Oracle Linux 9 : podman (ELSA-2024-2193)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2193 advisory. - Rebuild for following CVEs: CVE-2023-39318 CVE-2023-39319 CVE-2023-39321 CVE-2023-39322 - rebuild for following CVEs: CVE-2023-25173 CVE-2022-41724...

golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges.

A flaw was found in the Golang crypto/tls standard library. In previous versions, the package was vulnerable to a Timing Side Channel attack by observing the time it took for RSA-based TLS key exchanges, which was not constant. This flaw allows a malicious user to gather information from the...

golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges.

A flaw was found in the Golang crypto/tls standard library. In previous versions, the package was vulnerable to a Timing Side Channel attack by observing the time it took for RSA-based TLS key exchanges, which was not constant. This flaw allows a malicious user to gather information from the...

ALSA-2024:2272 Moderate: containernetworking-plugins security update

The Container Network Interface CNI project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to sensitive information exposure in Python Cryptographic Authority [CVE-2023-50782]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to sensitive information exposure in Python Cryptographic Authority cryptography, caused by a flaw when decrypting captured messages in TLS servers that use RSA key exchanges CVE-2023-50782. Python Cryptographic...

Ubuntu 16.04 LTS : python-cryptography vulnerability (USN-6673-2)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6673-2 advisory. USN-6673-1 provided a security update for python-cryptography. This update provides the corresponding update for Ubuntu 16.04 LTS. Tenable has extracted the...

BIT-GOLANG-2023-45287 Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel

Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS1 padding may leak timing...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : python-cryptography vulnerabilities (USN-6673-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6673-1 advisory. Hubert Kario discovered that python-cryptography incorrectly handled errors returned by the OpenSSL API when processing...

RHEL 9 : OpenShift Container Platform 4.15.z (RHSA-2023:7200)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7200 advisory. Red Hat build of MicroShift is Red Hat's light-weight Kubernetes orchestration solution designed for edge device deployments and is built fr...

Python Cryptography package vulnerable to Bleichenbacher timing oracle attack

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...

CVE-2023-50782

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...

CVE-2023-50781

A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...

DEBIAN-CVE-2023-50781

A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...

CVE-2023-50782

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...

Design/Logic Flaw

A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...

UBUNTU-CVE-2023-50781

A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...

CVE-2023-50782

CVE-2023-50782 affects the python-cryptography library across multiple Linux distributions. The underlying issue is a Bleichenbacher timing/PKCS#1 v1.5 RSA decryption handling flaw that could allow a remote attacker to decrypt TLS RSA-exchange messages, potentially exposing confidential data. Aff...

CVE-2023-50782

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...

CVE-2023-50781

A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...

CVE-2023-50782

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. Mitigation Mitigation for this issue is either not available or the...