Akuvox E11 安全特征问题漏洞

Akuvox E11 is a SIP visual doorbell from Akuvox designed for villas, houses and apartments. A security vulnerability exists in Akuvox E11 that stems from the inclusion of a feature that encrypts a message and then forwards it.The IV vector and key are static, which could allow an attacker to...

SUSE SLES12: libopenssl-devel / libopenssl1_0_0 / libopenssl1_0_0-32bit / etc (SUSE-SU-2023:0684-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0684-1 advisory. - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GeneralNameFixed bsc1207533. - CVE-2023-0215: Fixed a use-after-free following...

SUSE-SU-2023:0684-1 Security update for openssl

This update for openssl fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GeneralNameFixed bsc1207533. - CVE-2023-0215: Fixed a use-after-free following BIOnewNDEF bsc1207536. - CVE-2022-4304: Fixed a timing oracle in RSA decryption bsc1207534. The following...

SUSE CVE-2023-1017

An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service crashing the TPM chip/process ...

RHEL 9 : gnutls (RHSA-2023:1141)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1141 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS...

Rocky Linux 9 : gnutls (RLSA-2023:1141)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:1141 advisory. - A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key...

Debian: Security Advisory (DLA-198-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Aspera faspio Gateway 1.3.2 has addressed multiple openssl vulnerabilities (CVE-2023-0401, CVE-2022-4203, CVE-2022-4304, CVE-2023-0216, CVE-2023-0215, CVE-2022-4450, CVE-2023-0217, CVE-2023-0286)

Summary This Security Bulletin addresses security vulnerabilities that have been remediated in IBM Aspera faspio Gateway 1.3.2. Vulnerability Details CVEID:CVE-2023-0401 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference during PKCS7 data verification....

gnutls: timing side-channel in the TLS RSA key exchange code

A timing side-channel vulnerability was found in RSA ClientKeyExchange messages in GnuTLS. This side-channel may be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, the attacker would need to send ...

Tenable SecurityCenter <= 5.23.1 Multiple Vulnerabilities (TNS-2023-08)

According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is running a version between 5.21.0 and 5.23.1 and is therefore affected by multiple vulnerabilities in OpenSSL prior to version 1.1.1t: - A timing based side channel exists in the OpenSSL...

The vulnerability of the CryptParameterDecryption function in the microprogramming software of the Trusted Platform Module (TPM) allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the CryptParameterDecryption function in the microprogramming system of the Trusted Platform Module TPM processor lies in the reading of data outside the buffer in memory. Exploiting this vulnerability can allow an intruder to gain unauthorized access to the protected...

Fedora 36 : edk2 (2023-e821b64a4c)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-e821b64a4c advisory. add sub-package with xen build resolves: rhbz2170730 ---- update openssl CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304. ---- cherry-pic...

Authorization

An issue discovered in com.samourai.wallet.PinEntryActivity.java in Streetside Samourai Wallet 0.99.96i allows attackers to view sensitive information and decrypt data via a brute force attack that uses a recovered samourai.dat file. The PIN is 5 to 8 digits, which may be insufficient in this...

CVE-2021-36689

An issue discovered in com.samourai.wallet.PinEntryActivity.java in Streetside Samourai Wallet 0.99.96i allows attackers to view sensitive information and decrypt data via a brute force attack that uses a recovered samourai.dat file. The PIN is 5 to 8 digits, which may be insufficient in this...

SUSE SLES15 Security Update : python-cryptography, python-cryptography-vectors (SUSE-SU-2023:0604-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0604-1 advisory. - Update in SLE-15 bsc1199282, jscPM-3243, jscSLE-24629 - CVE-2020-36242: Fixed a bug where certain sequences of update calls could...

CVE-2021-36689

The vulnerability CVE-2021-36689 affects Streetside Samourai Wallet for Android (version 0.99.96i). It involves com.samourai.wallet.PinEntryActivity.java, where a brute-force attack using a recovered samourai.dat file can allow an attacker to view sensitive information and decrypt data. The PIN l...

SUSE-SU-2023:0584-1 Security update for openssl

This update for openssl fixes the following issues: - CVE-2022-4304: Fixed timing Oracle in RSA Decryption bsc1207534...

openssl security update

3.0.1-47.0.1 - Replace upstream references Orabug: 34340177 1:3.0.1-47 - Fixed X.509 Name Constraints Read Buffer Overflow Resolves: CVE-2022-4203 - Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed Double free after calling PEMreadbioex Resolves: CVE-2022-4450 - Fixed...

SUSE SLES12 Security Update : compat-openssl098 (SUSE-SU-2023:0581-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0581-1 advisory. - CVE-2022-4304: Fixed timing Oracle in RSA Decryption bsc1207534. Tenable has extracted the preceding description block directly from the...

DEBIAN-CVE-2023-1017

An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service crashing the TPM chip/process ...