Lucene search
+L

259 matches found

Prion
Prion
added 2023/10/25 6:17 p.m.84 views

Design/Logic Flaw

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

5CVSS7.2AI score0.03332EPSS
Exploits0References8Affected Software2
Debian CVE
Debian CVE
added 2023/10/24 3:31 p.m.84 views

CVE-2023-5363

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

7.5CVSS6.8AI score0.03332EPSS
Exploits0
Cvelist
Cvelist
added 2023/10/24 3:31 p.m.38 views

CVE-2023-5363 Incorrect cipher key & IV length processing

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

7.7AI score0.03332EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2023/10/24 3:31 p.m.90 views

CVE-2023-5363

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

7.5CVSS7.7AI score0.03332EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/10/20 12:0 a.m.41 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : PHP vulnerabilities (USN-4583-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4583-1 advisory. It was discovered that PHP incorrectly handled certain encrypt ciphers. An attacker could possibly use this issue to decrease...

6.5CVSS7.1AI score0.05029EPSS
Exploits1References3
Oracle linux
Oracle linux
added 2023/07/03 12:0 a.m.39 views

kubernetes security update

kubernetes 1.25.11-1 - Added Oracle specific build files for Kubernetes olcne 1.6.2-1 - CVE-2023-2727, CVE-2023-2728 Kubernetes upgraded to 1.25.11 - Add all modules to registry-image-helper - update yq to 4.x 1.6.1-9 - Updated the CVE ID's in Istio-1.16.4 changelog entry 1.6.1-8 - Update Istio...

10CVSS6.7AI score0.02701EPSS
Exploits9
ATTACKERKB
ATTACKERKB
added 2023/04/28 2:15 p.m.5 views

CVE-2023-28472

Concrete CMS previously concrete5 versions 8.5.12 and below, and 9.0 through 9.1.3 does not have Secure and HTTP only attributes set for ccmPoll cookies...

5.3CVSS5.9AI score0.00591EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2023/04/20 4:32 p.m.4 views

Malicious code in oc-ccm-module-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a4685682fdd3a4542726fab1dcc5523181e135dc5fdaa266c66499e13a54f3ba Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2023/04/20 4:32 p.m.8 views

MAL-2023-647 Malicious code in oc-ccm-module-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a4685682fdd3a4542726fab1dcc5523181e135dc5fdaa266c66499e13a54f3ba Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/03/14 2:1 p.m.33 views

Moderate: Red Hat Security Advisory: gnutls security and bug fix update

An update for gnutls is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.4CVSS6.9AI score0.01403EPSS
Exploits1References4
OSV
OSV
added 2023/03/08 4:38 p.m.32 views

RLSA-2023:1141 Moderate: gnutls security and bug fix update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: timing side-channel in the TLS RSA key exchange code CVE-2023-0361 For more details about the security issues,...

7.4CVSS7.7AI score0.01403EPSS
Exploits1References4
Rockylinux
Rockylinux
added 2023/03/08 4:38 p.m.79 views

gnutls security and bug fix update

An update is available for gnutls. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gnutls packages provide the GNU Transport Layer Security GnuTLS library,...

7.4CVSS7.8AI score0.01403EPSS
Exploits1
Oracle linux
Oracle linux
added 2023/03/08 12:0 a.m.38 views

gnutls security and bug fix update

3.7.6-18 - Update gnutls-3.7.8-fips-pct-dh.patch to the upstream version 2168610 3.7.6-17 - Fix timing side-channel in TLS RSA key exchange 2162600 3.7.6-16 - fips: extend PCT to DH key generation 2168610 3.7.6-14 - fips: remove library path checking from FIPS integrity check 2149638 - fips: rena...

7.4CVSS7.7AI score0.01403EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2023/03/07 2:3 p.m.39 views

Moderate: Red Hat Security Advisory: gnutls security and bug fix update

An update for gnutls is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

7.4CVSS6.9AI score0.01403EPSS
Exploits1References4
OSV
OSV
added 2023/03/07 12:0 a.m.25 views

ALSA-2023:1141 Moderate: gnutls security and bug fix update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: timing side-channel in the TLS RSA key exchange code CVE-2023-0361 For more details about the security issues,...

7.4CVSS7.7AI score0.01403EPSS
Exploits1References4
AlmaLinux
AlmaLinux
added 2023/03/07 12:0 a.m.33 views

Moderate: gnutls security and bug fix update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: timing side-channel in the TLS RSA key exchange code CVE-2023-0361 For more details about the security issues,...

7.4CVSS7.8AI score0.01403EPSS
Exploits1References4
F5 Networks
F5 Networks
added 2023/02/21 8:2 p.m.45 views

K99862460: PHP vulnerability CVE-2020-7069

Security Advisory Description In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption...

6.5CVSS7.2AI score0.02055EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:48 p.m.47 views

K31523465: BIG-IP TMM vulnerability CVE-2022-41983

Security Advisory Description While Intel QAT QuickAssist Technology and the AES-GCM/CCM cipher is in use, undisclosed conditions cause the BIG-IP system to send data unencrypted, even with an SSL profile applied. CVE-2022-41983 Impact This vulnerability may expose confidential information to a...

3.7CVSS4.8AI score0.00249EPSS
Exploits0Affected Software13
SUSE CVE
SUSE CVE
added 2023/02/15 4:1 a.m.3 views

SUSE CVE-2020-7069

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data...

7.4CVSS8.6AI score0.02055EPSS
Exploits0References12
Rapid7 Blog
Rapid7 Blog
added 2022/12/14 2:0 p.m.19 views

Cloud Audit: Compliance + Automation

Setting your own standard Today’s regulatory environment is incredibly fractured and extensive. Depending on the industry—and the part of the world your business and/or security organization resides in—you may be subject to several regulatory compliance standards. Adding to the complexity, there ...

0.2AI score
Exploits0
Rows per page
Query Builder