652 matches found
EulerOS 2.0 SP12 : shim (EulerOS-SA-2025-2027)
According to the versions of the shim package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in ...
EulerOS 2.0 SP12 : shim (EulerOS-SA-2025-2058)
According to the versions of the shim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in...
Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2025-2027)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2025-2058)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2025-2114)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CLSA-2025-1756961235 nss: Fix of CVE-2023-5388
CVE-2023-5388: fix timing attack against RSA decryption in TLS r=jschanck...
SUSE-SU-2025:02752-1 Security update for libgcrypt
This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts bsc1221107...
GLSA-202508-04 : Mozilla Network Security Service (NSS): TLS RSA decryption timing attack
The remote host is affected by the vulnerability described in GLSA-202508-04 Mozilla Network Security Service NSS: TLS RSA decryption timing attack A vulnerability has been discovered in Mozilla Network Security Service NSS. Please review the CVE identifier referenced below for details. Tenable h...
Security update for libgcrypt
This update for libgcrypt fixes the following issues: CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts bsc1221107. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...
Security update for libgcrypt
This update for libgcrypt fixes the following issues: CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts bsc1221107. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...
Medium: python-cryptography
Issue Overview: python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS1 v1.5 ciphertext. CVE-2020-25659 Affected Packages: python-cryptography Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Vis...
Amazon Linux 2 : python-cryptography (ALAS-2025-2930)
It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2930 advisory. python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS1 v1.5 ciphertext. CVE-2020-25659 Tenable has extracted the preceding...
TencentOS Server 3: openssl (TSSA-2023:0021)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0021 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
CVE-2024-45414
The HTTPD binary in multiple ZTE routers has a stack-based buffer overflow vulnerability in webPrivateDecrypt function. This function is responsible for decrypting RSA encrypted ciphertext, the encrypted data is supplied base64 encoded. The decoded ciphertext is stored on the stack without checki...
CVE-2023-32342
IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IB...
CVE-2023-33850
IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive...
Security Bulletin: IBM Maximo Application Suite uses "bcprov-jdk18on-1.75.jar" which is vulnerable to CVE-2024-30171
Summary IBM Maximo Application Suite uses "bcprov-jdk18on-1.75.jar" which is vulnerable to CVE-2024-30171. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-30171 DESCRIPTION: The Bouncy Castle Crypto Package For Java could allow ...
Linux Distros Unpatched Vulnerability : CVE-2024-0914
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could...
Linux Distros Unpatched Vulnerability : CVE-2023-6240
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt...
Linux Distros Unpatched Vulnerability : CVE-2022-4304
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a...