299 matches found
CVE-2021-32624
Keystone 5 is an open source CMS platform to build Node.js applications. This security advisory relates to a newly discovered capability in our query infrastructure to directly or indirectly expose the values of private fields, bypassing the configured access control. This is an access control...
CVE-2021-32624 Private Field data leak
Keystone 5 is an open source CMS platform to build Node.js applications. This security advisory relates to a newly discovered capability in our query infrastructure to directly or indirectly expose the values of private fields, bypassing the configured access control. This is an access control...
CVE-2021-32624
CVE-2021-32624 concerns Keystone 5, where a flaw in the query infrastructure can bypass read access control to expose private field values or metadata. The attacker can reveal information from private fields or lists, via an access-control related oracle attack; complexity is length-dependent and...
Keystone-5 信息泄露漏洞
Keystone-5 is open source an extensible platform . It is used to rapidly create highly customizable CMS and APIs. is a complete re-imagining of the future of KeystoneJS. Keystone-5 suffers from an information disclosure vulnerability that can directly or indirectly disclose the value of a private...
CentOS 8 : python-cryptography (CESA-2021:1608)
The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2021:1608 advisory. - python-cryptography: bleichenbacher timing oracle attack against RSA decryption CVE-2020-25659 - python-cryptography: certain sequences of update cal...
Observable timing discrepancy
Overview Overview Affected versions of jose are vulnerable to a Padding Oracle Attack due to Observable Timing Discrepancy. Impact AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...
Padding Oracle Attack
jose is vulnerable to padding oracle attack. A possible observable difference in timing when padding error occurs while decrypting the ciphertext allows an attacker to obtain the plaintext data without knowledge of the decryption key...
Padding Oracle Attack
jose-node-cjs-runtime is vulnerable to padding oracle attack. The vulnerability exists as decryption did not fail as soon as hmac verification fails, allowing timing information to be measured by running the CBC decryption with various padding length...
CVE-2021-29446 Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-cjs-runtime
jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...
CVE-2021-29446
CVE-2021-29446 affects the npm package jose-node-cjs-runtime. In versions before 3.11.4, decryption of AES_CBC_HMAC_SHA2 (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) could leak timing information because HMAC verification and CBC decryption might run in sequence even on a failed path, creating a...
CVE-2021-29445 Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-esm-runtime
jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...
CVE-2021-29443 Padding Oracle Attack due to Observable Timing Discrepancy in jose
jose is an npm library providing a number of cryptographic operations. In vulnerable versions AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed JWEDecryptionFailed would be thrown. A...
Security Bulletin: Multiple vulnerabilities in Bouncy Castle affects Apache Solr shipped with IBM Operations Analytics - Log Analysis
Summary There is various type of vulnerabilities in Bouncy Castle that affect Apache Solr. The list can be found at Vulnerability Details section. Vulnerability Details CVEID: CVE-2018-1000613 DESCRIPTION: Legion of the Bouncy Castle Java Cryptography APIs could allow a remote attacker to execute...
CVE-2020-20949
Bleichenbacher's attack on PKCS 1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube UM1924. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the...
Stmicroelectronics Stm32 Crypto Library Package Encryption Problem Vulnerability
The Stmicroelectronics Stm32 Crypto Library Package is a code library from Stmicroelectronics, Inc. that provides cryptographic functionality for the Stm32 family of microcontrollers. The Stmicroelectronics Stm32 Crypto Library Package is vulnerable to a cryptographic issue that could allow an...
CVE-2020-20950
Bleichenbacher's attack on PKCS 1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2018-5407,CVE-2020-1967,CVE-2018-0734,CVE-2019-1563,CVE-2019-1549,CVE-2019-1552,CVE-2019-1559,CVE-2018-0735)
Summary There is a security advisory for openSSL1.0.2p which is used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors 4.0.1 Vulnerability Details CVEID: CVE-2018-5407 DESCRIPTION: Multiple SMT/Hyper-Threading architectures and processors could allow a local attacker to...
EulerOS Virtualization 3.0.2.2 : nettle (EulerOS-SA-2020-2206)
According to the version of the nettle package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted...
Security Bulletin: Security vulnerabilities in OpenSSH and OpenSSL shipped with IBM Security Access Manager Appliance (CVE-2018-15473, CVE-2019-1559)
Summary The OpenSSH and OpenSSL packages are shipped with IBM Security Access Manager Appliances. These vulnerabilities have been fixed. Vulnerability Details CVEID: CVE-2018-15473 DESCRIPTION: OpenSSH could allow a remote attacker to obtain sensitive information, caused by different responses to...
Ubuntu 16.04 LTS / 18.04 LTS : OpenSSL vulnerabilities (USN-4504-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4504-1 advisory. Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky discovered that certain Diffie- Hellman ciphersuites in the TLS...