5879 matches found
nodejs: weak randomness in WebCrypto keygen
A vulnerability was found in NodeJS due to weak randomness in the WebCrypto keygen within the SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. Node.js made calls to EntropySource in SecretKeyGenTraits::DoKeyGen. However, it does not check the return value and assumes the EntropySource...
FreeBSD : OpenSSL -- Potential NULL encryption in NID_undef with Custom Cipher (7392e1e3-4eb9-11ed-856e-d4c9ef517024)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 7392e1e3-4eb9-11ed-856e-d4c9ef517024 advisory. - OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated...
Dutch Police Tricked Deadbolt Ransomware Gang Into Sharing Decryption Keys
By Deeba Ahmed According to Dutch Police, Deadbolt ransomware attacks mainly focused on NAS network-attached storage. This is a post from HackRead.com Read the original post: Dutch Police Tricked Deadbolt Ransomware Gang Into Sharing Decryption Keys...
nodejs: weak randomness in WebCrypto keygen
A vulnerability was found in NodeJS due to weak randomness in the WebCrypto keygen within the SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. Node.js made calls to EntropySource in SecretKeyGenTraits::DoKeyGen. However, it does not check the return value and assumes the EntropySource...
GLSA-202210-02 : OpenSSL: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202210-02 OpenSSL: Multiple Vulnerabilities - The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman DH...
Code injection
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 leak the symmetric key used to encrypt/decrypt any secure variables/secrets in GoCD configuration to authenticated agent...
CVE-2022-39309 GoCD server secret encryption/decryption key leaked to agents during material serialization
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 leak the symmetric key used to encrypt/decrypt any secure variables/secrets in GoCD configuration to authenticated agent...
CVE-2022-39309
GoCD server (versions prior to 21.1.0) leaks the symmetric key used to encrypt/decrypt secure variables in configuration to authenticated agents during material serialization. A compromised trusted agent could exfiltrate the key from memory and potentially decrypt secrets for other agents/environ...
CVE-2022-39309 GoCD server secret encryption/decryption key leaked to agents during material serialization
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions prior to 21.1.0 leak the symmetric key used to encrypt/decrypt any secure variables/secrets in GoCD configuration to authenticated agent...
Using a Custom Cipher with `NID_undef` may lead to NULL encryption
OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0...
GHSA-4F63-89W9-3JJV Using a Custom Cipher with `NID_undef` may lead to NULL encryption
OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0...
CVE-2022-3358
OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0...
CVE-2022-3358
OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0...
Code injection
OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0...
CVE-2022-3358
OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0...
CVE-2022-3358
OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0...
CVE-2022-3358 Using a Custom Cipher with NID_undef may lead to NULL encryption
OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0...
CVE-2022-3358
Summary: CVE-2022-3358 affects OpenSSL 3.0.0–3.0.5 and occurs when legacy custom ciphers are passed via EVP_CIPHER_meth_new() with NID_undef. The initialization functions EVP_EncryptInit_ex2()/EVP_DecryptInit_ex2()/EVP_CipherInit_ex2() may resolve to the NULL cipher from providers, causing plaint...
Using a Custom Cipher with `NID_undef` may lead to NULL encryption
OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0...
OpenSSL 3.0.0 < 3.0.6 Vulnerability
The version of OpenSSL installed on the remote host is prior to 3.0.6. It is, therefore, affected by a vulnerability as referenced in the 3.0.6 advisory. - OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecate...