Moderate: tang security update

Tang is a server for binding data to network presence. It includes a daemon which provides cryptographic operations for binding to a remote service. The tang package provides the server side of the Network Bound Disk Encryption NBDE project. Security Fixes: tang: Race condition exists in the key...

DEBIAN-CVE-2023-40661

Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a...

CVE-2023-40661

Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a...

AZL-35075 CVE-2023-40661 affecting package opensc for versions less than 0.25.1-3

Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a...

CVE-2023-40661

Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a...

CVE-2023-40661

Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a...

AZL-31880 CVE-2023-5678 affecting package openssl for versions less than 1.1.1k-28

Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHgeneratekey to generate an X9.42 DH key may experience long delays. Likewise, applications that use...

AZL-42685 CVE-2023-5678 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1

Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHgeneratekey to generate an X9.42 DH key may experience long delays. Likewise, applications that use...

AZL-42736 CVE-2023-5678 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1

Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHgeneratekey to generate an X9.42 DH key may experience long delays. Likewise, applications that use...

CVE-2023-5678 Excessive time spent in DH check / generation with large Q parameter value

Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHgeneratekey to generate an X9.42 DH key may experience long delays. Likewise, applications that use...

CVE-2023-5678

CVE-2023-5678 describes a DoS risk from excessive time spent validating X9.42 DH keys/parameters. The issue affects OpenSSL DH-based operations such as DH_generate_key(), DH_check_pub_key(), DH_check_pub_key_ex(), EVP_PKEY_public_check(), and related checks invoked by DH-related functions. OpenSS...

Rocky Linux 8 : nss and nspr (RLSA-2020:3280)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:3280 advisory. - Improper refcounting of soft token session objects could cause a use-after-free and crash likely limited to a denial of service. This vulnerability...

CVE-2023-40661

Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a...

CVE-2023-43637

The CVE describes a cryptographic weakness in EVE’s deriveVaultKey used by the vault key derivation flow. Before version 7.10, the generated 32-byte vault key was weakened because deriveVaultKey calls retrieveCloudKey (which returns a fixed 32-byte key) and then merges it with the random 32-byte ...

GHSA-H24C-6P6P-M3VX tss-lib leaks secret keys in response to incorrectly constructed Paillier moduli

Impact The specification of the GG18 threshold ECDSA signature protocol contains a vulnerability allowing an attacker to recover the shared secret key. If a participant generates a Paillier modulus N containing small factors less than 2^100 they can interact with other participants in the signing...

The vulnerability of the microprogrammed software of Moxa’s TN-5900 series routers allows for the execution of arbitrary code.

The vulnerability of Moxa TN-5900 series router microprogramming software is related to errors in the processing of input data during the key generation function. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the microprogrammed software of Moxa’s TN-4900 and TN-5900 series routers allows for the execution of arbitrary code.

The vulnerability of Moxa TN-4900 and TN-5900 router microprogramming software lies in errors during the processing of input data in the key generation function. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2023-34039

Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI...

SUSE-SU-2023:3455-1 Security update for nodejs12

This update for nodejs12 fixes the following issues: - CVE-2023-23918: Fixed permissions policies bypass via process.mainModule bsc1208481. - CVE-2023-32002: Fixed permissions policies bypass via Module.load bsc1214150. - CVE-2023-32006: Fixed permissions policies impersonation using...

SUSE-SU-2023:3408-1 Security update for nodejs14

This update for nodejs14 fixes the following issues: - CVE-2023-32002: Fixed permissions policies bypass via Module.load bsc1214150. - CVE-2023-32006: Fixed permissions policies impersonation using module.constructor.createRequire bsc1214156. - CVE-2023-32559: Fixed permissions policies bypass vi...