2863 matches found
Linux Distros Unpatched Vulnerability : CVE-2010-4180
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSLOPNETSCAPEREUSECIPHERCHANGEBUG is enabled, does not properly prevent modification of the ciphersuite in...
OESA-2025-1191 edk2 security update
EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during th...
SUSE CVE-2022-49258
In the Linux kernel, the following vulnerability has been resolved: crypto: ccree - Fix use after free in cccipherexit kfreesensitivectxp-user.key will free the ctxp-user.key. But ctxp-user.key is still used in the next line, which will lead to a use after free. We can call kfreesensitive after...
Siemens SIMATIC and SCALANCE Incorrect Provision of Specified Functionality (CVE-2023-5363)
Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non- uniqueness, which could result i...
Broadcom SANnav 安全漏洞
Broadcom SANnav is a suite of SAN management platforms from Broadcom Corporation USA. A security vulnerability exists in Broadcom SANnav that stems from a weak TLS cipher enabled on ports 443 and 18082...
Azure Linux 3.0 Security Update: cloud-hypervisor-cvm / hvloader / nodejs18 (CVE-2023-5363)
The version of cloud-hypervisor-cvm / hvloader / nodejs18 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-5363 advisory. - Issue summary: A bug has been identified in the processing of key and...
curl: TLS Cipher Misconfiguration in HTTP/3/QUIC Support
Summary: This vulnerability occurs when the --ciphers option is used with the curl command to manually specify TLS cipher suites. HTTP/3 or QUIC fails to function in this scenario because QUIC does not rely on traditional TLS cipher suites defined for TLS 1.2 or earlier. Consequently, using the...
CVE-2019-5152
An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An...
CVE-2020-11267
Stack out-of-bounds write occurs while setting up a cipher device if the provided IV length exceeds the max limit value in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...
K000149629: libldap vulnerability CVE-2015-3276
Security Advisory Description The nssparseciphers function in libraries/libldap/tlsm.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown...
CVE-2022-3365
Due to reliance on a trivial substitution cipher, sent in cleartext, and the reliance on a default password when the user does not set a password, the Remote Mouse Server by Emote Interactive can be abused by attackers to inject OS commands over theproduct's custom control protocol. A Metasploit...
CVE-2022-3365
CVE-2022-3365 affects Remote Mouse Server by Emote Interactive. The Red Hat, NVD, and CVE records describe unauthenticated remote code execution via the server’s protocol, tied to weak encoding (trivial substitution cipher) and default password use when none is set, with Metasploit tests against ...
PT-2025-1362 · Emote Interactive · Remote Mouse Server
Name of the Vulnerable Software and Affected Versions: Remote Mouse Server by Emote Interactive version 4.110 Description: The issue arises due to the product's reliance on a trivial substitution cipher sent in cleartext and its use of a default password when no password is set by the user. This...
easy-rsa 加密问题漏洞
easy-rsa is a simple shell-based CA utility from the OpenVPN open source. A security vulnerability exists in easy-rsa versions 3.0.5 through 3.1.7, which stems from the fact that when creating a password-protected CA private key using the easyrsa build-ca command, Easy-RSA incorrectly uses the...
CVE-2024-55555
Invoice Ninja before 5.10.43 allows remote code execution from a pre-authenticated route when an attacker knows the APPKEY. This is exacerbated by .env files, available from the product's repository, that have default APPKEY values. The route/hash route defined in the invoiceninja/routes/client.p...
PT-2026-4942
Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.3 through 3.6 Description A flaw exists in OpenSSL where the SSL CIPHER find function, when used in a QUIC protocol client or server, can experience a NULL pointer dereference if it receives an unknown cipher suite from its...
PT-2024-40305 · Unknown · Magiccrypt192 +3
Name of the Vulnerable Software and Affected Versions: MagicCrypt64, MagicCrypt128, MagicCrypt192, and MagicCrypt256 affected versions not specified Description: The issue concerns the use of insecure cryptographic algorithms and practices that compromise the integrity of encrypted data...
SUSE CVE-2024-53185
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix NULL ptr deref in cryptoaeadsetkey Neither SMB3.0 or SMB3.02 supports encryption negotiate context, so when SMB2GLOBALCAPENCRYPTION flag is set in the negotiate response, the client uses AES-128-CCM as the defaul...
AZL-54824 CVE-2024-53185 affecting package kernel for versions less than 6.6.64.2-1
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix NULL ptr deref in cryptoaeadsetkey Neither SMB3.0 or SMB3.02 supports encryption negotiate context, so when SMB2GLOBALCAPENCRYPTION flag is set in the negotiate response, the client uses AES-128-CCM as the defaul...
DEBIAN-CVE-2024-53185
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix NULL ptr deref in cryptoaeadsetkey Neither SMB3.0 or SMB3.02 supports encryption negotiate context, so when SMB2GLOBALCAPENCRYPTION flag is set in the negotiate response, the client uses AES-128-CCM as the defaul...