CVE-2023-22271 AEM Weak Cryptography for Passwords Security feature bypass

Experience Manager versions 6.5.15.0 and earlier are affected by a Weak Cryptography for Passwords vulnerability that can lead to a security feature bypass. A low-privileged attacker can exploit this in order to decrypt a user's password. The attack complexity is high since a successful...

PT-2023-2257 · Cisco · Cisco Ftd +1

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software versions prior to the fixed version Cisco Firepower Threat Defense FTD Software versions prior to the fixed version Description: The issue is related to the deterministic random bit generator DRB...

ALSA-2023:1405 Important: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: X.400 address type confusion in X.509 GeneralName CVE-2023-0286 openssl: timing attack in RSA...

openssl security update

1:1.1.1k-9 - Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed Double free after calling PEMreadbioex Resolves: CVE-2022-4450 - Fixed Use-after-free following BIOnewNDEF Resolves: CVE-2023-0215 - Fixed X.400 address type confusion in X.509 GeneralName Resolves: CVE-2023-0286...

Oracle Linux 8 : openssl (ELSA-2023-1405)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-1405 advisory. - Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed Double free after calling PEMreadbioex Resolves: CVE-2022-4450 - Fixed...

Security Bulletin: Multiple vulnerabilities in OpenSSL affect AIX

Summary Vulnerabilities in OpenSSL could allow a remote attacker to cause a denial service CVE-2022-3996, CVE-2023-0401, CVE-2022-4203, CVE-2023-0216, CVE-2023-0215, CVE-2023-0217, CVE-2023-0286, CVE-2022-4450 or obtain sensitive information CVE-2022-4304. OpenSSL is used by AIX as part of AIX's...

Vulnerability in OpenSSL CVE-2023-1255

Issue summary : The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary : Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The...

Amazon Linux 2023 : openssl, openssl-devel, openssl-libs (ALAS2023-2023-101)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-101 advisory. A flaw was found in Open SSL. A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain...

CBL Mariner 2.0 Security Update: m2crypto (CVE-2020-25657)

The version of m2crypto installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-25657 advisory. - A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing...

Fedora 36 : gnutls / guile-gnutls (2023-4fc4c33f2b)

The remote Fedora 36 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-4fc4c33f2b advisory. Release of gnutls 3.8.0 fixes CVE-2023-0361 Release of gnutls guile bingings as standalone package. Tenable has extracted the preceding description block...

Ransomware attack hits ANOTHER school

In what is likely Vice Society's handiwork, the UK's largest state boarding school Wymondham College has announced it has become the victim of a "sophisticated cyberattack". The school didn't provide additional information, but Jonathan Taylor, chief of the school's parent company Sapientia...

gnutls: timing side-channel in the TLS RSA key exchange code

A timing side-channel vulnerability was found in RSA ClientKeyExchange messages in GnuTLS. This side-channel may be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, the attacker would need to send ...

openssl: timing attack in RSA Decryption implementation

A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages...

RHEL 9 : openssl (RHSA-2023:1199)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1199 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

CVE-2023-0353

Akuvox E11 uses a weak encryption algorithm for stored passwords and uses a hard-coded password for decryption which could allow the encrypted passwords to be decrypted from the configuration file...

Hardcoded credentials

Akuvox E11 uses a weak encryption algorithm for stored passwords and uses a hard-coded password for decryption which could allow the encrypted passwords to be decrypted from the configuration file...

CVE-2023-0353 CVE-2023-0353

Akuvox E11 uses a weak encryption algorithm for stored passwords and uses a hard-coded password for decryption which could allow the encrypted passwords to be decrypted from the configuration file...

CVE-2023-0353

The connected documentation confirms CVE-2023-0353 affects Akuvox E11. The vulnerability arises from storing passwords with a weak encryption algorithm and decrypting them via a hard-coded key, enabling potential decryption of encrypted passwords from the device configuration. Impact is rated hig...

K000132943: OpenSSL vulnerability CVE-2022-4304

Security Advisory Description A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very lar...

AlmaLinux 9 : gnutls (ALSA-2023:1141)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:1141 advisory. - A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypte...