Lucene search
K

73 matches found

RedHat Linux
RedHat Linux
added 2024/04/30 10:36 a.m.4 views

openssl: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries

A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can...

5.3CVSS7.2AI score0.00525EPSS
Exploits0References5
Broadcom
Broadcom
added 2024/04/17 12:0 a.m.10 views

AES-SIV implementation ignores empty associated data entries (CVE-2023-2975)

Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be...

5.3CVSS7.3AI score0.00525EPSS
Exploits0Affected Software1
Fedora
Fedora
added 2023/10/03 2:23 a.m.31 views

[SECURITY] Fedora 38 Update: rust-aes-gcm-0.10.3-1.fc38

Pure Rust implementation of the AES-GCM Galois/Counter Mode Authenticated Encryption with Associated Data AEAD Cipher with optional architecture-specific hardware acceleration...

5.5CVSS7.1AI score0.00262EPSS
Exploits1
Fedora
Fedora
added 2023/10/03 12:21 a.m.26 views

[SECURITY] Fedora 39 Update: rust-aes-gcm-0.10.3-1.fc39

Pure Rust implementation of the AES-GCM Galois/Counter Mode Authenticated Encryption with Associated Data AEAD Cipher with optional architecture-specific hardware acceleration...

5.5CVSS7.1AI score0.00262EPSS
Exploits1
Mageia
Mageia
added 2023/09/30 7:15 p.m.57 views

Updated quictls packages fix security vulnerabilities

The updated packages fix security vulnerabilities: AES-SIV implementation ignores empty associated data entries. CVE-2023-2975 Excessive time spent checking DH keys and parameters. CVE-2023-3446 Excessive time spent checking DH q parameter value. CVE-2023-3817...

5.3CVSS5.9AI score0.05533EPSS
Exploits0References7
Mageia
Mageia
added 2023/09/11 1:7 p.m.61 views

Updated openssl packages fix security vulnerability

AES-SIV implementation ignores empty associated data entries. CVE-2023-2975 Excessive time spent checking DH keys and parameters. CVE-2023-3446 Excessive time spent checking DH q parameter value. CVE-2023-3817...

5.3CVSS7.1AI score0.05533EPSS
Exploits0References4
Amazon
Amazon
added 2023/08/25 12:0 a.m.4 views

Medium: openssl

Issue Overview: Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated...

5.3CVSS7.5AI score0.05533EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/08/24 12:0 a.m.42 views

Amazon Linux 2023 : openssl, openssl-devel, openssl-libs (ALAS2023-2023-306)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-306 advisory. Issue summary: The AES-SIV cipher implementation contains a bug that causesit to ignore empty associated data entries which are unauthenticated asa consequence. Impact summary: Applications tha...

5.3CVSS6.7AI score0.05533EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2023/07/29 12:0 a.m.33 views

openSUSE 15: libopenssl-3-devel / libopenssl-3-devel-32bit / libopenssl3 / etc (SUSE-SU-2023:3013-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3013-1 advisory. - CVE-2023-2975: Fixed AES-SIV implementation ignores empty associated data entries bsc1213383. - CVE-2023-3446: Fixed DHcheck excessive time with ov...

5.3CVSS6.8AI score0.05533EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2023/07/29 12:0 a.m.29 views

openSUSE 15: libopenssl-3-devel / libopenssl-3-devel-32bit / libopenssl3 / etc (SUSE-SU-2023:3011-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3011-1 advisory. - CVE-2023-2975: Fixed AES-SIV implementation ignores empty associated data entries bsc1213383. - CVE-2023-3446: Fixed DHcheck excessive time with ov...

5.3CVSS6.8AI score0.05533EPSS
Exploits0References7
F5 Networks
F5 Networks
added 2023/07/27 5:33 p.m.29 views

K000135633: OpenSSL vulnerability CVE-2023-2975

Security Advisory Description Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries ...

5.3CVSS7.2AI score0.00525EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/07/19 12:0 a.m.115 views

OpenSSL 3.1.0 < 3.1.2 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.1.2. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.1.2 advisory. - Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions...

5.3CVSS6.7AI score0.05533EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2023/07/19 12:0 a.m.283 views

OpenSSL 3.0.0 < 3.0.10 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.0.10. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.0.10 advisory. - Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functio...

5.3CVSS6.7AI score0.05533EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2023/07/18 1:56 a.m.4 views

SUSE CVE-2023-2975

Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misl...

5.9CVSS8.3AI score0.00525EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2023/07/17 12:0 a.m.22 views

OpenSSL Information Disclosure Vulnerability (20230714) - Linux

OpenSSL is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl";...

5.3CVSS5.8AI score0.00525EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/07/16 12:0 a.m.28 views

FreeBSD : OpenSSL -- AES-SIV implementation ignores empty associated data entries (41c60e16-2405-11ee-a0d1-84a93843eb75)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 41c60e16-2405-11ee-a0d1-84a93843eb75 advisory. - Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty...

5.3CVSS6.9AI score0.00525EPSS
Exploits0References3
OSV
OSV
added 2023/07/14 12:15 p.m.7 views

AZL-47652 CVE-2023-2975 affecting package hvloader for versions less than 1.0.1-6

Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misl...

5.3CVSS6.8AI score0.00525EPSS
Exploits0References1
OSV
OSV
added 2023/07/14 12:15 p.m.3 views

ALPINE-CVE-2023-2975

Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misl...

5.3CVSS7.4AI score0.00525EPSS
Exploits0References1
OSV
OSV
added 2023/07/14 12:15 p.m.1 views

DEBIAN-CVE-2023-2975

Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misl...

5.3CVSS6.9AI score0.00525EPSS
Exploits0References1
OSV
OSV
added 2023/07/14 12:15 p.m.1 views

UBUNTU-CVE-2023-2975

Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misl...

5.3CVSS6.9AI score0.00525EPSS
Exploits0References4
Rows per page
Query Builder