[SECURITY] Fedora 38 Update: rust-aes-gcm-0.10.3-1.fc38

Pure Rust implementation of the AES-GCM Galois/Counter Mode Authenticated Encryption with Associated Data AEAD Cipher with optional architecture-specific hardware acceleration...

[SECURITY] Fedora 37 Update: rust-aes-gcm-0.10.3-1.fc37

Pure Rust implementation of the AES-GCM Galois/Counter Mode Authenticated Encryption with Associated Data AEAD Cipher with optional architecture-specific hardware acceleration...

[SECURITY] Fedora 39 Update: rust-aes-gcm-0.10.3-1.fc39

Pure Rust implementation of the AES-GCM Galois/Counter Mode Authenticated Encryption with Associated Data AEAD Cipher with optional architecture-specific hardware acceleration...

CVE-2023-4333

CVE-2023-4333 affects the Broadcom RAID Controller web interface, where the server does not enforce SSL cipher ordering. The NVD entry notes a Low attack vector and Low privileges required with Local access, and a High confidentiality impact but no integrity/availability impact. The connected Red...

CVE-2023-2975

A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can...

CVE-2023-2975

Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misl...

CVE-2023-2975

OpenSSL’s AES-SIV implementation has a bug where empty associated data is not authenticated, potentially allowing misordering/removal of empty AD entries. The issue is CVE-2023-2975. Multiple advisories (AlmaLinux ALAS2023-2023-306 and Broadcom/Brocade updates) confirm patches are available; reme...

GHSA-3FHX-3VVG-2J84 quarkus-core vulnerable to client driven TLS cipher downgrading

A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol...

ROS-20230620-06

Vulnerability of the GENERALNAMEcmp function of OpenSSL library is related to a flaw in the mechanism of data type conversion data type conversion mechanism when processing x400 addresses. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service A...

CVE-2023-23300

The CVE concerns Garmin Connect IQ (CIQ): Toybox.Cryptography.Cipher.initialize in CIQ API versions 3.0.0–4.1.7 does not validate parameters, enabling buffer overflows when copying data. This could let a malicious app hijack firmware execution (high risk, per CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H...

CVE-2022-45453

TLS/SSL weak cipher suites enabled. The following products are affected: Acronis Cyber Protect 15 Windows, Linux before build 30984...

CVE-2023-2158 Impersonation through User-Controlled Token

Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious actor is able to gain access to another user's account by crafting a custom "Remember Me" token. This is possible due to the use of a hard-coded cipher which was used when generating the token. A...

CVE-2023-1255

A vulnerability was found in OpenSSL. This security flaw occurs because the AES-XTS cipher decryption implementation for the 64-bit ARM platform contains an issue that could cause it to read past the input buffer, leading to a crash...

CVE-2023-1255

Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The...

Goanywhere Encryption helper 7.1.1 - Remote Code Execution (RCE)

// Exploit Title: Goanywhere Encryption helper 7.1.1 - Remote Code Execution RCE // Google Dork: title:"GoAnywhere" // Date: 3/26/2023 // Exploit Author: Youssef Muhammad // Vendor Homepage: https://www.goanywhere.com/ // Software Link:...

Goanywhere Encryption helper 7.1.1 - Remote Code Execution Exploit

// Exploit Title: Goanywhere Encryption helper 7.1.1 - Remote Code Execution RCE // Google Dork: title:"GoAnywhere" // Exploit Author: Youssef Muhammad // Vendor Homepage: https://www.goanywhere.com/ // Software Link: https://www.dropbox.com/s/j31l8lgvapbopy3/ga703linuxx64.sh?dl=0 // Version: 7.1...

gnutls security and bug fix update

3.7.6-18 - Update gnutls-3.7.8-fips-pct-dh.patch to the upstream version 2168610 3.7.6-17 - Fix timing side-channel in TLS RSA key exchange 2162600 3.7.6-16 - fips: extend PCT to DH key generation 2168610 3.7.6-14 - fips: remove library path checking from FIPS integrity check 2149638 - fips: rena...

Updated python-cryptography packages fix security vulnerability

Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects such as 'bytes' to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an...

SSL/TLS Version Detection

Check if a server supports a given version of SSL/TLS and cipher suites. The certificate is stored in loot, and any known vulnerabilities against that SSL version and cipher suite combination are checked. These checks include POODLE, deprecated protocols, expired/not valid certs, low key strength...

CVE-2022-41983

CVE-2022-41983 describes a BIG-IP TMM vulnerability where, on certain hardware with Intel QAT and AES-GCM/CCM, data may be sent unencrypted despite an SSL profile. Affected BIG-IP branches: 16.x (vuln up to 16.1.3; fix in 16.1.3.1), 15.x (up to 15.1.6; fix in 15.1.7), 14.x (up to 14.1.5; fix in 1...