EUVD-2023-23524

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-1255

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to...

TencentOS Server 4: openssl (TSSA-2024:0034)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0034 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

openSUSE Security Advisory (SUSE-SU-2024:1447-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2024:1447-1 Security update for openCryptoki

This update for openCryptoki fixes the following issues: Upgrade openCryptoki to version 3.23 jscPED-3360, jscPED-3361 EP11: Add support for FIPS-session mode CVE-2024-0914: Updates to harden against RSA timing attacks bsc1219217 Bug fixes - provide userpkcs11 and grouppkcs11 Upgrade to version...

Oracle Linux 9 : openssl (ELSA-2023-12768)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12768 advisory. 3.0.7-16.0.1 - Replace upstream references Orabug: 34340177 Tenable has extracted the preceding description block directly from the Oracle Linux...

AlmaLinux 9 : openssl (ALSA-2023:3722)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:3722 advisory. - A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-3 (SUSE-SU-2023:2620-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2620-1 advisory. - Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a...

Moderate: Red Hat Security Advisory: openssl security and bug fix update

An update for openssl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-3 (SUSE-SU-2023:2470-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2470-1 advisory. - The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make...

USN-6119-1: OpenSSL vulnerabilities

Matt Caswell discovered that OpenSSL incorrectly handled certain ASN.1 object identifiers. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. CVE-2023-2650 Anton Romanov discovered that OpenSSL incorrectly handled AES-XTS ciphe...

USN-6119-1 openssl, openssl1.0 vulnerabilities

Matt Caswell discovered that OpenSSL incorrectly handled certain ASN.1 object identifiers. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. CVE-2023-2650 Anton Romanov discovered that OpenSSL incorrectly handled AES-XTS ciphe...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 : OpenSSL vulnerabilities (USN-6119-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6119-1 advisory. Matt Caswell discovered that OpenSSL incorrectly handled certain ASN.1 object identifiers. A remote attacker could possib...

Amazon Linux 2023 : openssl, openssl-devel, openssl-libs (ALAS2023-2023-181)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-181 advisory. A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able ...

CVE-2023-1255 - Possible denial of service on Arm 64 (aarch64) using AES XTS mode

The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The AES-XTS algorithm ...

Denial Of Services (DoS)

openssl is vulnerable to Denial Of Services DoS. The vulnerability exists due to the bug in the AES-XTS cipher decryption implementation for 64 bit ARM platform, which reads the past input buffer, leading to an application crash...

OpenSSL 3.0 <= 3.0.8, 3.1.0 DoS Vulnerability

OpenSSL is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl";...

CVE-2023-1255

A vulnerability was found in OpenSSL. This security flaw occurs because the AES-XTS cipher decryption implementation for the 64-bit ARM platform contains an issue that could cause it to read past the input buffer, leading to a crash...

CVE-2023-1255

Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The...

UBUNTU-CVE-2023-1255

Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The...