23 matches found
SUSE-SU-2026:20607-1 Security update for openssl-3-livepatches
This update for openssl-3-livepatches fixes the following issues: - CVE-2025-11187: Fixed improper validation of PBMAC1 parameters in PKCS12 MAC verification bsc1256878. - CVE-2025-15467: Fixed stack buffer overflow in CMS AuthEnvelopedData parsing bsc1256876. - CVE-2025-15468: Fixed NULL...
Contrast has insecure LUKS2 persistent storage partitions may be opened and used
Summary A malicious host may provide a crafted LUKS2 volume to a Contrast pod VM that uses the secure persistent volume feature. The guest will open the volume and write secret data using a volume key known to the attacker. LUKS2 volume metadata is a not authenticated and b supports null...
EUVD-2007-4598
Malware in sbrugna...
EUVD-2007-4597
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2022-3358
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0 an...
openssl: Using a Custom Cipher with NID_undef may lead to NULL encryption
A flaw was found in OpenSSL, where it incorrectly handles legacy custom ciphers passed to the EVPEncryptInitex2, EVPDecryptInitex2 and EVPCipherInitex2 functions as well as other similarly named encryption and decryption initialization functions. Instead of using the custom cipher directly, it...
SUSE CVE-2022-3358
OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0...
Metasploit Weekly Wrap-Up
ADCS - ESC Vulnerable certificate template finder Our very own Grant Willcox has developed a new module which allows users to query a LDAP server for vulnerable Active Directory Certificate Services AD CS certificate templates. The module will print the detected certificate details, and the attac...
SSL/TLS Version Detection
Check if a server supports a given version of SSL/TLS and cipher suites. The certificate is stored in loot, and any known vulnerabilities against that SSL version and cipher suite combination are checked. These checks include POODLE, deprecated protocols, expired/not valid certs, low key strength...
CVE-2022-3358 : Using a Custom Cipher with NID_undef may lead to NULL encryption
Security Advisory ID : BSA-2022-2094 Component : OpenSSL Revision : 1.0 OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0, and application authors are instead encouraged to use the new...
ALPINE-CVE-2022-3358
OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0...
SSL/TLS Null Cipher Suites Supported
The remote host supports the use of SSL/TLS ciphers that offer no encryption at all. No source data...
SSL/TLS: Report 'Null' Cipher Suites
This routine reports all SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.108022";...
nss: Null_Cipher() does not respect maxOutputLen (MFSA 2013-103)
Mozilla Network Security Services NSS 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets...
nss: Null_Cipher() does not respect maxOutputLen (MFSA 2013-103)
Mozilla Network Security Services NSS 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets...
nss: Null_Cipher() does not respect maxOutputLen (MFSA 2013-103)
Mozilla Network Security Services NSS 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets...
nss: Null_Cipher() does not respect maxOutputLen (MFSA 2013-103)
Mozilla Network Security Services NSS 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets...
nss: Null_Cipher() does not respect maxOutputLen (MFSA 2013-103)
Mozilla Network Security Services NSS 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets...
Firefox < 25.0.1 NSS and NSPR Multiple Vulnerabilities (Mac OS X)
The installed version of Firefox is a version prior to 25.0.1 and is, therefore, potentially affected by the following vulnerabilities : - An error exists related to handling input greater than half the maximum size of the 'PRUint32' value. CVE-2013-1741 - An error exists in the 'NullCipher'...
Code injection
The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 through SP6, 9.0, 9.1, 9.2 Gold through MP2, and 10.0 sometimes selects the null cipher when others are available, which might allow remote attackers to intercept communications...