PT-2023-28891

Name of the Vulnerable Software and Affected Versions EVE OS affected versions not specified Description The measured boot solution in EVE OS uses a PCR locking mechanism to protect the "vault" directory, which is the most sensitive point in the system. However, the key used to encrypt/decrypt th...

PT-2023-26849 · Dell · Dell Emc Scg Policy Manager

Name of the Vulnerable Software and Affected Versions: Dell SCG Policy Manager version 5.16.00.14 Description: The issue concerns a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by performing Man-in-the-Middle MitM...

EVE OS Encryption Problem Vulnerability

EVE OS is a general-purpose, open Linux-based operating system for distributed edge computing open-sourced by IF Edge. EVE OS suffers from a security vulnerability that stems from the use of an insecure SHA1 PCR algorithm to seal vault keys, resulting in a reduced complexity of unsealing the keys...

SUSE SLES15 Security Update : release-notes-susemanager, release-notes-susemanager-proxy (SUSE-SU-2022:3761-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3761-1 advisory. Release notes for SUSE Manager: - Update to SUSE Manager 4.3.2 Containerized proxy and RBS are now fully supported HTTP API is now fully...

Huawei EulerOS: Security Advisory for bind (EulerOS-SA-2023-2854)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

LiquidityPool inflation attack

Lines of code Vulnerability details Bug Description The LiquidityPool uses an algorithm that converts prices to shares through a linear relationship. For instance, if there are 10,000 assets and 100 shares, then holding 100 assets should yield 1 share. However, a situation arises when investor...

Chinese Redfly Group Compromised a Nation's Critical Grid in 6-Month ShadowPad Campaign

A threat actor called Redfly has been linked to a compromise of a national grid located in an unnamed Asian country for as long as six months earlier this year using a known malware referred to as ShadowPad. "The attackers managed to steal credentials and compromise multiple computers on the...

OpenSSL 3.0.0 < 3.0.11 Vulnerability

The version of OpenSSL installed on the remote host is prior to 3.0.11. It is, therefore, affected by a vulnerability as referenced in the 3.0.11 advisory. - Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of...

OpenSSL 3.1.0 < 3.1.3 Vulnerability

The version of OpenSSL installed on the remote host is prior to 3.1.3. It is, therefore, affected by a vulnerability as referenced in the 3.1.3 advisory. - Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applicatio...

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2023-2801)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-4807

Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X8664 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses...

Important: amazon-ssm-agent

Issue Overview: The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server. CVE-2021-43565 A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentification with R...

Multiple soundness issues in lexical

lexical contains multiple soundness issues: 1. Bytes::read allows creating instances of types with invalid bit patterns 1. BytesIter::read advances iterators out of bounds 1. The BytesIter trait has safety invariants but is public and not marked unsafe 1. writefloat calls MaybeUninit::assumeinit ...

CVE-2023-33914

In NIA0 algorithm in Security Mode Command, there is a possible missing verification incorrect input. This could lead to remote information disclosure no additional execution privileges needed...

Information disclosure

In NIA0 algorithm in Security Mode Command, there is a possible missing verification incorrect input. This could lead to remote information disclosure no additional execution privileges needed...

CVE-2023-33914

CVE-2023-33914 concerns UNISOC chipsets where the NIA0 algorithm used in Security Mode Command may accept invalid input due to missing verification, enabling remote information disclosure without extra privileges. The publicly provided sources confirm the issue but do not specify a fixed version ...

CVE-2023-33914

In NIA0 algorithm in Security Mode Command, there is a possible missing verification incorrect input. This could lead to remote information disclosure no additional execution privileges needed...

PT-2023-24565 · Unisoc (Shanghai) Technologies Co. +2 · T760/T770/T820/S8000 +5

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns a possible missing verification of incorrect input in the NIA0 algorithm used in the Security Mode Command. This could lead to remote...

CVE-2023-4695

Use of Predictable Algorithm in Random Number Generator in GitHub repository pkp/pkp-lib prior to 3.3.0-16...

Code injection

Use of Predictable Algorithm in Random Number Generator in GitHub repository pkp/pkp-lib prior to 3.3.0-16...