259 matches found
Design/Logic Flaw
Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...
CVE-2023-5363
Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...
CVE-2023-5363 Incorrect cipher key & IV length processing
Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...
CVE-2023-5363
Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : PHP vulnerabilities (USN-4583-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4583-1 advisory. It was discovered that PHP incorrectly handled certain encrypt ciphers. An attacker could possibly use this issue to decrease...
kubernetes security update
kubernetes 1.25.11-1 - Added Oracle specific build files for Kubernetes olcne 1.6.2-1 - CVE-2023-2727, CVE-2023-2728 Kubernetes upgraded to 1.25.11 - Add all modules to registry-image-helper - update yq to 4.x 1.6.1-9 - Updated the CVE ID's in Istio-1.16.4 changelog entry 1.6.1-8 - Update Istio...
CVE-2023-28472
Concrete CMS previously concrete5 versions 8.5.12 and below, and 9.0 through 9.1.3 does not have Secure and HTTP only attributes set for ccmPoll cookies...
Malicious code in oc-ccm-module-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a4685682fdd3a4542726fab1dcc5523181e135dc5fdaa266c66499e13a54f3ba Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-647 Malicious code in oc-ccm-module-client (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a4685682fdd3a4542726fab1dcc5523181e135dc5fdaa266c66499e13a54f3ba Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Moderate: Red Hat Security Advisory: gnutls security and bug fix update
An update for gnutls is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
RLSA-2023:1141 Moderate: gnutls security and bug fix update
The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: timing side-channel in the TLS RSA key exchange code CVE-2023-0361 For more details about the security issues,...
gnutls security and bug fix update
An update is available for gnutls. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gnutls packages provide the GNU Transport Layer Security GnuTLS library,...
gnutls security and bug fix update
3.7.6-18 - Update gnutls-3.7.8-fips-pct-dh.patch to the upstream version 2168610 3.7.6-17 - Fix timing side-channel in TLS RSA key exchange 2162600 3.7.6-16 - fips: extend PCT to DH key generation 2168610 3.7.6-14 - fips: remove library path checking from FIPS integrity check 2149638 - fips: rena...
Moderate: Red Hat Security Advisory: gnutls security and bug fix update
An update for gnutls is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
ALSA-2023:1141 Moderate: gnutls security and bug fix update
The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: timing side-channel in the TLS RSA key exchange code CVE-2023-0361 For more details about the security issues,...
Moderate: gnutls security and bug fix update
The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: timing side-channel in the TLS RSA key exchange code CVE-2023-0361 For more details about the security issues,...
K99862460: PHP vulnerability CVE-2020-7069
Security Advisory Description In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption...
K31523465: BIG-IP TMM vulnerability CVE-2022-41983
Security Advisory Description While Intel QAT QuickAssist Technology and the AES-GCM/CCM cipher is in use, undisclosed conditions cause the BIG-IP system to send data unencrypted, even with an SSL profile applied. CVE-2022-41983 Impact This vulnerability may expose confidential information to a...
SUSE CVE-2020-7069
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data...
Cloud Audit: Compliance + Automation
Setting your own standard Today’s regulatory environment is incredibly fractured and extensive. Depending on the industry—and the part of the world your business and/or security organization resides in—you may be subject to several regulatory compliance standards. Adding to the complexity, there ...