MiracleLinux 8 : libgcrypt-1.8.5-6.el8 (AXSA:2021-2604:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2604:02 advisory. libgcrypt: mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpipowm CVE-2021-33560 Tenable has...

ROOT-OS-DEBIAN-11-CVE-2021-33560 CVE-2021-33560 in rootio-libgcrypt20 - Patched by Root

Root has patched CVE-2021-33560 in the rootio-libgcrypt20 package for Root:Debian:11. Multiple fixed versions available...

TencentOS Server 3: libgcrypt (TSSA-2022:0207)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0207 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Linux Distros Unpatched Vulnerability : CVE-2021-33560

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpipowm,...

CVE-2024-33560 WordPress XStore theme <= 9.3.8 - Unauthenticated Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in 8theme XStore allows PHP Local File Inclusion.This issue affects XStore: from n/a through 9.3.8...

CVE-2024-33560

CVE-2024-33560 affects 8theme XStore (WordPress theme). The vulnerability is described as an improper limitation of a pathname to a restricted directory, enabling PHP Local File Inclusion (LFI). The issue impacts XStore versions from n/a up to 9.3.8 (per initial doc) and is echoed in multiple CVE...

CVE-2024-33560 WordPress XStore theme <= 9.3.8 - Unauthenticated Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in 8theme XStore allows PHP Local File Inclusion.This issue affects XStore: from n/a through 9.3.8...

WordPress XStore Theme <= 9.3.8 is vulnerable to Local File Inclusion

Software XStore Type Theme Vulnerable versions = 9.3.8 Fixed in 9.3.9 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2024-33560 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 6dff12fe54af Credits Rafie Muhammad Patchstack Required privilege...

BELL-CVE-2021-33560 CVE-2021-33560 does not affect BellSoft software

Bulletin has no description...

CVE-2023-33560

There is a Cross Site Scripting XSS vulnerability in "cid" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3...

CVE-2023-33560

CVE-2023-33560: There is a Cross Site Scripting (XSS) vulnerability in the cid parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3. Affects the vulnerable component and function, enabling client-side script execution due to unsanitized input in cid. Public sources consistently...

NewStart CGSL MAIN 6.02 : libgcrypt Vulnerability (NS-SA-2022-0088)

The remote NewStart CGSL host, running version MAIN 6.02, has libgcrypt packages installed that are affected by a vulnerability: - Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpipowm, and t...

libgcrypt security update

1.8.5-7fips - Add API to provide hash calculation in RSA/DSA/ECDSA signature operations Orabug: 33081130 - Change Epoch from 1 to 10 1.8.5-7 - Fix CVE-2021-33560 2018525...

libgcrypt security update

1.8.5-7 - Fix CVE-2021-33560 2018525...

Medium: libgcrypt

Issue Overview: A side-channel attack flaw was found in the way libgcrypt implemented Elgamal encryption. This flaw allows an attacker to decrypt parts of ciphertext encrypted using Elgamal, for example, when using OpenPGP. The highest threat from this vulnerability is to confidentiality...

Medium: libgcrypt

Issue Overview: A side-channel attack flaw was found in the way libgcrypt implemented Elgamal encryption. This flaw allows an attacker to decrypt parts of ciphertext encrypted using Elgamal, for example, when using OpenPGP. The highest threat from this vulnerability is to confidentiality...

Oracle Linux 8 : libgcrypt (ELSA-2022-9263)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9263 advisory. - Fix for CVE-2021-33560 1971421 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has no...

libgcrypt security update

1.8.5-6fips - Add API to provide hash calculation in RSA/DSA/ECDSA signature operations Orabug: 33081130 - Change Epoch from 1 to 10 1.8.5-6 - Fix for CVE-2021-33560 1971421 - Enable HW optimizations in FIPS 1976137 - Performance enchancements for ChaCha20 and Poly1305 1855231 1.8.5-5 - Performan...

Amazon Linux AMI : libgcrypt (ALAS-2022-1578)

The version of libgcrypt installed on the remote host is prior to 1.5.3-12.20. It is, therefore, affected by a vulnerability as referenced in the ALAS-2022-1578 advisory. A side-channel attack flaw was found in the way libgcrypt implemented Elgamal encryption. This flaw allows an attacker to...

EulerOS 2.0 SP3 : libgcrypt (EulerOS-SA-2022-1173)

According to the versions of the libgcrypt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel atta...