Moxa AWK-3131A Series Industrial AP/Bridge/Client Use of Hard-Coded Cryptographic Key (CVE-2019-5137)

The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

mod_auth_openidc:2.3 security update

cjose 0.6.1-3 - CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE Resolves: rhbz2223308 modauthopenidc 2.4.9.4-1 - Resolves: rhbz2025368 - Rebase to new version...

cjose security update

0.6.1-13 - CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE Resolves: rhbz2223308...

AlmaLinux 8 : mod_auth_openidc:2.3 (ALSA-2023:4418)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:4418 advisory. cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE CVE-2023-37464 Tenable has extracted the preceding description...

Oracle Linux 8 : mod_auth_openidc:2.3 (ELSA-2023-4418)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-4418 advisory. - CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE Resolves: rhbz2223308 modauthopenidc Tenab...

Important: Red Hat Security Advisory: cjose security update

An update for cjose is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Important: Red Hat Security Advisory: cjose security update

An update for cjose is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE

A vulnerability was found in cjose. The cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the tag length from the actual Authentication Tag provided in the JSON Web Encryption JWE. A fixed length of 16 octets must ...

Important: Red Hat Security Advisory: mod_auth_openidc:2.3 security update

An update for the modauthopenidc:2.3 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has...

Important: Red Hat Security Advisory: mod_auth_openidc:2.3 security update

An update for the modauthopenidc:2.3 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE

A vulnerability was found in cjose. The cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the tag length from the actual Authentication Tag provided in the JSON Web Encryption JWE. A fixed length of 16 octets must ...

RHEL 8 : mod_auth_openidc:2.3 (RHSA-2023:4418)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4418 advisory. The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connec...

CentOS 8 : mod_auth_openidc:2.3 (CESA-2023:4418)

The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2023:4418 advisory. - OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the Tag length fr...

ALSA-2023:4411 Important: cjose security update

CJose is C library implementing the Javascript Object Signing and Encryption JOSE. Security Fixes: cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE CVE-2023-37464 For more details about the security issues, including the impact, a CVSS score,...

Important: cjose security update

CJose is C library implementing the Javascript Object Signing and Encryption JOSE. Security Fixes: cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE CVE-2023-37464 For more details about the security issues, including the impact, a CVSS score,...

EulerOS Virtualization 2.10.1 : gnutls (EulerOS-SA-2023-2451)

According to the versions of the gnutls packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be...

EulerOS Virtualization 2.10.1 : openssl (EulerOS-SA-2023-2464)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext...

EulerOS Virtualization 2.10.0 : openssl (EulerOS-SA-2023-2489)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext...

Security Bulletin: IBM Storage Protect Server is vulnerable to sensitive information disclosure due to IBM GSKit ( CVE-2023-32342 )

Summary IBM GSKit is used by IBM Storage Protect Server and may be affected by vulnerability CVE-2023-32342. Vulnerability Details CVEID:CVE-2023-32342 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption...

Security Bulletin: CVE-2023-32342 may affect GSKit shipped with IBM CICS TX Advanced

Summary CVE-2023-32342 may affect GSKit shipped with IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-32342 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel ...