Missing Cryptographic Step

Overview openssl is a package that wraps the OpenSSL library. Affected versions of this package are vulnerable to Missing Cryptographic Step when the EVPEncryptInitex2, EVPDecryptInitex2 or EVPCipherInitex2 functions are used. An attacker can cause truncation or overreading of key and...

PT-2023-6818

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.0 and 3.1 Description A bug has been identified in the processing of key and initialisation vector IV lengths, potentially leading to truncation or overruns during the initialisation of some symmetric ciphers. This issue can...

Ubuntu 22.04 LTS / 23.04 / 23.10 : OpenSSL vulnerabilities (USN-6450-1)

The remote Ubuntu 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6450-1 advisory. Tony Battersby discovered that OpenSSL incorrectly handled key and initialization vector IV lengths. This could lead to truncation issues...

UBUNTU-CVE-2023-5363

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...

CVE-2022-24404

Lack of cryptographic integrity check on TETRA air-interface encrypted traffic. Since a stream cipher is employed, this allows an active adversary to manipulate cleartext data in a bit-by-bit fashion...

Texas Instruments OMAP L138 Security Vulnerability

The Texas Instruments OMAP L138 is a DSP+ARM industrial processor from Texas Instruments. A security vulnerability exists in the Texas Instruments OMAP L138 secure variants, which stems from the ES implementation being susceptible to a timing side-channel, which can be exploited by an attacker to...

TETRA BURST Security Vulnerability

TETRA BURST is a terrestrial trunked radio standard for radio communications from TETRA BURST. A security vulnerability exists in TETRA BURST that stems from a flaw in the authentication algorithm, which can be exploited by an attacker to set the derived cipher DCK to 0. The vulnerability is caus...

PT-2023-5882 · Mbed Tls +3 · Mbed Tls +3

Name of the Vulnerable Software and Affected Versions: Mbed TLS versions 2.x before 2.28.5 Mbed TLS versions 3.x before 3.5.0 Description: The issue is related to errors in handling encryption in DTLS connections, specifically when using zero encryption or RC4 cipher. This can allow a remote...

[SECURITY] Fedora 38 Update: rust-aes-gcm-0.10.3-1.fc38

Pure Rust implementation of the AES-GCM Galois/Counter Mode Authenticated Encryption with Associated Data AEAD Cipher with optional architecture-specific hardware acceleration...

[SECURITY] Fedora 37 Update: rust-aes-gcm-0.10.3-1.fc37

Pure Rust implementation of the AES-GCM Galois/Counter Mode Authenticated Encryption with Associated Data AEAD Cipher with optional architecture-specific hardware acceleration...

[SECURITY] Fedora 39 Update: rust-aes-gcm-0.10.3-1.fc39

Pure Rust implementation of the AES-GCM Galois/Counter Mode Authenticated Encryption with Associated Data AEAD Cipher with optional architecture-specific hardware acceleration...

PT-2023-8586 · Unknown +1 · Freeswitch +1

Name of the Vulnerable Software and Affected Versions: FreeSWITCH versions prior to 1.10.11 Description: The issue is related to incorrect handling of exceptional states in the FreeSWITCH software-defined telecom stack, which can lead to a Denial of Service DoS when handling DTLS-SRTP for media...

CVE-2023-42811

aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decryptinplacedetached, the decrypted ciphertext i.e. the correct plaintext is exposed even if tag verification fails. If a program using the aes-gcm...

Siemens LOGO! 8 BM Use of a Broken or Risky Cryptographic Algorithm (CVE-2020-25230)

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Due to the usage of an outdated cipher mode on port 10005/tcp, an attacker could extract the encryption key from a captured communication with the device. This plugin only works with Tenable.ot. Please visi...

Security Bulletin: Multiple vulnerabilities in OpenSSL affect AIX

Summary There are multiple vulnerabilities in OpenSSL as used by AIX. OpenSSL is used by AIX as part of AIX's secure network communications. Vulnerability Details CVEID:CVE-2023-0464 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error related to the verification of X.509...

ALPINE-CVE-2023-4807

Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X8664 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses...

CVE-2023-4807

Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X8664 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses...

python-cryptography: memory corruption via immutable objects

A vulnerability was found in python-cryptography. In affected versions, Cipher.updateinto would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects such as bytes to be mutated, thus violating the fundamental rules of...

The client and server don't support a common SSL protocol version or cipher suite

After updating the Server certificate binding to NetScaler SSL Virtual Server, customer is unable to access the SSL Virtual Server via Internet with below browser notification. While intranet access to it works fine. “Unsupported protocol. The client and server don't support a common SSL protocol...

The Low-Stakes Race to Crack an Encrypted German U-Boat Message

A ramshackle team of American scientists scrambled to decode the Nazi cipher before the time ran out. Luckily, they had a secret weapon...