96 matches found
kernel: Buffer over-read in crypto_authenc_extractkeys() when a payload longer than 4 bytes is not aligned.
A buffer over-read flaw was found in cryptoauthencextractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash...
Citrix ADC FIPS Compliance/Validation FAQ
General Overview 1. What are Federal Information Processing Standards FIPS? FIPS are standards and guidelines for federal computer systems that are developed by National Institute of Standards and Technology NIST in accordance with the Federal Information Security Management Act FISMA and approve...
CentOS Update for nss-softokn CESA-2019:4190 centos7
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS 7 : nss / nss-softokn / nss-util (CESA-2019:4190)
An update for nss, nss-softokn, and nss-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...
nss security update
CentOS Errata and Security Advisory CESA-2019:4190 An update for nss, nss-softokn, and nss-util is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which...
nss security update
CentOS Errata and Security Advisory CESA-2019:4152 An update for nss-softokn is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
The vulnerability of the CAPICOM cryptographic module, related to errors in code generation, allows a perpetrator to execute arbitrary code.
The vulnerability of the CAPICOM cryptographic module is related to errors in code generation control. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
[SECURITY] Fedora 29 Update: nss-softokn-3.39.0-2.fc29
Network Security Services Softoken Cryptographic Module...
[SECURITY] Fedora 27 Update: nss-softokn-3.39.0-1.0.fc27
Network Security Services Softoken Cryptographic Module...
[SECURITY] Fedora 28 Update: nss-softokn-3.39.0-1.0.fc28
Network Security Services Softoken Cryptographic Module...
What Is FIPS 140-2 & Why Does It Matter?
Editor's Note: Ray Potter, the blog's author, is the CEO and Co-founder of SafeLogic. Carbon Black has just announced the successful FIPS 140-2 validation of their Carbon Black Cryptographic Module and availability within their Cb Response and Cb Protection products. Our team at SafeLogic is...
CRYPTO module null pointer reference vulnerability in multiple Huawei products
Huawei DP300, RP200, TE30/40/50/60, TP3106/3206, and ViewPoint 9030 are Huawei's all-in-one Desktop Intelligence products and HD video conferencing terminals for high-end customers. A buffer overflow vulnerability exists in the CRYPTO module of multiple Huawei products, which is due to the progra...
[SECURITY] Fedora 21 Update: nss-softokn-3.20.1-1.0.fc21
Network Security Services Softoken Cryptographic Module...
[SECURITY] Fedora 22 Update: nss-softokn-3.20.1-1.0.fc22
Network Security Services Softoken Cryptographic Module...
[SECURITY] Fedora 23 Update: nss-softokn-3.20.1-1.0.fc23
Network Security Services Softoken Cryptographic Module...
Cisco ASA Unauthorized Modification Vulnerability (Cisco-SA-20150714-CVE-2015-4458)
This VT has been deprecated and replaced by the VT SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2015-4458
CVE-2015-4458 affects Cisco ASA and related products where the Cavium cryptographic-module TLS code fails to verify the MAC field. The root cause is an error in the Cavium firmware that allows a remote attacker to modify TLS packets without detection, enabling MITM content spoofing. Connected sou...
Cisco ASA Message Authentication Code Vulnerability (Cisco-SA-20150714-CVE-2015-4458)
Cisco ASA is prone to a Message Authentication Code checking vulnerability. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...
The vulnerability of Cisco ASA network firewalls allows attackers to gain access to traffic transmitted via IPSec and IKEv2 protocols.
The vulnerability of the Cisco ASA firewall’s cryptographic module is related to errors in cryptographic transformations. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to traffic transmitted via IPSec and IKEv2 protocols through a “man-in-the-middle...
postgresql: pgcrypto has multiple error messages for decryption with an incorrect key.
It was discovered that the pgcrypto module could return different error messages when decrypting certain data with an incorrect key. This could potentially help an authenticated user to launch a possible cryptographic attack, although no suitable attack is currently known...