OpenSSL 3.1.0 < 3.1.2 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.1.2. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.1.2 advisory. - Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions...

OpenSSL 3.0.0 < 3.0.10 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.0.10. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.0.10 advisory. - Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functio...

CVE-2023-28021

The BigFix WebUI uses weak cipher suites...

Code injection

The BigFix WebUI uses weak cipher suites...

CVE-2023-28021 BigFix WebUI is vulnerable to use of a risky cryptographic algorithm

The BigFix WebUI uses weak cipher suites...

CVE-2023-28021

CVE-2023-28021 concerns HCL BigFix WebUI and the use of weak cipher suites. The vulnerability is described across multiple feeds as a crypto-related weakness affecting the WebUI, with confidentiality impact; no explicit exploitation details or affected version ranges are provided in the supplied ...

HCL BigFix Platform 加密问题漏洞

HCL Technologies HCL BigFix Platform is a suite of endpoint security management platforms from HCL Technologies, USA. The platform supports automated discovery, management and remediation of endpoint security issues. A security vulnerability exists in the HCL BigFix WebUI that stems from the use ...

PT-2023-21487 · Ibm · Bigfix Webui

Name of the Vulnerable Software and Affected Versions: BigFix WebUI affected versions not specified Description: The issue concerns the use of weak cipher suites by the BigFix WebUI. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...

UBUNTU-CVE-2023-37464

OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug...

CVE-2023-2975

Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misl...

CVE-2023-2975

Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Impact summary: Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misl...

CVE-2023-2975

OpenSSL’s AES-SIV implementation has a bug where empty associated data is not authenticated, potentially allowing misordering/removal of empty AD entries. The issue is CVE-2023-2975. Multiple advisories (AlmaLinux ALAS2023-2023-306 and Broadcom/Brocade updates) confirm patches are available; reme...

CVE-2023-20185

A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic. This vulnerability is due to an issue with the implementation of the cipher...

CVE-2023-3108

A flaw was found in the subsequent getuserpagesfast in the Linux kernel’s interface for symmetric key cipher algorithms in the skcipherrecvmsg of crypto/algifskcipher.c function. This flaw allows a local user to crash the system...

CVE-2023-3108

A flaw was found in the subsequent getuserpagesfast in the Linux kernel’s interface for symmetric key cipher algorithms in the skcipherrecvmsg of crypto/algifskcipher.c function. This flaw allows a local user to crash the system...

Design/Logic Flaw

A flaw was found in the subsequent getuserpagesfast in the Linux kernel’s interface for symmetric key cipher algorithms in the skcipherrecvmsg of crypto/algifskcipher.c function. This flaw allows a local user to crash the system...

UBUNTU-CVE-2023-3108

A flaw was found in the subsequent getuserpagesfast in the Linux kernel’s interface for symmetric key cipher algorithms in the skcipherrecvmsg of crypto/algifskcipher.c function. This flaw allows a local user to crash the system...

CVE-2023-3108 Kernel: a race condition in crypto module in the function skcipher_recvmsg

A flaw was found in the subsequent getuserpagesfast in the Linux kernel’s interface for symmetric key cipher algorithms in the skcipherrecvmsg of crypto/algifskcipher.c function. This flaw allows a local user to crash the system...

CVE-2023-3108

A flaw was found in the subsequent getuserpagesfast in the Linux kernel’s interface for symmetric key cipher algorithms in the skcipherrecvmsg of crypto/algifskcipher.c function. This flaw allows a local user to crash the system...

CVE-2023-3108

CVE-2023-3108 affects the Linux kernel, specifically the get_user_pages_fast path in the skcipher_recvmsg interface for symmetric-key ciphers (crypto/algif_skcipher.c). The flaw allows a local user to crash the system. Public details in the provided documents confirm the vulnerable component and ...