273 matches found
Duplicate Advisory: EVE Seals Vault Key With SHA1 PCRs
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wc42-fcjp-v8vq. This link is maintained to preserve external references. Original Description Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism...
PT-2023-28891
Name of the Vulnerable Software and Affected Versions EVE OS affected versions not specified Description The measured boot solution in EVE OS uses a PCR locking mechanism to protect the "vault" directory, which is the most sensitive point in the system. However, the key used to encrypt/decrypt th...
EVE OS Encryption Problem Vulnerability
EVE OS is a general-purpose, open Linux-based operating system for distributed edge computing open-sourced by IF Edge. EVE OS suffers from a security vulnerability that stems from the use of an insecure SHA1 PCR algorithm to seal vault keys, resulting in a reduced complexity of unsealing the keys...
Cleartext Signed Message Signature Spoofing in openpgp
Impact OpenPGP Cleartext Signed Messages are cryptographically signed messages where the signed text is readable without special tools: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 This text is signed. -----BEGIN PGP SIGNATURE----- wnUEARMIACcFgmTkrNAJkInXCgj0fgcIFiEE1JlKzzDGQxZmmHkYidcKCPR+...
CVE-2023-41037 Cleartext Signed Message Signature Spoofing in openpgpjs
OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In affected versions OpenPGP Cleartext Signed Messages are cryptographically signed messages where the signed text is readable without special tools. These messages typically contain a "Hash: ..." header declaring the hash algorit...
CVE-2023-34433
PiiGAB M-Bus stores passwords using a weak hash algorithm...
CVE-2023-34433 PiiGAB M-Bus Use of Password Hash With Insufficient Computational Effort
PiiGAB M-Bus stores passwords using a weak hash algorithm...
CVE-2023-34433
PiiGAB M-Bus stores passwords using a weak hash algorithm (CVE-2023-34433). Affected product area: M-Bus SoftwarePack 900S. Root cause: password storage using an insufficient computational hash. Impact is substantial (confidentiality, integrity, and availability concerns) per documented CVSS vect...
PT-2023-24875 · Unknown · Piigab M-Bus
Name of the Vulnerable Software and Affected Versions: PiiGAB M-Bus affected versions not specified Description: The issue concerns the use of a weak hash algorithm for storing passwords. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...
Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM Integrated Management Module II (IMM2) for BladeCenter, System x and FLEX Systems (CVE-2015-7575)
Summary The MD5 "SLOTH" vulnerability on TLS 1.2 affects IBM Integrated Management Module II IMM2 for BladeCenter, System x, and FLEX Systems. Vulnerability Details Summary The MD5 "SLOTH" vulnerability on TLS 1.2 affects IBM Integrated Management Module II IMM2 for BladeCenter, System x, and FLE...
VulnCheck KEV: CVE-2021-27877
Veritas Backup Exec BE Agent contains an improper authentication vulnerability that could allow an attacker unauthorized access to the BE Agent via SHA authentication scheme...
openssl: NULL dereference during PKCS7 data verification
A NULL pointer vulnerability was found in OpenSSL, which can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not...
SUSE CVE-2006-7239
The gnutlsx509oid2macalgorithm function in lib/gnutlsalgorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service crash via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference...
SUSE CVE-2021-45696
An issue was discovered in the sha2 crate 0.9.7 before 0.9.8 for Rust. Hashes of long messages may be incorrect when the AVX2-accelerated backend is used...
SUSE CVE-2022-39237
syslabs/sif is the Singularity Image Format SIF reference implementation. In versions prior to 2.8.1the github.com/sylabs/sif/v2/pkg/integrity package did not verify that the hash algorithms used are cryptographically secure when verifying digital signatures. A patch is available in version =...
SUSE CVE-2023-0401
A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail...
K000132537: OpenSSL vulnerabilities CVE-2022-4203, CVE-2023-0216, CVE-2023-0217, and CVE-2023-0401
Security Advisory Description CVE-2022-4203 A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or...
openssl-src contains `NULL` dereference during PKCS7 data verification
A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail...
GHSA-VRH7-X64V-7VXQ openssl-src contains `NULL` dereference during PKCS7 data verification
A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail...
ALPINE-CVE-2023-0401
A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail...