21 matches found
openSUSE 16 Security Update : openCryptoki (openSUSE-SU-2026:20699-1)
The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20699-1 advisory. This update for openCryptoki fixes the following issues Security issue: - CVE-2026-40253: Updated fix for malformed BER-encoded cryptographic objects...
SUSE-SU-2026:21637-1 Security update for openCryptoki
This update for openCryptoki fixes the following issues: - CVE-2026-40253: Updated fix for malformed BER-encoded cryptographic objects bsc1263819...
Security update for openCryptoki
This update for openCryptoki fixes the following issues: CVE-2026-40253: updated fix by IBM for malformed BER-encoded cryptographic objects bsc1263819 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
SUSE-SU-2026:21492-1 Security update for openCryptoki
This update for openCryptoki fixes the following issues: - CVE-2026-40253: Updated fix for malformed BER-encoded cryptographic objects bsc1263819...
SUSE-SU-2026:21419-1 Security update for openCryptoki
This update for openCryptoki fixes the following issues: - CVE-2026-23893: use of symlinks in group-writable token directories can lead to privilege escalation and data exposure bsc1257116. - CVE-2026-40253: malformed BER-encoded cryptographic objects can lead to information disclosure and denial...
SUSE-SU-2026:21455-1 Security update for openCryptoki
This update for openCryptoki fixes the following issues: - CVE-2026-23893: use of symlinks in group-writable token directories can lead to privilege escalation and data exposure bsc1257116. - CVE-2026-40253: malformed BER-encoded cryptographic objects can lead to information disclosure and denial...
SUSE CVE-2026-40253
openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. In versions 3.26.0 and below, the BER/DER decoding functions in the shared common library asn1.c accept a raw pointer but no buffer length parameter, and trust attacker-controlled BER length fields without validating them...
EUVD-2020-27040
Malware in sbrugna...
EUVD-2020-27039
Malware in sbrugna...
CVE-2020-5886
On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems setup for connection mirroring in a High Availability HA pair transfers sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only o...
CVE-2020-5886
On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems setup for connection mirroring in a High Availability HA pair transfers sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only o...
CVE-2020-5886
On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems setup for connection mirroring in a High Availability HA pair transfers sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only o...
CVE-2020-5885
On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems set up for connection mirroring in a high availability HA pair transfer sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only o...
CVE-2020-5885
On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems set up for connection mirroring in a high availability HA pair transfer sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only o...
Design/Logic Flaw
On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems set up for connection mirroring in a high availability HA pair transfer sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only o...
Design/Logic Flaw
On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems setup for connection mirroring in a High Availability HA pair transfers sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only o...
CVE-2020-5886
On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems setup for connection mirroring in a High Availability HA pair transfers sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only o...
CVE-2020-5885
On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems set up for connection mirroring in a high availability HA pair transfer sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only o...
CVE-2020-5885
CVE-2020-5885 affects F5 BIG-IP in HA connection mirroring setups. A control plane issue allows on-path attackers to read/modify keys used for EXPORT-based cipher suites by transferring sensitive cryptographic objects over an insecure channel. Affected versions and fixes per vendor advisories: BI...
F5 Networks BIG-IP : BIG-IP SSL state mirroring vulnerability (K17663061)
BIG-IP systems set up for connection mirroring in a high availability HA pair transfersensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only on the network used for connection mirroring.CVE-2020-5885 Impact On-path attackers ma...