12 matches found
K32553170: OpenSSL vulnerability CVE-2022-3358
Security Advisory Description OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom...
Amazon Linux 2022 : openssl, openssl-devel, openssl-libs (ALAS2022-2022-147)
It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-147 advisory. AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that...
EulerOS 2.0 SP10 : openssl (EulerOS-SA-2022-2432)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properl...
EulerOS 2.0 SP10 : openssl (EulerOS-SA-2022-2419)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properl...
[R1] Nessus Network Monitor 6.1.0 Fixes Multiple Third-party Vulnerabilities
R1 Nessus Network Monitor 6.1.0 Fixes Multiple Third-party Vulnerabilities Arnie Cabral Tue, 09/20/2022 - 13:14 Nessus Network Monitor leverages third-party software to help provide underlying functionality. Several third-party components OpenSSL and moment.js were found to contain vulnerabilitie...
EulerOS 2.0 SP9 : openssl (EulerOS-SA-2022-2300)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properl...
OESA-2022-1833 openssl security update
OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under so...
DEBIAN-CVE-2022-2097
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...
Design/Logic Flaw
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...
CVE-2022-2097 AES OCB fails to encrypt some bytes
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...
CVE-2022-2097
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...
CVE-2022-2097
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...