Lucene search
K

198 matches found

OSV
OSV
added 2024/03/25 12:0 a.m.18 views

ALSA-2024:1502 Important: grafana-pcp security update

grafana-pcp is an open source Grafana plugin for PCP. Security Fixes: grafana-pcp: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394...

7.5CVSS8AI score0.01533EPSS
Exploits0References4
OSV
OSV
added 2024/03/25 12:0 a.m.17 views

ALSA-2024:1501 Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394...

7.5CVSS8AI score0.01533EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/03/22 12:0 a.m.21 views

Oracle Linux 8 : go-toolset:ol8 (ELSA-2024-1472)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1472 advisory. - Fix CVE-2024-1394 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not tested for...

7.5CVSS8.1AI score0.01533EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/03/21 12:17 p.m.6 views

golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey​ and ctx​. That functi...

7.5CVSS7.2AI score0.01533EPSS
Exploits0References9
Cvelist
Cvelist
added 2024/03/21 12:16 p.m.41 views

CVE-2024-1394 Golang-fips/openssl: memory leaks in code encrypting and decrypting rsa payloads

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey​ and ctx​. That functi...

7.5CVSS7.6AI score0.01533EPSS
Exploits0References46
RedHat Linux
RedHat Linux
added 2024/03/21 8:17 a.m.34 views

Important: Red Hat Security Advisory: golang security update

An update for golang is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.5CVSS7.2AI score0.01533EPSS
Exploits0References1
OSV
OSV
added 2024/03/21 12:0 a.m.35 views

ALSA-2024:1462 Important: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: golang: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394...

7.5CVSS7.9AI score0.01533EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2024/03/21 12:0 a.m.35 views

Important: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: golang: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394...

7.5CVSS7.5AI score0.01533EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/03/20 6:10 p.m.27 views

Memory leaks in code encrypting and verifying RSA payloads

Using crafted public RSA keys which are not compliant with SP 800-56B can cause a small memory leak when encrypting and verifying payloads. An attacker can leverage this flaw to gradually erode available memory to the point where the host crashes for lack of resources. Upon restart the attacker...

7.5CVSS6.2AI score0.01533EPSS
Exploits0References49Affected Software4
Veracode
Veracode
added 2024/02/06 12:16 p.m.25 views

Timing Attack

Cryptography is vulnerable to a Timing Attack. This vulnerability is due to the predictable structure of padding in ciphertexts during RSA encryption. This flaw enables an attacker to distinguish between different types of padding errors, potentially leading to the decryption of captured messages...

7.5CVSS6.8AI score0.01118EPSS
Exploits0References4Affected Software1
The Hacker News
The Hacker News
added 2024/01/30 8:43 a.m.44 views

New ZLoader Malware Variant Surfaces with 64-bit Windows Compatibility

Threat hunters have identified a new campaign that delivers the ZLoader malware, resurfacing nearly two years after the botnet's infrastructure was dismantled in April 2022. A new variant of the malware is said to have been in development since September 2023, Zscaler ThreatLabz said in an analys...

7.2AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/01/25 12:0 a.m.7 views

The vulnerability of the transport-layer cryptographic library GnuTLS, related to differences in response times when processing RSA encryption text in the ClientKeyExchange message, with both correct and incorrect PKCS#1 additional fields, allows attackers to gain unauthorized access to protected information.

The vulnerability of the transport-layer cryptographic library GnuTLS is related to differences in response times when processing RSA encryption text in the ClientKeyExchange message, with both correct and incorrect PKCS1 additional fields. Exploiting this vulnerability could allow a remote...

7.8CVSS6.7AI score0.01614EPSS
Exploits1References13Affected Software6
Veracode
Veracode
added 2024/01/08 6:30 a.m.31 views

Information Leak

pycryptodome and pycryptodomex are vulnerable to Information Leakage. The vulnerability is caused due to a side-channel leakage for OAEP decryption Optimal Asymmetric Encryption Padding used during RSA encryption. This can be exploited to mount a Manger attack leading to Information Leakage throu...

5.9CVSS7AI score0.00618EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2023/10/25 2:13 p.m.26 views

CVE-2023-41372

The vulnerability allows an unprivileged untrusted third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcode...

7.8CVSS7.6AI score0.00199EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.34 views

Oracle Linux 7 : nss, / nss-softokn, / nss-util, / and / nspr (ELSA-2019-2237)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2237 advisory. nspr 4.21.0-1 - Rebase to NSPR 4.21 nss 3.44.0-4 - Fix certutil man page - Fix extracting a public key from a private key for dh, ec, and dsa 3.44.0-3 ...

5.9CVSS6.4AI score0.44398EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2023/06/21 2:51 p.m.79 views

Moderate: Red Hat Security Advisory: openssl security and bug fix update

An update for openssl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.5CVSS6.9AI score0.75116EPSS
Exploits0References18
AlmaLinux
AlmaLinux
added 2023/06/21 12:0 a.m.117 views

Moderate: openssl security and bug fix update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: Possible DoS translating ASN.1 object identifiers CVE-2023-2650 openssl: Denial of service by...

7.5CVSS7AI score0.75116EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2023/04/27 12:0 a.m.4 views

PT-2023-33039 · Jose4J · Jose4J

Name of the Vulnerable Software and Affected Versions: jose4j affected versions not specified Description: The issue in jose4j allows for chosen ciphertext attacks, enabling the decryption of RSA1 5 or RSA OAEP encrypted ciphertexts. This could potentially allow an attacker to sign with affected...

6.8AI score
Exploits0References6
F5 Networks
F5 Networks
added 2023/02/21 8:1 p.m.42 views

K45616155: Nettle vulnerability CVE-2018-16869

Security Advisory Description A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extrac...

5.7CVSS4.8AI score0.01495EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
added 2023/02/21 8:1 p.m.47 views

K10281096: TLS in Mozilla NSS vulnerability CVE-2018-12404

Security Advisory Description A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack AKA Bleichenbacher attack and affects all NSS versions prior to NSS 3.41. CVE-2018-1240...

5.9CVSS6.3AI score0.44398EPSS
Exploits0
Rows per page
Query Builder