Lucene search
K

221 matches found

Vulnrichment
Vulnrichment
added 2022/07/05 10:30 a.m.20 views

CVE-2022-2097 AES OCB fails to encrypt some bytes

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...

6.9AI score0.04425EPSS
Exploits0References13
OSV
OSV
added 2022/07/05 10:30 a.m.53 views

CVE-2022-2097 AES OCB fails to encrypt some bytes

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...

5.3CVSS6.6AI score0.04425EPSS
Exploits0References15
Debian CVE
Debian CVE
added 2022/07/05 10:30 a.m.88 views

CVE-2022-2097

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...

5.3CVSS6.5AI score0.04425EPSS
Exploits0
CVE
CVE
added 2022/07/05 10:30 a.m.498 views

CVE-2022-2097

CVE-2022-2097 affects OpenSSL: AES OCB mode on 32-bit x86 with AES-NI optimization can fail to encrypt the full data, potentially leaking 16 bytes of memory (or plaintext in in-place mode). OpenSSL TLS/DTLS cipher suites are unaffected. Affected releases: OpenSSL 3.0.0–3.0.4 and OpenSSL 1.1.1 thr...

5.3CVSS7.6AI score0.04425EPSS
Exploits0References13Affected Software1
Cvelist
Cvelist
added 2022/07/05 10:30 a.m.33 views

CVE-2022-2097 AES OCB fails to encrypt some bytes

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...

7.6AI score0.04425EPSS
Exploits0References13
AlpineLinux
AlpineLinux
added 2022/07/05 10:30 a.m.42 views

CVE-2022-2097

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...

5.3CVSS7.9AI score0.04425EPSS
Exploits0
OpenSSL
OpenSSL
added 2022/07/05 12:0 a.m.78 views

Vulnerability in OpenSSL - AES OCB fails to encrypt some bytes

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn’t written. In the special case of “in place” encryption...

7.5AI score0.04425EPSS
Exploits0Affected Software1
UbuntuCve
UbuntuCve
added 2022/07/05 12:0 a.m.42 views

CVE-2022-2097

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...

5.3CVSS6.7AI score0.04425EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/07/05 12:0 a.m.311 views

OpenSSL 1.1.1 < 1.1.1q Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.1.1q. It is, therefore, affected by a vulnerability as referenced in the 1.1.1q advisory. - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under so...

5.3CVSS6.9AI score0.04425EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/07/05 12:0 a.m.63 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : OpenSSL vulnerability (USN-5502-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5502-1 advisory. Alex Chernyakhovsky discovered that OpenSSL incorrectly handled AES OCB mode when using the AES-NI assembly optimized implementation on...

5.3CVSS7AI score0.04425EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/07/05 12:0 a.m.169 views

OpenSSL 3.0.0 < 3.0.5 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.0.5. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.0.5 advisory. - The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X8664 CPUs supporting the AVX512IFMA instructions...

10CVSS8.2AI score0.44881EPSS
Exploits3References7
Tenable Nessus
Tenable Nessus
added 2022/07/05 12:0 a.m.45 views

FreeBSD : OpenSSL -- AES OCB fails to encrypt some bytes (a28e8b7e-fc70-11ec-856e-d4c9ef517024)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a28e8b7e-fc70-11ec-856e-d4c9ef517024 advisory. - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not...

5.3CVSS6.9AI score0.04425EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2022/07/05 12:0 a.m.97 views

OpenSSL -- AES OCB fails to encrypt some bytes

The OpenSSL project reports: AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special...

5.3CVSS1.6AI score0.04425EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2022/07/05 12:0 a.m.60 views

Node.js -- July 7th 2022 Security Releases

Node.js reports: HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding MediumCVE-2022-32213 The llhttp parser in the http module does not correctly parse and validate Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS. HTTP Request Smuggling - Improper Delimiting of...

8.1CVSS7.5AI score0.77766EPSS
Exploits4References1
OSV
OSV
added 2021/07/08 1:58 a.m.15 views

GSD-2021-1001131 cfg80211: call cfg80211_leave_ocb when switching away from OCB

cfg80211: call cfg80211leaveocb when switching away from OCB This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.14 by commit...

7.2AI score
Exploits0
OSV
OSV
added 2021/07/08 1:57 a.m.9 views

GSD-2021-1001116 cfg80211: call cfg80211_leave_ocb when switching away from OCB

cfg80211: call cfg80211leaveocb when switching away from OCB This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.129 by commit...

7.2AI score
Exploits0
OSV
OSV
added 2021/07/08 1:56 a.m.19 views

UVI-2021-1001110 cfg80211: call cfg80211_leave_ocb when switching away from OCB

cfg80211: call cfg80211leaveocb when switching away from OCB This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.196 by commit...

7.2AI score
Exploits0
OSV
OSV
added 2021/07/08 1:56 a.m.16 views

UVI-2021-1001104 cfg80211: call cfg80211_leave_ocb when switching away from OCB

cfg80211: call cfg80211leaveocb when switching away from OCB This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.238 by commit...

7.2AI score
Exploits0
OSV
OSV
added 2021/07/08 1:56 a.m.12 views

GSD-2021-1001098 cfg80211: call cfg80211_leave_ocb when switching away from OCB

cfg80211: call cfg80211leaveocb when switching away from OCB This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.274 by commit...

7.2AI score
Exploits0
OSV
OSV
added 2021/07/08 1:56 a.m.14 views

UVI-2021-1001098 cfg80211: call cfg80211_leave_ocb when switching away from OCB

cfg80211: call cfg80211leaveocb when switching away from OCB This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.274 by commit...

7.2AI score
Exploits0
Rows per page
Query Builder