38 matches found
PT-2026-2557
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and ciphertext manipulation. This vulnerability is fixed in 2.2...
EUVD-2021-1544
Malware in sbrugna...
EUVD-2010-3298
Malware in sbrugna...
CVE-2025-46569
Open Policy Agent OPA is an open source, general-purpose policy engine. Prior to version 1.4.0, when run as a server, OPA exposes an HTTP Data API for reading and writing documents. Requesting a virtual document through the Data API entails policy evaluation, where a Rego query containing a singl...
CVE-2025-46569 OPA server Data API HTTP path injection of Rego
Open Policy Agent OPA is an open source, general-purpose policy engine. Prior to version 1.4.0, when run as a server, OPA exposes an HTTP Data API for reading and writing documents. Requesting a virtual document through the Data API entails policy evaluation, where a Rego query containing a singl...
CVE-2025-46569 OPA server Data API HTTP path injection of Rego
Open Policy Agent OPA is an open source, general-purpose policy engine. Prior to version 1.4.0, when run as a server, OPA exposes an HTTP Data API for reading and writing documents. Requesting a virtual document through the Data API entails policy evaluation, where a Rego query containing a singl...
CVE-2025-46569
Open Policy Agent OPA is an open source, general-purpose policy engine. Prior to version 1.4.0, when run as a server, OPA exposes an HTTP Data API for reading and writing documents. Requesting a virtual document through the Data API entails policy evaluation, where a Rego query containing a singl...
CVE-2025-46569 OPA server Data API HTTP path injection of Rego
Open Policy Agent OPA is an open source, general-purpose policy engine. Prior to version 1.4.0, when run as a server, OPA exposes an HTTP Data API for reading and writing documents. Requesting a virtual document through the Data API entails policy evaluation, where a Rego query containing a singl...
CVE-2025-46569
Summary: CVE-2025-46569 affects Open Policy Agent (OPA) prior to 1.4.0 when run as a server. A HTTP Data API path can be crafted to inject Rego code into the constructed query, enabling potential oracle attacks, incorrect policy decisions, and a DoS via expensive evaluation. Impact: high (policy ...
OPA server Data API HTTP path injection of Rego
Impact When run as a server, OPA exposes an HTTP Data API for reading and writing documents. Requesting a virtual document through the Data API entails policy evaluation, where a Rego query containing a single data document reference is constructed from the requested path. This query is then used...
GHSA-GMX7-GR5Q-85W5 magic-crypt uses insecure cryptographic algorithms
This crate uses a number of cryptographic algorithms that are no longer considered secure and it uses them in ways that do not guarantee the integrity of the encrypted data. MagicCrypt64 uses the insecure DES block cipher in CBC mode without authentication. This allows for practical brute force a...
magic-crypt uses insecure cryptographic algorithms
This crate uses a number of cryptographic algorithms that are no longer considered secure and it uses them in ways that do not guarantee the integrity of the encrypted data. MagicCrypt64 uses the insecure DES block cipher in CBC mode without authentication. This allows for practical brute force a...
RUSTSEC-2024-0430 Use of insecure cryptographic algorithms
This crate uses a number of cryptographic algorithms that are no longer considered secure and it uses them in ways that do not guarantee the integrity of the encrypted data. MagicCrypt64 uses the insecure DES block cipher in CBC mode without authentication. This allows for practical brute force a...
CVE-2023-2197 Vault Enterprise Vulnerable to Padding Oracle Attacks When Using a CBC-based Encryption Mechanism with a HSM
HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKMAESCBCPAD or CKMAESCBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in orde...
GHSA-3GP6-HHFW-4GQX Padding oracle attacks
It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks...
Padding oracle attacks
It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks...
CVE-2010-3300
It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks...
CVE-2010-3300
CVE-2010-3300 affects the OWASP ESAPI for Java up to version 2.0 RC2, where a padding oracle weakness can lead to information disclosure. The issue is documented across multiple sources (NVD/Red Hat/IBM bulletin/OSS advisories). Affected component: OWASP ESAPI for Java; root cause: padding oracle...
SUSE: Security Advisory (SUSE-SU-2017:0801-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GHSA-5V7R-JG9R-VQ44 Insecure Cryptography Algorithm in simple-crypto-js
Versions of simple-crypto-js prior to 2.3.0 use AES-CBC with PKCS7 padding, which is vulnerable to padding oracle attacks. This may allow attackers to break the encryption and access sensitive data. Recommendation Upgrade to version 2.3.0 or later...