12 matches found
MiracleLinux 9 : openssl-3.0.7-6.el9 (AXSA:2023-5373:04)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5373:04 advisory. openssl: Using a Custom Cipher with NIDundef may lead to NULL encryption CVE-2022-3358 Tenable has extracted the preceding description block directly from th...
EUVD-2020-19062
Malware in sbrugna...
Low: openssl security and bug fix update
OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: Using a Custom Cipher with NIDundef may lead to NULL encryption CVE-2022-3358 For more details...
CVE-2022-3358 : Using a Custom Cipher with NID_undef may lead to NULL encryption
OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0, and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions...
FreeBSD : OpenSSL -- Potential NULL encryption in NID_undef with Custom Cipher (7392e1e3-4eb9-11ed-856e-d4c9ef517024)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 7392e1e3-4eb9-11ed-856e-d4c9ef517024 advisory. - OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated...
OpenSSL: Using a Custom Cipher with NID_undef may lead to NULL encryption (CVE-2022-3358) - Windows
OpenSSL is prone to an information disclosure vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...
OpenSSL: Using a Custom Cipher with NID_undef may lead to NULL encryption (CVE-2022-3358) - Linux
OpenSSL is prone to an information disclosure vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...
Using a Custom Cipher with `NID_undef` may lead to NULL encryption
OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0...
OpenSSL -- Potential NULL encryption in NID_undef with Custom Cipher
The OpenSSL project reports: Using a Custom Cipher with NIDundef may lead to NULL encryption low...
CVE-2020-26515
An insufficiently protected credentials issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The remember-me cookie CBLOGIN issued by the application contains the encrypted user's credentials. However, due to a bug in the application code, those credentials are encrypted using a...
Code injection
An insufficiently protected credentials issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The remember-me cookie CBLOGIN issued by the application contains the encrypted user's credentials. However, due to a bug in the application code, those credentials are encrypted using a...
PT-2021-11241 · Intland · Codebeamer Alm
Name of the Vulnerable Software and Affected Versions: Intland codeBeamer ALM versions 10.x through 10.1.SP4 Description: An issue with insufficiently protected credentials was found. The CB LOGIN remember-me cookie contains encrypted user credentials, but due to a bug, these credentials are...