88 matches found
EUVD-2020-3885
Malware in sbrugna...
EUVD-2021-18871
Malware in sbrugna...
CVE-2020-11533
Ivanti Workspace Control before 10.4.30.0, when SCCM integration is enabled, allows local users to obtain sensitive information keying material...
Insecure Randomness
Overview Affected versions of this package are vulnerable to Insecure Randomness. If a TLS 1.3 client gets neither a PSK pre shared key extension nor a KSE key share extension when connecting to a malicious server, a default predictable buffer gets used for the IKM Input Keying Material value whe...
AZL-27649 CVE-2023-3724 affecting package mariadb for versions less than 10.6.9-3.cm2
If a TLS 1.3 client gets neither a PSK pre shared key extension nor a KSE key share extension when connecting to a malicious server, a default predictable buffer gets used for the IKM Input Keying Material value when generating the session master secret. Using a potentially known IKM value when...
DEBIAN-CVE-2023-3724
If a TLS 1.3 client gets neither a PSK pre shared key extension nor a KSE key share extension when connecting to a malicious server, a default predictable buffer gets used for the IKM Input Keying Material value when generating the session master secret. Using a potentially known IKM value when...
Input validation
If a TLS 1.3 client gets neither a PSK pre shared key extension nor a KSE key share extension when connecting to a malicious server, a default predictable buffer gets used for the IKM Input Keying Material value when generating the session master secret. Using a potentially known IKM value when...
UBUNTU-CVE-2023-3724
If a TLS 1.3 client gets neither a PSK pre shared key extension nor a KSE key share extension when connecting to a malicious server, a default predictable buffer gets used for the IKM Input Keying Material value when generating the session master secret. Using a potentially known IKM value when...
CVE-2023-3724 TLS 1.3 client issue handling malicious server when not including a KSE and PSK extension
If a TLS 1.3 client gets neither a PSK pre shared key extension nor a KSE key share extension when connecting to a malicious server, a default predictable buffer gets used for the IKM Input Keying Material value when generating the session master secret. Using a potentially known IKM value when...
CVE-2023-3724
If a TLS 1.3 client gets neither a PSK pre shared key extension nor a KSE key share extension when connecting to a malicious server, a default predictable buffer gets used for the IKM Input Keying Material value when generating the session master secret. Using a potentially known IKM value when...
Security Bulletin: OpenSSL vulnerability in IBM SAN Volume Controller and Lenovo Storwize Family (CVE-2014-0224)
Summary An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle MITM attack where the attacker can decrypt and modify traffic from the attacked client and server. Vulnerability...
Security Bulletin: IBM Initiate Master Data Service, IBM InfoSphere Master Data Management are affected by the following OpenSSL vulnerabilities: (CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 and CVE-2014-0076)
Summary Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project. Vulnerability Details CVE-ID: CVE-2014-0224 DESCRIPTION: OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients an...
OpenSSL Multiple Vulnerabilities (20140605 - 1) - Windows
OpenSSL is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Code injection
K3s in SUSE Rancher allows any user with direct access to the datastore, or a copy of a datastore backup, to extract the cluster's confidential keying material cluster certificate authority private keys, secrets encryption configuration passphrase, etc. and decrypt it, without having to know the...
CVE-2021-32001 K3s/RKE2 bootstrap data is encrypted with empty string if user does not supply a token
K3s in SUSE Rancher allows any user with direct access to the datastore, or a copy of a datastore backup, to extract the cluster's confidential keying material cluster certificate authority private keys, secrets encryption configuration passphrase, etc. and decrypt it, without having to know the...
CVE-2020-11533
Ivanti Workspace Control before 10.4.30.0, when SCCM integration is enabled, allows local users to obtain sensitive information keying material...
CVE-2020-11533
Ivanti Workspace Control before 10.4.30.0, when SCCM integration is enabled, allows local users to obtain sensitive information keying material...
CVE-2020-11533
Ivanti Workspace Control vulnerability CVE-2020-11533: versions prior to 10.4.30.0 with SCCM integration enabled disclose keying material to local users. Impact is sensitive information disclosure; no exploit details are provided in the sources. Remediation: upgrade to 10.4.30.0 or later (as indi...
Security Bulletin: IBM Netezza Platform Software is affected by the following OpenSSL vulnerabilities: CVE-2014-0224
Summary Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project. Vulnerability Details CVE-ID: CVE-2014-0224 DESCRIPTION: OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients an...
Security Bulletin: IBM Flex System Integrated Management Module II (IMM2) is affected by the following OpenSSL vulnerability: CVE-2014-0224
Summary An interface on the IBM BladeCenter Advanced Management Module AMM may expose user account names and passwords that have been configured on that AMM. Vulnerability Details Abstract Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL...