RLSA-2022:5818 Moderate: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: crehash script allows command injection CVE-2022-1292 openssl: the crehash script allows command...

SUSE-SU-2022:2312-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode bsc1201099...

RUSTSEC-2022-0032 AES OCB fails to encrypt some bytes

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...

HPE StoreOnce 加密问题漏洞

HPE StoreOnce is a cloud backup data protection system from Wise and Technology HPE. A security vulnerability exists in HPE StoreOnce that stems from the SSH server's support for weak key exchange algorithms, which could lead to remote unauthorized access...

Siemens SINEMA Remote Connect Server加密问题漏洞

SINEMA Remote Connect is a remote network management platform that makes it easy to manage tunnel connections VPNs between headquarters, service technicians, and installed machines or plants.Siemens SINEMA Remote Connect Server is vulnerable to an encryption issue that could be exploited by an...

Vulnerability in CakePHP fixed

In CakePHP version 3.10.4, an encryption issue of CsrfProtectionMiddleware has been fixed. In 3.10.3, verified tokens were generated using random bytes and would often not match when they were rendered in HTML. No CVE number was issued for this vulnerability. CakePHP's developers have issued...

Interlogix Hills ComNav 加密问题漏洞

Interlogix Hills ComNav is a remote access integration module for the Hills Reliance Security Alert System from Interlogix Australia. An encryption issue vulnerability exists in Interlogix Hills ComNav, which allows an attacker to view configuration page traffic across a local network...

Apache Spark Encryption Problem Vulnerability (CNVD-2022-21823)

Apache Spark is a multilingual engine for performing data engineering, data science, and machine learning on a single-node machine or cluster. Apache Spark is vulnerable to an encryption issue that stems from the program's use of a custom mutual authentication protocol that allows fully encrypted...

多款PHICOMM产品加密问题漏洞

PHICOMM K2 and others are products of PHICOMM, a Chinese company.PHICOMM K2 is a wireless router.PHICOMM K3 is a dual-band Gigabit wireless WiFi router.PHICOMM K3C is a dual-band Gigabit wireless WiFi router.PHICOMM K3C is a dual-band Gigabit wireless WiFi router.PHICOMM K3C is a dual-band Gigabi...

Fujifilm DocuCentre 加密问题漏洞

Fujifilm DocuCentre is a series of color multifunction printers from Fujifilm Japan. A security vulnerability exists in the Fujifilm DocuCentre VI C4471, which stems from a risky algorithmic issue discovered on Fujifilm DocuCentre-VI C4471 1.8 devices...

IBM Maximo Anywhere Encryption Issue Vulnerability (CNVD-2022-12745)

IBM Maximo Anywhere is a next-generation mobile solution from IBM built on the IBM Worklight platform. The solution supports remote access to IBM Maximo Asset Management a comprehensive asset lifecycle and maintenance management solution workflow and asset management via mobile devices. an...

SUSE-SU-2022:0291-1 Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP2)

This update for the Linux Kernel 5.3.18-2452 fixes several issues. The following security issues were fixed: - CVE-2022-0185: Incorrect param length parsing in legacyparseparam which could have led to a local privilege escalation bsc1194517. - CVE-2021-4154: Fixed option parsing with cgroups...

SUSE-SU-2022:0246-1 Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP1)

This update for the Linux Kernel 4.12.14-19789 fixes several issues. The following security issues were fixed: - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).

...

IBM Security Verify 加密问题漏洞

IBM Security VerifyAccess ISAM is a service from IBM USA that improves user access security. The service enables secure and simple access to platforms such as Web, mobile, IoT, and cloud technologies through the use of risk-based access, single sign-on, integrated access management controls,...

Kalkitech Sync Products Encryption Issue Vulnerability

Kalkitech Sync Products is a range of substation gateways from Kalkitech India. Kalkitech Sync Products suffers from an encryption issue vulnerability that stems from the use of an insecure communication channel by the management tools Easyconnect and SYNC devices, which can be exploited by an...

Kalkitech Sync Products 加密问题漏洞

Kalkitech Sync Products is a range of substation gateways from Kalkitech India. Kalkitech Sync Products suffers from an encryption issue vulnerability that stems from the use of an insecure communication channel by the management tools Easyconnect and SYNC devices, which can be exploited by an...

Huawei HarmonyOS encryption issue vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company that provides a microkernel-based distributed operating system. Huawei HarmonyOS is vulnerable to an encryption issue, which stems from a component of the product that does not effectively encrypt encrypt encrypted data. An...

Apple Remote Desktop 加密问题漏洞

Apple Remote Desktop is a remote desktop feature from Apple. A security vulnerability exists in Apple Remote Desktop versions prior to 3.9, which can be exploited by an attacker to capture plaintext passwords...

Fresenius Kabi Agilia Connect Infusion System Encryption Issue Vulnerability

Fresenius Kabi Agilia Connect Infusion System is an infusion system from the German company Fresenius Kabi.The Fresenius Kabi Agilia Connect Infusion System is vulnerable to an encryption issue that could be exploited by an attacker to eavesdrop on transmitted data, manipulate data purportedly...