Libgcrypt 1.12.2

Libgcrypt is a general-purpose cryptographic library based on the code from GnuPG. It provides functions for all cryptographic building blocks: symmetric ciphers AES, DES, Blowfish, CAST5, Twofish, and Arcfour, hash algorithms MD4, MD5, RIPE-MD160, SHA-1, and TIGER-192, MACs HMAC for all hash...

CVE-2026-21444

CVE-2026-21444 affects libtpms when integrated with OpenSSL 3.x, with vulnerable versions 0.10.0 and 0.10.1. The issue is that the library returns the initial IV instead of the last IV for certain symmetric ciphers, weakening confidentiality. Affected deployments using OpenSSL 3.x are at risk of ...

CVE-2026-21444 libtpms returns wrong initialization vector when certain symmetric ciphers are used

libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used...

CVE-2026-21444

libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used...

Key Length-Oriented Classification of Lightweight Cryptographic Algorithms for IoT Security

The successful deployment of the Internet of Things IoT applications relies heavily on their robust security, and lightweight cryptography is considered an emerging solution in this context. While existing surveys have been examining lightweight cryptographic techniques from the perspective of...

Linux Distros Unpatched Vulnerability : CVE-2023-5363

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during...

OESA-2025-1192 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during th...

CBL Mariner 2.0 Security Update: cloud-hypervisor-cvm / hvloader / nodejs18 (CVE-2023-5363)

The version of cloud-hypervisor-cvm / hvloader / nodejs18 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-5363 advisory. - Issue summary: A bug has been identified in the processing of key and...

Unspecified Vulnerability in Siemens SIMATIC RTLS Locating Manager (CNVD-2024-23114)

SIMATIC RTLS Locating Manager is used to configure, operate and maintain the SIMATIC RTLS unit, a real-time wireless positioning system that provides locating solutions. A security vulnerability exists in Siemens SIMATIC RTLS Locating Manager due to the affected system's use of symmetric ciphers...

RHEL 8 : libtpms (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - libtpms: out-of-bounds access when trying to resume the state of the vTPM CVE-2021-3623 - A flaw was foun...

Security Bulletin: AIX is vulnerable to a denial of service (CVE-2023-5678, CVE-2023-6129, CVE-2023-6237) and an attacker may obtain sensitive information (CVE-2023-5363) due to OpenSSL

Summary Vulnerabilities in OpenSSL could allow a remote attacker to cause a denial of service CVE-2023-5678, CVE-2023-6129, CVE-2023-6237 or obtain sensitive information CVE-2023-5363. OpenSSL is used by AIX as part of AIX's secure network communications. Vulnerability Details CVEID:CVE-2023-5363...

RHEL 9 : openssl (RHSA-2024:0500)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0500 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

Oracle Linux 9 : openssl (ELSA-2024-0310)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-0310 advisory. - AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries CVE-2023-2975 Resolves: RHEL-5302 - Excessive time spent...

AlmaLinux 9 : openssl (ALSA-2024:0310)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:0310 advisory. - Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during...

RHEL 9 : openssl (RHSA-2024:0310)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0310 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attacker due to OpenSSL. (CVE-2023-5363)

Summary IBM App Connect Enterprise is vulnerable to a remote attacker due to OpenSSL in Node.js. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-5363 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information,...

K000138177: OpenSSL vulnerability CVE-2023-5363

Security Advisory Description Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in...

Security Bulletin: IBM MQ is affected by OpenSSL vulnerability (CVE-2023-5363)

Summary IBM MQ is vulnerable to an OpenSSL vulnerability CVE-2023-5363 during initialization of some symmetric ciphers. Vulnerability Details CVEID:CVE-2023-5363 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an incorrect cipher key and IV length...

Amazon Linux 2023 : openssl, openssl-devel, openssl-libs (ALAS2023-2023-406)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-406 advisory. A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. A truncati...

CVE-2023-5363

Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in...