Siemens SIMATIC

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

PT-2023-18315 · Hlos · Hlos

Name of the Vulnerable Software and Affected Versions: HLOS affected versions not specified Description: A cryptographic issue exists where derived keys used for encryption and decryption remain present on the stack after use. Recommendations: At the moment, there is no information about a newer...

Security Bulletin: "Timing Oracle in RSA Decryption" issue may affect GSKit shipped with IBM CICS TX Advanced

Summary "Timing Oracle in RSA Decryption" issue may affect GSKit shipped with IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable vulnerabilities. Vulnerability Details CVEID:CVE-2023-33850 DESCRIPTION: IBM GSKit-Crypto could allow a remote attacker to obtain sensitive...

Security Bulletin: "Timing Oracle in RSA Decryption " issue may affect GSKit shipped with IBM CICS TX Standard

Summary "Timing Oracle in RSA Decryption " issue may affect GSKit shipped with IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-33850 DESCRIPTION: IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, cause...

QEMU Buffer Overflow Vulnerability (CNVD-2024-14774)

QEMU is a suite of simulation processor software. The software is fast and cross-platform. Qemu suffers from a buffer overflow vulnerability that stems from the fact that the values of srclen and dstlen are not checked in virtiocryptosymophelper, and a heap buffer overflow may occur when processi...

Security Bulletin: Timing Oracle in RSA Decryption vulnerability might affect GSKit supplied with IBM TXSeries for Multiplatforms.

Summary Timing Oracle in RSA Decryption vulnerability might affect GSKit supplied with IBM TXSeries for Multiplatforms. IBM TXSeries for Multiplatforms has addressed the applicable vulnerabilities. Vulnerability Details CVEID:CVE-2023-33850 DESCRIPTION: IBM GSKit-Crypto could allow a remote...

SUSE: Security Advisory (SUSE-SU-2023:3179-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15: libopenssl-1_1-devel / libopenssl-1_1-devel-32bit / libopenssl1_1 / etc (SUSE-SU-2023:3179-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3179-1 advisory. - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out...

CVE-2023-3180

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the value of srclen and dstlen in virtiocryptosymophelper, potentially leading to a heap buffer overflow when the two values differ...

AZL-31817 CVE-2023-3180 affecting package qemu for versions less than 6.2.0-23

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the value of srclen and dstlen in virtiocryptosymophelper, potentially leading to a heap buffer overflow when the two values differ...

CVE-2023-3180

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the value of srclen and dstlen in virtiocryptosymophelper, potentially leading to a heap buffer overflow when the two values differ...

CVE-2023-3180

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the value of srclen and dstlen in virtiocryptosymophelper, potentially leading to a heap buffer overflow when the two values differ...

Heap overflow

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the value of srclen and dstlen in virtiocryptosymophelper, potentially leading to a heap buffer overflow when the two values differ...

CVE-2023-3180

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the value of srclen and dstlen in virtiocryptosymophelper, potentially leading to a heap buffer overflow when the two values differ...

CVE-2023-3180 Heap buffer overflow in virtio_crypto_sym_op_helper()

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the value of srclen and dstlen in virtiocryptosymophelper, potentially leading to a heap buffer overflow when the two values differ...

CVE-2023-3180 Heap buffer overflow in virtio_crypto_sym_op_helper()

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtiocryptohandlesymreq. There is no check for the value of srclen and dstlen in virtiocryptosymophelper, potentially leading to a heap buffer overflow when the two values differ...

CVE-2023-3180

CVE-2023-3180 affects the QEMU virtio-crypto implementation. The vulnerability arises from not checking src_len vs dst_len in virtio_crypto_sym_op_helper, enabling a heap buffer overflow during encryption/decryption requests via virtio_crypto_handle_sym_req. Public references (Debian, CNVD, CNAs)...

Important: Red Hat Security Advisory: mod_auth_openidc:2.3 security update

An update for the modauthopenidc:2.3 module is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

cjose security update

0.6.1-13 - CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE Resolves: rhbz2223308...

mod_auth_openidc:2.3 security update

cjose 0.6.1-3 - CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE Resolves: rhbz2223308 modauthopenidc 2.4.9.4-1 - Resolves: rhbz2025368 - Rebase to new version...