2876 matches found
SUSE: Security Advisory (SUSE-SU-2015:2088-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2015:2088-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2021-18221 · Unknown · Jose-Node-Cjs-Runtime
Name of the Vulnerable Software and Affected Versions: jose-node-cjs-runtime versions prior to 3.11.4 Description: The AES CBC HMAC SHA2 Algorithm decryption in the jose-node-cjs-runtime package has a timing difference when a padding error occurs, creating a padding oracle. This allows an adversa...
PT-2021-18220 · Unknown · Jose-Node-Esm-Runtime
Name of the Vulnerable Software and Affected Versions: jose-node-esm-runtime versions prior to 3.11.4 Description: The AES CBC HMAC SHA2 Algorithm decryption in the jose-node-esm-runtime package has a timing difference when a padding error occurs, creating a padding oracle. This allows an adversa...
OSV-2021-616 Heap-buffer-overflow in Camellia_Ekeygen
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33028 Crash type: Heap-buffer-overflow READ 1 Crash state: CamelliaEkeygen Camelliasetkey cipherhwcamelliainitkey...
CVE-2021-20313
A flaw was found in ImageMagick. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality...
OESA-2021-1121 openssl security update
OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: The OpenSSL public API function X509issuerandserialhash attempts to create a unique hash value based on the issuer and serial number data...
OESA-2021-1116 nss security update
Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...
OESA-2021-1115 nss security update
Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...
CVE-2021-3446
A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the calle...
CVE-2019-0223
A cryptographic weakness was discovered in qpid-proton's use of TLS. If the qpid-proton client was used without client certificates, it would accept an anonymous cipher offered by the server. A man-in-the-middle attacker could use this to silently intercept traffic that should have been encrypted...
Security update for openssl-1_0_0 (moderate)
openSUSE Security Update: Security update for openssl-100 Announcement ID: openSUSE-SU-2021:0430-1 Rating: moderate References: 1182331 1182333 Cross-References: CVE-2021-23840 CVE-2021-23841 CVSS scores: CVE-2021-23840 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-23840 SUSE: 6...
NewStart CGSL MAIN 6.02 : libssh Multiple Vulnerabilities (NS-SA-2021-0069)
The remote NewStart CGSL host, running version MAIN 6.02, has libssh packages installed that are affected by multiple vulnerabilities: - A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in the way it handled AES-CTR or DES ciphers if enabled ciphers. The server or client could...
OESA-2021-1064 openvpn security update
OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the...
Security Bulletin: Datacap Taskmaster Capture is affected by vulnerable to AppScan's SSLv3 Client Hello with CBC cipher suites that contain TLS_FALLBACK_SCSV
Summary The server responded with a Handshake to AppScan's SSLv3 Client Hello with CBC cipher suites that contain TLSFALLBACKSCSV Vulnerability Details CVEID: CVE-2014-3566 DESCRIPTION: Multiple products could allow a remote attacker to obtain sensitive information, caused by a design error when...
PT-2021-4543 · Unknown +4 · Imagemagick +4
Name of the Vulnerable Software and Affected Versions: ImageMagick versions prior to 7.0.11 Description: A flaw was found in the TransformSignature function of ImageMagick, which could lead to a potential cipher leak when calculating signatures. This issue is related to the disclosure of...
ALPINE-CVE-2021-23840
Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...
DEBIAN-CVE-2021-23840
Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...
UBUNTU-CVE-2021-23840
Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...
Security Bulletin: Vulnerability in Diffie-Hellman ciphers affects IBM DataQuant for Workstation (CVE-2015-4000)
Summary The Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol affects IBM DataQuant for Workstation. Vulnerability Details CVEID: CVE-2015-4000 The TLS protocol could allow a remote attacker to obtain sensitive information, caused by the failure to properly convey...