerable if an attacker has access to the...

CVE-2021-26407

A randomly generated Initialization Vector IV may lead to a collision of IVs with the same key potentially resulting in information disclosure...

CVE-2021-26407

A randomly generated Initialization Vector IV may lead to a collision of IVs with the same key potentially resulting in information disclosure...

CVE-2021-26407

A randomly generated Initialization Vector IV may lead to a collision of IVs with the same key potentially resulting in information disclosure...

CVE-2021-26407

A randomly generated Initialization Vector IV may lead to a collision of IVs with the same key potentially resulting in information disclosure...

CVE-2021-26407

CVE-2021-26407 describes an information-disclosure risk from a collision of randomly generated IVs with the same key. Public references in AMD security bulletins enumerate affected AMD EPYC platforms and related components (ASP, SMU, SEV) and document mitigation steps via firmware/AGESA updates. ...

PT-2023-1488 · Amd · Amd System Management Unit +2

Name of the Vulnerable Software and Affected Versions: AMD Secure Processor ASP affected versions not specified AMD System Management Unit SMU affected versions not specified AMD Secure Encrypted Virtualization SEV affected versions not specified Description: The issue is related to errors in...

AMD Server Vulnerabilities – January 2023

Bulletin ID: AMD-SB-1032 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary During security reviews in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities in the AMD Secure Processor ASP, AMD System Management Un...

PT-2022-6664 · Tp Link · Tp-Link Tapo C200

Name of the Vulnerable Software and Affected Versions: TP-Link Tapo C200 camera version 1.1.22 Build 220725 Description: The issue is related to the implementation of the AES encryption algorithm in the TP-Link Tapo C200 camera, which involves the reuse of the AES Key-IV pair across all cameras...

CVE-2022-26306

A flaw was found in LibreOffice, where the required initialization vector for encryption was always the same. Stored passwords are encrypted with a single master key provided by the user. This issue weakens the security of the encryption, making them vulnerable if an attacker has access to the...

CVE-2022-37400

Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where the required initialization vector for encryption was always the same...

CVE-2022-37400 Apache OpenOffice Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password

Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where the required initialization vector for encryption was always the same...

PT-2022-23973 · Apache · Apache Openoffice +1

Name of the Vulnerable Software and Affected Versions: Apache OpenOffice versions prior to 4.1.13 Description: A flaw in Apache OpenOffice exists where the required initialization vector for encryption is always the same, weakening the security of the encryption. This makes stored passwords...