Lucene search
K

188 matches found

RedHat Linux
RedHat Linux
added 2024/07/08 1:23 p.m.7 views

golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey​ and ctx​. That functi...

7.5CVSS7.2AI score0.01533EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2024/07/03 12:0 a.m.24 views

CBL Mariner 2.0 Security Update: kata-containers-cc / hvloader / kata-containers / nodejs18 (CVE-2023-4807)

The version of kata-containers-cc / hvloader / kata-containers / nodejs18 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-4807 advisory. - Issue summary: The POLY1305 MAC message authentication co...

7.8CVSS6.9AI score0.00862EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2024/05/14 3:8 p.m.5 views

CVE-2023-26306

iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of message...

5.9AI score0.01107EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2024/05/14 7:0 a.m.7 views

iPerf3 before 3.17 when used with OpenSSL before 3.2.0 as a server with RSA authentication allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.

...

5.9CVSS6.2AI score0.01107EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/04/30 10:36 a.m.5 views

openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow

A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service...

5.3CVSS7AI score0.04459EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2024/04/29 12:0 a.m.56 views

Palo Alto Cortex XDR Agent 6.1.x / 7.4.x / 7.5.x / 7.5.x-CE / 7.6.x / 7.7.x DoS

The version of Palo Alto Cortex XDR Agent installed on the remote Windows host is 6.1.x prior to 6.1.9.61370, 7.4.x, 7.5.x prior to 7.5.3.60113, 7.5.x-CE prior to 7.5.100.60642-CE, 7.6.x prior to 7.6.2.60545 or 7.7.x prior to 7.7.0.60725. It is, therefore, affected by a denial of service DoS...

7.5CVSS7AI score0.70561EPSS
Exploits2References2
RedHat Linux
RedHat Linux
added 2024/04/03 4:5 p.m.7 views

golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey​ and ctx​. That functi...

7.5CVSS7.2AI score0.01533EPSS
Exploits0References9
Rapid7 Blog
Rapid7 Blog
added 2024/04/03 1:0 p.m.42 views

CVE-2024-0394: Rapid7 Minerva Armor Privilege Escalation (FIXED)

Rapid7 is disclosing CVE-2024-0394, a privilege escalation vulnerability in Rapid7 Minerva’s Armor product family. Minerva uses the open-source OpenSSL library for cryptographic functions and to support secure communications. The root cause of this vulnerability is Minerva’s implementation of...

4.3CVSS8.1AI score0.00234EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/03/25 8:26 p.m.8 views

golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey​ and ctx​. That functi...

7.5CVSS7.2AI score0.01533EPSS
Exploits0References9
BDU FSTEC
BDU FSTEC
added 2024/02/16 12:0 a.m.5 views

The vulnerabilities of the functions PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes(), and PKCS12_newpass() in the OpenSSL library allow a attacker to cause a service failure.

The vulnerabilities of the functions PKCS12parse, PKCS12unpackp7data, PKCS12unpackp7encdata, PKCS12unpackauthsafes, and PKCS12newpass in the OpenSSL library are related to pointer arithmetic errors. Exploiting these vulnerabilities could allow an attacker to cause a service failure...

5.5CVSS6.5AI score0.03174EPSS
Exploits0References23Affected Software8
BDU FSTEC
BDU FSTEC
added 2023/11/13 12:0 a.m.5 views

Vulnerability of the functions EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2(), and EVP_CipherInit_ex2() of the OpenSSL cryptographic library, which allows a perpetrator to gain unauthorized access to protected information

The vulnerabilities of the functions EVPEncryptInitex2, EVPDecryptInitex2, and EVPCipherInitex2 in the OpenSSL cryptographic library are related to the absence of necessary encryption steps. Exploiting these vulnerabilities can allow a remote attacker to gain unauthorized access to protected...

7.8CVSS6.7AI score0.03332EPSS
Exploits0References17Affected Software7
CNNVD
CNNVD
added 2023/11/11 12:0 a.m.6 views

OpenVPN Security Vulnerabilities

OpenVPN is a software package for creating encrypted tunnels for Virtual Private Networks VPNs from US-based OpenVPN, which uses the OpenSSL library to encrypt data and control information, and allows created VPNs to be authenticated using a public key, an electronic certificate, or a...

9.8CVSS6.8AI score0.01982EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.30 views

Rocky Linux 8 : compat-openssl10 (RLSA-2022:5326)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:5326 advisory. - The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function i...

7.5CVSS6.8AI score0.70561EPSS
Exploits2References3
OSV
OSV
added 2023/09/08 12:15 p.m.6 views

AZL-78585 CVE-2023-4807 affecting package openssl-fips-provider 3.1.2-1

Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X8664 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses...

7.8CVSS6.8AI score0.00862EPSS
Exploits0References1
OSV
OSV
added 2023/09/08 12:15 p.m.11 views

AZL-39646 CVE-2023-4807 affecting package kata-containers for versions less than 3.2.0.azl1-1

Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X8664 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses...

7.8CVSS6.8AI score0.00862EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/08/29 12:0 a.m.5 views

The vulnerability of the AES-SIV encryption algorithm in the OpenSSL library allows a hacker to bypass the authentication process.

The vulnerability of the AES-SIV encryption algorithm in the OpenSSL library is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to bypass the authentication process remotely...

5.3CVSS6.6AI score0.00525EPSS
Exploits0References14Affected Software11
SUSE CVE
SUSE CVE
added 2023/07/19 11:23 p.m.2 views

SUSE CVE-2023-3446

Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHcheck, DHcheckex or EVPPKEYparamcheck to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been...

5.3CVSS6.8AI score0.05533EPSS
Exploits0References94
SUSE CVE
SUSE CVE
added 2023/05/12 2:21 a.m.2 views

SUSE CVE-2022-43507

Improper buffer restrictions in the IntelR QAT Engine for OpenSSL before version 0.6.16 may allow a privileged user to potentially enable escalation of privilege via network access...

6.4CVSS7.4AI score0.00611EPSS
Exploits0References4
Veeam
Veeam
added 2023/05/04 12:0 a.m.23 views

Release Information for Veeam Backup for Google Cloud 4 Patch 1

Requirements Before installing this patch, please confirm that you are running Veeam Backup for Google Cloud 4 build 4.0.0.1072. You can check your build number under Configuration | Support Information | About | Server version by clicking the gear icon at the top-right corner of the main menu in...

6.8AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/04/26 12:0 a.m.9 views

The vulnerabilities of encryption algorithms such as PKCS#1 v1.5, RSA-OEAP, and RSASVE in the OpenSSL cryptographic library allow attackers to execute the Bleichenbacher attack.

The vulnerability of encryption algorithms such as PKCS1 v1.5, RSA-OEAP, and RASSEV in the OpenSSL cryptographic library is related to the creation of a secondary synchronization channel due to time differences. Exploiting this vulnerability can allow an attacker operating remotely to execute a...

5.9CVSS7.1AI score0.16195EPSS
Exploits0References15Affected Software22
Rows per page
Query Builder