Lucene search
K

168 matches found

RedHat Linux
RedHat Linux
added 2024/01/17 1:54 p.m.3 views

OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

7.4CVSS7.3AI score0.00918EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/01/17 1:54 p.m.7 views

OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

7.4CVSS7.3AI score0.00918EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/01/17 9:7 a.m.5 views

OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

7.4CVSS7.3AI score0.00918EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/01/17 9:7 a.m.4 views

OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

7.4CVSS7.3AI score0.00918EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/01/17 9:7 a.m.380 views

Important: Red Hat Security Advisory: java-11-openjdk security update

An update for java-11-openjdk is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this...

7.4CVSS7.1AI score0.01026EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2024/01/17 9:6 a.m.11 views

OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

7.4CVSS7.3AI score0.00918EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/01/17 9:2 a.m.78 views

Important: Red Hat Security Advisory: java-21-openjdk security update

An update for java-21-openjdk is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabilit...

7.4CVSS6.8AI score0.00918EPSS
Exploits0References6
AlmaLinux
AlmaLinux
added 2024/01/17 12:0 a.m.55 views

Important: java-21-openjdk security update

The java-21-openjdk packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fixes: OpenJDK: array out-of-bounds access due to missing range check in C1 compiler 8314468 CVE-2024-20918 OpenJDK: RSA padding issue and timing side-channel...

7.4CVSS7.4AI score0.00918EPSS
Exploits0References12
AlmaLinux
AlmaLinux
added 2024/01/17 12:0 a.m.136 views

Important: java-17-openjdk security and bug fix update

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: OpenJDK: array out-of-bounds access due to missing range check in C1 compiler 8314468 CVE-2024-20918 OpenJDK: incorrect handling of ZIP files with duplica...

7.5CVSS7.4AI score0.00918EPSS
Exploits0References14
Hacker One
Hacker One
added 2023/12/02 11:45 p.m.556 views

Internet Bug Bounty: OpenSSL vulnerable to the Marvin Attack (CVE-2022-4304)

A timing side channel vulnerability in OpenSSL RSA decryption was discovered that could allow plaintext recovery. By measuring decryption time, an attacker could recover RSA plaintext from captured ciphertexts after a large number of decryption attempts. All RSA padding modes were affected. The...

5.9CVSS7AI score0.16195EPSS
Exploits0
OSV
OSV
added 2023/07/15 11:5 a.m.3 views

OESA-2023-1431 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbach...

5.9CVSS8.8AI score0.16195EPSS
Exploits0References2
OSV
OSV
added 2023/07/15 11:5 a.m.3 views

OESA-2023-1430 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbach...

5.9CVSS8.8AI score0.16195EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/06/23 12:0 a.m.61 views

F5 Networks BIG-IP : OpenSSL vulnerability (K000132943)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10 / 16.1.5 / 17.1.1 17.1.0.1. It is, therefore, affected by a vulnerability as referenced in the K000132943 advisory. A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be...

5.9CVSS7.9AI score0.16195EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/06/05 12:30 p.m.6 views

openssl: timing attack in RSA Decryption implementation

A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages...

5.9CVSS6.7AI score0.16195EPSS
Exploits0References5
OSV
OSV
added 2023/04/25 7:15 p.m.8 views

CVE-2022-40722

A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA...

5.8CVSS5.8AI score0.00328EPSS
Exploits0References2
NVD
NVD
added 2023/04/25 7:15 p.m.18 views

CVE-2022-40722

A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA...

7.7CVSS7.5AI score0.00328EPSS
Exploits0References2
Prion
Prion
added 2023/04/25 7:15 p.m.16 views

Design/Logic Flaw

A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA...

1.7CVSS5.7AI score0.00328EPSS
Exploits0References2Affected Software3
Vulnrichment
Vulnrichment
added 2023/04/25 12:0 a.m.8 views

CVE-2022-40722 Misconfiguration of RSA padding for offline MFA in the PingID Adapter for PingFederate.

A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA...

7.7CVSS7.1AI score0.00328EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/04/25 12:0 a.m.8 views

PT-2023-13897 · Ping Identity · Pingid Adapter For Pingfederate

Name of the Vulnerable Software and Affected Versions: PingID Adapter for PingFederate affected versions not specified Description: A misconfiguration of RSA padding in the PingID Adapter for PingFederate, used to support Offline MFA with PingID mobile authenticators, makes it vulnerable to...

7.7CVSS5.4AI score0.00328EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/04/25 12:0 a.m.19 views

CVE-2022-40722 Misconfiguration of RSA padding for offline MFA in the PingID Adapter for PingFederate.

A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA...

7.7CVSS7.7AI score0.00328EPSS
Exploits0References2
Rows per page
Query Builder