5 matches found
EUVD-2022-2698
Malicious code in bioql PyPI...
FreeBSD : OpenSSL -- Multiple vulnerabilities (fceb2b08-cb76-11ec-a06f-d4c9ef517024)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the fceb2b08-cb76-11ec-a06f-d4c9ef517024 advisory. - The crehash script does not properly sanitise shell metacharacters to prevent command...
CVE-2022-1434
The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipie...
Design/Logic Flaw
The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipie...
RUSTSEC-2022-0026 Incorrect MAC key used in the RC4-MD5 ciphersuite
The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipie...