Lucene search
+L

200 matches found

Tenable Nessus
Tenable Nessus
added 2020/07/01 12:0 a.m.32 views

EulerOS Virtualization 3.0.6.0 : nss (EulerOS-SA-2020-1718)

According to the version of the nss packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a...

5.9CVSS6.6AI score0.44398EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/06/17 12:0 a.m.237 views

EulerOS 2.0 SP2 : nss-softokn (EulerOS-SA-2020-1651)

According to the versions of the nss-softokn packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through...

5.9CVSS6AI score0.44398EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2020/04/28 3:52 p.m.5 views

openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...

4.3CVSS6.6AI score0.03838EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2020/04/07 11:9 a.m.38 views

CVE-2018-12404

A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack AKA Bleichenbacher attack and affects all NSS versions prior to NSS 3.41...

5.9CVSS4.4AI score0.44398EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2020/04/06 7:9 p.m.4 views

openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...

4.3CVSS6.6AI score0.03838EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2020/03/20 12:0 a.m.44 views

EulerOS Virtualization 3.0.2.2 : openssl (EulerOS-SA-2020-1274)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker,...

4.7CVSS6.7AI score0.03838EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/03/19 12:0 a.m.65 views

Amazon Linux AMI : nss, nss-softokn, nss-util, nspr (ALAS-2020-1355)

The version of nspr installed on the remote host is prior to 4.21.0-1.43. The version of nss installed on the remote host is prior to 3.44.0-7.84. The version of nss-softokn installed on the remote host is prior to 3.44.0-8.44. The version of nss-util installed on the remote host is prior to...

8.8CVSS7.8AI score0.44398EPSS
Exploits1References9
Amazon
Amazon
added 2020/03/16 12:0 a.m.87 views

Important: nss, nss-softokn, nss-util, nspr

Issue Overview: A heap-based buffer overflow was found in the NSCEncryptUpdate function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application compiled with nss. While the...

8.8CVSS7.8AI score0.44398EPSS
Exploits1
OpenVAS
OpenVAS
added 2020/03/13 12:0 a.m.39 views

Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2020-1214)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.4AI score0.44398EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/03/13 12:0 a.m.24 views

EulerOS Virtualization for ARM 64 3.0.2.0 : nss (EulerOS-SA-2020-1214)

According to the version of the nss packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. Thi...

5.9CVSS6.4AI score0.44398EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/03/13 12:0 a.m.37 views

EulerOS Virtualization for ARM 64 3.0.2.0 : nss-softokn (EulerOS-SA-2020-1252)

According to the versions of the nss-softokn packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted...

5.9CVSS6AI score0.44398EPSS
Exploits1References3
Amazon
Amazon
added 2020/02/17 12:0 a.m.43 views

Low: openssl

Issue Overview: In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message tha...

4.3CVSS6.8AI score0.03838EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2020/01/29 4:35 p.m.42 views

Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability (CVE-2018-12404)

Summary IBM has announced a release for IBM Security Identity Governance and Intelligence IGI in response to security vulnerability. A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen...

5.9CVSS1.7AI score0.44398EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.33 views

Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2019-2174)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.4AI score0.44398EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.33 views

Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2019-2467)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.4AI score0.44398EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.32 views

Huawei EulerOS: Security Advisory for nss-softokn (EulerOS-SA-2019-1979)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.4AI score0.44398EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/12/31 12:0 a.m.104 views

NewStart CGSL CORE 5.05 / MAIN 5.05 : nss Multiple Vulnerabilities (NS-SA-2019-0236)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has nss packages installed that are affected by multiple vulnerabilities: - Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of...

5.9CVSS5.9AI score0.44398EPSS
Exploits1References3
Mageia
Mageia
added 2019/12/06 2:15 p.m.60 views

Updated openssl packages fix security vulnerabilities

The updated packages fix security vulnerabilities: ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value IV should be 96 bits 12 bytes. OpenSSL allows a variable nonce length and front pads the nonce with 0...

7.4CVSS0.6AI score0.05701EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2019/12/04 12:0 a.m.44 views

EulerOS 2.0 SP2 : nss (EulerOS-SA-2019-2467)

According to the version of the nss packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the...

5.9CVSS6.6AI score0.44398EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/12/04 12:0 a.m.27 views

EulerOS 2.0 SP2 : openssl110f (EulerOS-SA-2019-2430)

According to the versions of the openssl110f packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in th...

5.9CVSS7.1AI score0.12154EPSS
Exploits4References5
Rows per page
Query Builder