2877 matches found
PT-2022-23857 · Hirevue · Hirevue Hiring Platform
Name of the Vulnerable Software and Affected Versions: HireVue Hiring Platform version V1.0 Description: The issue concerns the use of a broken or risky cryptographic algorithm. However, this is disputed by the vendor due to inconsistencies with CVE ID assignment rules for cloud services and the...
Security Bulletin: Vulnerabilities in SSL and TLS protocols affects SAN Volume Controller and Storwize Family (CVE-2011-3389)
Summary SSL and TLS vulnerabilities were disclosed in September 2011. This vulnerability has been referred to as the “BEAST” attack. SSL protocol is used by SAN Volume Controller and Storwize Family. Vulnerability Details CVE-ID : CVE-2011-3389 DESCRIPTION : Multiple products could allow a remote...
Security Bulletin: Vulnerability in RC4 stream cipher affects WebSphere Business Services Fabric (CVE-2015-2808)
Summary The RC4 “Bar Mitzvah” attack for SSL/TLS affects IBM WebSphere Application Server that is used by WebSphere Business Services Fabric. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to...
golang.org/x/crypto: empty plaintext packet causes panic
There's an input validation flaw in golang.org/x/crypto's readCipherPacket function. An unauthenticated attacker who sends an empty plaintext packet to a program linked with golang.org/x/crypto/ssh could cause a panic, potentially leading to denial of service...
CVE-2022-2576
In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification DDoS other peer...
Design/Logic Flaw
In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification DDoS other peer...
OPENSUSE-SU-2022:2546-1 Security update for gpg2
This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability bsc1201225. - Use AES as default cipher instead of 3DES when we are in FIPS mode. bsc1196125...
SUSE-SU-2022:2546-1 Security update for gpg2
This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a status injection vulnerability bsc1201225. - Use AES as default cipher instead of 3DES when we are in FIPS mode. bsc1196125...
CVE-2022-34757
A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details. Affected Products: Easergy P5 V01.401.1...
Design/Logic Flaw
A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details. Affected Products: Easergy P5 V01.401.1...
CVE-2022-34757
A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details. Affected Products: Easergy P5 V01.401.1...
CVE-2022-34757
CVE-2022-34757 affects Schneider Electric Easergy P5 (V01.401.102 and prior). The issue is CWE-327: Use of a Broken or Risky Cryptographic Algorithm, where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, allowing an attacker to observe protected ...
Schneider Electric Easergy P5 加密问题漏洞
The Schneider Electric Easergy P5 is a protective relay for demanding medium voltage applications from Schneider Electric, France. A vulnerability in encryption issues exists in Schneider Electric Easergy P5 V01.401.102 and prior versions, which stems from the use of a corrupted or risky encrypti...
CVE-2022-34757
A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details. Affected Products: Easergy P5 V01.401.1...
GHSA-3WX7-46CH-7RQ2 AES OCB fails to encrypt some bytes
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was pre-existing in the memory that wasn't written. In the special case of "in place" encryptio...
AES OCB fails to encrypt some bytes
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was pre-existing in the memory that wasn't written. In the special case of "in place" encryptio...
RUSTSEC-2022-0032 AES OCB fails to encrypt some bytes
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...
UBUNTU-CVE-2022-2097
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...
June 23, 2022—KB5014665 (OS Build 20348.803) Preview
June 23, 2022—KB5014665 OS Build 20348.803 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out...
PT-2022-3092 · Motorola · Motorola Mdlc Protocol
Name of the Vulnerable Software and Affected Versions: Motorola MDLC protocol through 2022-05-02 Description: The issue is related to the Motorola MDLC protocol's handling of message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption...