Lucene search
+L

31 matches found

nessus
nessus
added 2023/08/01 12:0 a.m.12 views

RHEL 8 : mod_auth_openidc:2.3 (RHSA-2023:4418)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4418 advisory. The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connec...

8.6CVSS7.5AI score0.0071EPSS
Exploits1References4
osv
osv
added 2023/07/14 9:15 p.m.5 views

UBUNTU-CVE-2023-37464

OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug...

8.6CVSS5.8AI score0.0071EPSS
Exploits1References8
cvelist
cvelist
added 2023/07/14 8:25 p.m.26 views

CVE-2023-37464 Incorrect Authentication Tag length usage in AES GCM decryption in OpenIDC/cjose

OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug...

8.6CVSS8AI score0.0071EPSS
Exploits1References9
cnnvd
cnnvd
added 2023/07/14 12:0 a.m.7 views

cjose 加密问题漏洞

Cisco cjose is a C library from Cisco that implements Javascript Object Signing and Encryption JOSE. A cryptographic issue vulnerability exists in cjose that stems from the AES GCM decryption routines incorrectly using the length of the tag in the actual authentication tag provided in JWE...

8.6CVSS7.4AI score0.0071EPSS
Exploits1References14
cnnvd
cnnvd
added 2020/12/01 12:0 a.m.10 views

Valvesoftware GameNetworkingSockets Buffer Error Vulnerability

Valvesoftware GameNetworkingSockets is a transport layer support software for games to pass data from Valvesoftware USA. A security vulnerability exists in Valve Game Networking Sockets versions prior to 1.2.0, which stems from the incorrect handling of long encrypted messages in...

9.8CVSS7.9AI score0.031EPSS
Exploits1References3
oraclelinux
oraclelinux
added 2015/07/28 12:0 a.m.49 views

wireshark security, bug fix, and enhancement update

1.8.10-17.0.2 - Fix ocfs2 dissector John Haxby orabug 21505640 1.8.10-17.0.1.el6 - Add oracle-ocfs2-network.patch to allow disassembly of OCFS2 interconnect 1.8.10-17 - security patches - Resolves: CVE-2015-2189 CVE-2015-2191 1.8.10-16 - security patches - Resolves: CVE-2014-8710 CVE-2014-8711...

5CVSS0.3AI score0.046EPSS
Exploits0
redhat
redhat
added 2015/06/30 1:58 p.m.5 views

Kernel: crypto: buffer overruns in RFC4106 implementation using AESNI

A buffer overflow flaw was found in the way the Linux kernel's Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use this flaw to crash, or potentially escalate their privileges on, a system over a...

9.3CVSS6.8AI score0.10108EPSS
Exploits0References4
nessus
nessus
added 2015/06/10 12:0 a.m.82 views

Oracle Linux 6 : kernel (ELSA-2015-1081)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-1081 advisory. - fs pipe: fix pipe corruption and iovec overrun on partial copy Seth Jennings 1202860 1185166 CVE-2015-1805 - x86 crypto: aesni - fix memory usage in...

9.3CVSS7.3AI score0.10108EPSS
Exploits4References7
nessus
nessus
added 2015/05/15 12:0 a.m.34 views

OracleVM 3.3 : kernel-uek (OVMSA-2015-0060)

The remote OracleVM system is missing necessary patches to address critical security updates : - crypto: aesni - fix memory usage in GCM decryption Stephan Mueller Orabug: 21077385 CVE-2015-3331 - xen/pciback: Don't disable PCICOMMAND on PCI device reset. Konrad Rzeszutek Wilk Orabug: 20807438...

9.3CVSS6.8AI score0.10108EPSS
Exploits0References8
oraclelinux
oraclelinux
added 2015/05/13 12:0 a.m.86 views

Unbreakable Enterprise kernel security and bugfix update

2.6.39-400.250.2 - crypto: aesni - fix memory usage in GCM decryption Stephan Mueller Orabug: 21077389 CVE-2015-3331 2.6.39-400.250.1 - xen/pciback: Don't disable PCICOMMAND on PCI device reset. Konrad Rzeszutek Wilk Orabug: 20807440 CVE-2015-2150 - xen-blkfront: fix accounting of reqs when...

10CVSS7.3AI score0.10108EPSS
Exploits0
oraclelinux
oraclelinux
added 2015/05/13 12:0 a.m.61 views

Unbreakable Enterprise kernel security and bugfix update

kernel-uek 3.8.13-68.2.2 - crypto: aesni - fix memory usage in GCM decryption Stephan Mueller Orabug: 21077385 CVE-2015-3331 3.8.13-68.2.1 - xen/pciback: Don't disable PCICOMMAND on PCI device reset. Konrad Rzeszutek Wilk Orabug: 20807438 CVE-2015-2150 - xen-blkfront: fix accounting of reqs when...

9.3CVSS0.6AI score0.10108EPSS
Exploits0
Rows per page
Query Builder