EulerOS 2.0 SP10 : python-pycryptodome (EulerOS-SA-2024-1578)

According to the versions of the python-pycryptodome package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack...

EulerOS 2.0 SP10 : python-cryptography (EulerOS-SA-2024-1576)

According to the versions of the python-cryptography package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS...

EulerOS 2.0 SP10 : python-cryptography (EulerOS-SA-2024-1599)

According to the versions of the python-cryptography package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS...

Moderate: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation

A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key...

ALSA-2024:2758 Moderate: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation CVE-2023-6240 CVE-2024-25743 hw: amd: Instruction raise VC exception at exit...

Moderate: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation CVE-2023-6240 CVE-2024-25743 hw: amd: Instruction raise VC exception at exit...

SUSE-SU-2024:1539-1 Security update for bouncycastle

This update for bouncycastle fixes the following issues: Update to version 1.78.1, including fixes for: - CVE-2024-30171: Fixed timing side-channel attacks against RSA decryption both PKCS1v1.5 and OAEP. bsc1223252...

kernel security, bug fix, and enhancement update

An update is available for kernel. This update affects Rocky Linux SIG Cloud 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux...

Oracle Linux 9 : fence-agents (ELSA-2024-2132)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2132 advisory. - bundled urllib3: fix CVE-2023-45803 Resolves: RHEL-18139 - bundled pycryptodome: fix CVE-2023-52323 Resolves: RHEL-20917 - bundled jinja2: fix...

K000139508: rust-openssl vulnerability CVE-2024-3296

Security Advisory Description A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of tria...

CVE-2023-40696

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 264939...

CVE-2020-4874

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190837...

CVE-2020-4874

CVE-2020-4874 affects IBM Cognos Controller: versions 10.4.1, 10.4.2, and 11.0.0 use weaker cryptographic algorithms that could let an attacker decrypt highly sensitive data. Remediation is available via upgrades to: 11.0.1 FP2, 10.4.2 FP3, or 10.4.1 FP1 (as listed by IBM). No exploit details are...

PT-2024-12908 · Ibm · Ibm Cognos Controller

Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 10.4.1 through 11.0.0 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. Recommendations: For...

PT-2024-10853 · Ibm · Ibm Cognos Controller

Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 10.4.1 through 11.0.0 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. Recommendations: For...

jose-go: improper handling of highly compressed data

A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti...

jose-go: improper handling of highly compressed data

A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti...

jose-go: improper handling of highly compressed data

A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti...

CVE-2024-3543

Use of reversible password encryption algorithm allows attackers to decrypt passwords. Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system...