Design/Logic Flaw

Akuvox E11 contains a function that encrypts messages which are then forwarded. The IV vector and the key are static, and this may allow an attacker to decrypt messages...

CVE-2023-0343 CVE-2023-0343

Akuvox E11 contains a function that encrypts messages which are then forwarded. The IV vector and the key are static, and this may allow an attacker to decrypt messages...

CVE-2023-0343 CVE-2023-0343

Akuvox E11 contains a function that encrypts messages which are then forwarded. The IV vector and the key are static, and this may allow an attacker to decrypt messages...

PT-2023-16196 · Akuvox · Akuvox E11

Name of the Vulnerable Software and Affected Versions: Akuvox E11 affected versions not specified Description: The issue concerns a function in Akuvox E11 that encrypts messages before forwarding them. This function uses a static IV vector and key, which could potentially allow an attacker to...

CLSA-2023-1680206329 openssl: Fix of 2 CVEs

CVE-2022-4304: fix timing based side channel in RSA decryption - CVE-2022-4450: avoid dangling pointers in PEMreadbioex...

Security Bulletin: Java vulnerability on IBM SAN Volume Controller and Storwize Family (CVE-2014-0411)

Summary Security Bulletin: Java vulnerability on IBM SAN Volume Controller and Storwize Family CVE-2014-0411 Vulnerability Details Security Bulletin --- Summary --- Java vulnerability could allow decryption of long GUI session Vulnerability Details --- CVEID: CVE-2014-0411 DESCRIPTION: Java is us...

Rocky Linux 9 : openssl (RLSA-2023:0946)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0946 advisory. - A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after...

openssl security update

An update is available for openssl. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transpo...

Rocky Linux 8 : openssl (RLSA-2023:1405)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:1405 advisory. - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a...

openssl security update

1:1.1.1k-9 - Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed Double free after calling PEMreadbioex Resolves: CVE-2022-4450 - Fixed Use-after-free following BIOnewNDEF Resolves: CVE-2023-0215 - Fixed X.400 address type confusion in X.509 GeneralName Resolves: CVE-2023-0286...

Oracle Linux 8 : openssl (ELSA-2023-12213)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12213 advisory. - Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed Double free after calling PEMreadbioex Resolves: CVE-2022-4450 - Fixed...

CVE-2023-25263

In Stimulsoft Designer Desktop 2023.1.5, and 2023.1.4, once an attacker decompiles the Stimulsoft.report.dll the attacker is able to decrypt any connectionstring stored in .mrt files since a static secret is used. The secret does not differ between the tested versions and different operating...

CVE-2023-25263

In Stimulsoft Designer Desktop 2023.1.5, and 2023.1.4, once an attacker decompiles the Stimulsoft.report.dll the attacker is able to decrypt any connectionstring stored in .mrt files since a static secret is used. The secret does not differ between the tested versions and different operating...

CVE-2023-20107

A vulnerability in the deterministic random bit generator DRBG, also known as pseudorandom number generator PRNG, in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software for Cisco ASA 5506-X, ASA 5508-X, and ASA 5516-X Firewalls could allow an...

RHEL 8 : openssl (RHSA-2023:1405)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1405 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

AlmaLinux 8 : openssl (ALSA-2023:1405)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:1405 advisory. - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a...

CVE-2023-22271

Experience Manager versions 6.5.15.0 and earlier are affected by a Weak Cryptography for Passwords vulnerability that can lead to a security feature bypass. A low-privileged attacker can exploit this in order to decrypt a user's password. The attack complexity is high since a successful...

CVE-2023-22271

Experience Manager versions 6.5.15.0 and earlier are affected by a Weak Cryptography for Passwords vulnerability that can lead to a security feature bypass. A low-privileged attacker can exploit this in order to decrypt a user's password. The attack complexity is high since a successful...

Important: Red Hat Security Advisory: openssl security update

An update for openssl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

openssl: timing attack in RSA Decryption implementation

A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages...