Lucene search
K

13 matches found

Tenable Nessus
Tenable Nessus
added 2025/02/25 12:0 a.m.5 views

Siemens SIMATIC Devices Linux Kernel Use of a Broken or Risky Cryptographic Algorithm (CVE-2022-1434)

When using the RC4-MD5 ciphersuite, which is disabled by default, an attacker is able to modify data in transit due to an incorrect use of the AAD data as the MAC key in OpenSSL 3.0. An attacker is not able to decrypt any communication. This plugin only works with Tenable.ot. Please visit...

5.9CVSS6.6AI score0.01026EPSS
Exploits0References6
Oracle linux
Oracle linux
added 2024/11/22 12:0 a.m.55 views

edk2 security update

Mon Sep 09 2024 Aaron Young - Create new 20240909 release for OL9 which includes the following fixed CVEs: - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access Orabug: 36990130 CVE-2024-1298 - EDK...

7.5CVSS7.4AI score0.96275EPSS
Exploits28
ICS
ICS
added 2023/02/14 12:0 a.m.42 views

Siemens Brownfield Connectivity Client

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

10CVSS9.5AI score0.83223EPSS
Exploits5References11
Cloud Foundry
Cloud Foundry
added 2022/07/29 12:0 a.m.46 views

USN-5402-1: OpenSSL vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description Elison Niven discovered that OpenSSL incorrectly handled the crehash script. A local attacker could possibly use this issue to execute arbitrary commands when crehash is run. CVE-2022-1292 Raul Metsma...

10CVSS8.7AI score0.83223EPSS
Exploits5Affected Software3
OpenVAS
OpenVAS
added 2022/07/07 12:0 a.m.29 views

openSUSE: Security Advisory for openssl-3 (SUSE-SU-2022:2306-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

10CVSS7.3AI score0.96275EPSS
Exploits6References2
OpenVAS
OpenVAS
added 2022/07/07 12:0 a.m.35 views

SUSE: Security Advisory (SUSE-SU-2022:2306-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.3AI score0.96275EPSS
Exploits6References2
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/04 1:19 p.m.42 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to multiple openSSL vulnerabilities in Node.js (CVE-2022-1434, CVE-2022-1343, CVE-2022-1473)

Summary IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a man-in-the-middle attack, remote attacker bypassing security restrictions and denial of service due to openSSL vulnerabilities in Node.js CVE-2022-1434, CVE-2022-1343, CVE-2022-1473. IBM App Connect provides a fix/fix...

7.5CVSS1.5AI score0.02386EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/17 6:45 p.m.107 views

Security Bulletin: IBM QRadar WinCollect is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., third party libraries that may be identified and exploited with automated tools. IBM QRadar WinCollect for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2022-1434 DESCRIPTION: OpenSSL is vulnerable to a...

10CVSS8.8AI score0.83223EPSS
Exploits14Affected Software1
OpenVAS
OpenVAS
added 2022/05/05 12:0 a.m.35 views

Ubuntu: Security Advisory (USN-5402-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS6.8AI score0.83223EPSS
Exploits5References2
OpenVAS
OpenVAS
added 2022/05/04 12:0 a.m.25 views

OpenSSL: Multiple Vulnerabilities (May 2022) - Windows

OpenSSL is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

10CVSS6.8AI score0.83223EPSS
Exploits5References1
CVE
CVE
added 2022/05/03 3:15 p.m.202 views

CVE-2022-1434

The CVE-2022-1434 issue affects the RC4-MD5 ciphersuite in OpenSSL 3.0, where the AAD data is incorrectly used as the MAC key, allowing an attacker to modify data in transit without decrypting it. The vulnerability requires both endpoints to negotiate RC4-MD5, and it is not exploitable when TLSv1...

5.9CVSS7.3AI score0.01026EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2022/05/03 3:15 p.m.24 views

CVE-2022-1434 Incorrect MAC key used in the RC4-MD5 ciphersuite

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipie...

7.5AI score0.01026EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/05/03 12:0 a.m.375 views

OpenSSL 3.0.0 < 3.0.3 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.0.3. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.0.3 advisory. - The OPENSSLLHflush function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed has...

10CVSS7.4AI score0.83223EPSS
Exploits5References13
Rows per page
Query Builder