Lucene search
+L

299 matches found

OSV
OSV
added 2021/05/24 5:15 p.m.16 views

CVE-2021-32624

Keystone 5 is an open source CMS platform to build Node.js applications. This security advisory relates to a newly discovered capability in our query infrastructure to directly or indirectly expose the values of private fields, bypassing the configured access control. This is an access control...

5.3CVSS6.4AI score
Exploits0References1
Cvelist
Cvelist
added 2021/05/24 4:55 p.m.37 views

CVE-2021-32624 Private Field data leak

Keystone 5 is an open source CMS platform to build Node.js applications. This security advisory relates to a newly discovered capability in our query infrastructure to directly or indirectly expose the values of private fields, bypassing the configured access control. This is an access control...

7.5CVSS7.5AI score0.00864EPSS
Exploits0References1
CVE
CVE
added 2021/05/24 4:55 p.m.56 views

CVE-2021-32624

CVE-2021-32624 concerns Keystone 5, where a flaw in the query infrastructure can bypass read access control to expose private field values or metadata. The attacker can reveal information from private fields or lists, via an access-control related oracle attack; complexity is length-dependent and...

7.5CVSS5.4AI score0.00864EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2021/05/24 12:0 a.m.6 views

Keystone-5 信息泄露漏洞

Keystone-5 is open source an extensible platform . It is used to rapidly create highly customizable CMS and APIs. is a complete re-imagining of the future of KeystoneJS. Keystone-5 suffers from an information disclosure vulnerability that can directly or indirectly disclose the value of a private...

7.5CVSS6.4AI score0.00864EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2021/05/19 12:0 a.m.83 views

CentOS 8 : python-cryptography (CESA-2021:1608)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2021:1608 advisory. - python-cryptography: bleichenbacher timing oracle attack against RSA decryption CVE-2020-25659 - python-cryptography: certain sequences of update cal...

9.1CVSS7.8AI score0.06718EPSS
Exploits1References3
Node.js
Node.js
added 2021/04/19 3:8 p.m.66 views

Observable timing discrepancy

Overview Overview Affected versions of jose are vulnerable to a Padding Oracle Attack due to Observable Timing Discrepancy. Impact AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...

4.3CVSS5.6AI score0.01167EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2021/04/19 6:15 a.m.44 views

Padding Oracle Attack

jose is vulnerable to padding oracle attack. A possible observable difference in timing when padding error occurs while decrypting the ciphertext allows an attacker to obtain the plaintext data without knowledge of the decryption key...

5.9CVSS4.5AI score0.01167EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2021/04/19 12:42 a.m.37 views

Padding Oracle Attack

jose-node-cjs-runtime is vulnerable to padding oracle attack. The vulnerability exists as decryption did not fail as soon as hmac verification fails, allowing timing information to be measured by running the CBC decryption with various padding length...

5.9CVSS2.4AI score0.01238EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/04/16 10:0 p.m.19 views

CVE-2021-29446 Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-cjs-runtime

jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...

5.9CVSS6.4AI score0.01238EPSS
Exploits0References2
CVE
CVE
added 2021/04/16 10:0 p.m.104 views

CVE-2021-29446

CVE-2021-29446 affects the npm package jose-node-cjs-runtime. In versions before 3.11.4, decryption of AES_CBC_HMAC_SHA2 (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) could leak timing information because HMAC verification and CBC decryption might run in sequence even on a failed path, creating a...

5.9CVSS5.7AI score0.01238EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/04/16 9:50 p.m.53 views

CVE-2021-29445 Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-esm-runtime

jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...

5.9CVSS6.4AI score0.01238EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/04/16 5:35 p.m.72 views

CVE-2021-29443 Padding Oracle Attack due to Observable Timing Discrepancy in jose

jose is an npm library providing a number of cryptographic operations. In vulnerable versions AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed JWEDecryptionFailed would be thrown. A...

5.9CVSS5.9AI score0.01167EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/16 3:46 p.m.38 views

Security Bulletin: Multiple vulnerabilities in Bouncy Castle affects Apache Solr shipped with IBM Operations Analytics - Log Analysis

Summary There is various type of vulnerabilities in Bouncy Castle that affect Apache Solr. The list can be found at Vulnerability Details section. Vulnerability Details CVEID: CVE-2018-1000613 DESCRIPTION: Legion of the Bouncy Castle Java Cryptography APIs could allow a remote attacker to execute...

9.8CVSS0.4AI score0.04767EPSS
Exploits0Affected Software1
OSV
OSV
added 2021/01/20 4:15 p.m.5 views

CVE-2020-20949

Bleichenbacher's attack on PKCS 1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube UM1924. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the...

5.9CVSS6.2AI score0.00919EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/01/20 12:0 a.m.7 views

Stmicroelectronics Stm32 Crypto Library Package Encryption Problem Vulnerability

The Stmicroelectronics Stm32 Crypto Library Package is a code library from Stmicroelectronics, Inc. that provides cryptographic functionality for the Stm32 family of microcontrollers. The Stmicroelectronics Stm32 Crypto Library Package is vulnerable to a cryptographic issue that could allow an...

5.9CVSS6.3AI score0.00919EPSS
Exploits0References6
NVD
NVD
added 2021/01/19 1:15 p.m.23 views

CVE-2020-20950

Bleichenbacher's attack on PKCS 1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable...

5.9CVSS5.5AI score0.00859EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/15 8:13 p.m.75 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2018-5407,CVE-2020-1967,CVE-2018-0734,CVE-2019-1563,CVE-2019-1549,CVE-2019-1552,CVE-2019-1559,CVE-2018-0735)

Summary There is a security advisory for openSSL1.0.2p which is used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors 4.0.1 Vulnerability Details CVEID: CVE-2018-5407 DESCRIPTION: Multiple SMT/Hyper-Threading architectures and processors could allow a local attacker to...

7.5CVSS0.6AI score0.53336EPSS
Exploits6Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/10/21 12:0 a.m.34 views

EulerOS Virtualization 3.0.2.2 : nettle (EulerOS-SA-2020-2206)

According to the version of the nettle package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted...

5.7CVSS5.5AI score0.01495EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2020/10/06 1:48 a.m.91 views

Security Bulletin: Security vulnerabilities in OpenSSH and OpenSSL shipped with IBM Security Access Manager Appliance (CVE-2018-15473, CVE-2019-1559)

Summary The OpenSSH and OpenSSL packages are shipped with IBM Security Access Manager Appliances. These vulnerabilities have been fixed. Vulnerability Details CVEID: CVE-2018-15473 DESCRIPTION: OpenSSH could allow a remote attacker to obtain sensitive information, caused by different responses to...

5.9CVSS1.1AI score0.98631EPSS
Exploits23Affected Software1
Tenable Nessus
Tenable Nessus
added 2020/09/17 12:0 a.m.59 views

Ubuntu 16.04 LTS / 18.04 LTS : OpenSSL vulnerabilities (USN-4504-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4504-1 advisory. Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky discovered that certain Diffie- Hellman ciphersuites in the TLS...

5.3CVSS6.7AI score0.14298EPSS
Exploits0References5
Rows per page
Query Builder