Lucene search
+L

168 matches found

Tenable Nessus
Tenable Nessus
added 2023/04/13 12:0 a.m.77 views

QNAP QTS / QuTS hero Multiple Vulnerabilities in OpenSSL (QSA-23-15)

The version of QNAP QTS / QuTS hero installed on the remote host is affected by multiple vulnerabilities as referenced in the QSA-23-15 advisory. - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in ...

7.5CVSS7.9AI score0.59501EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:45 a.m.6 views

SUSE CVE-2021-23839

OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater th...

4.3CVSS6.2AI score0.02961EPSS
Exploits0References3
OSV
OSV
added 2023/02/08 8:15 p.m.9 views

AZL-31140 CVE-2022-4304 affecting package edk2 for versions less than 20230301gitf80f052277c8-42

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages fo...

5.9CVSS6.9AI score0.16195EPSS
Exploits0References1
OSV
OSV
added 2023/02/08 8:15 p.m.10 views

AZL-13310 CVE-2022-4304 affecting package openssl for versions less than 1.1.1k-21

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages fo...

5.9CVSS6.9AI score0.16195EPSS
Exploits0References1
OSV
OSV
added 2023/02/08 7:4 p.m.31 views

CVE-2022-4304 Timing Oracle in RSA Decryption

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages fo...

5.9CVSS7AI score0.16195EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/02/08 12:0 a.m.96 views

Amazon Linux 2 : openssl (ALAS-2023-1935)

The version of openssl installed on the remote host is prior to 1.0.2k-24. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1935 advisory. A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a...

7.5CVSS7.8AI score0.59501EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2022/03/07 12:0 a.m.4 views

PT-2022-17157 · Openssl · Openssl

Name of the Vulnerable Software and Affected Versions: OpenSSL versions prior to K2 22.5.9.163 OpenSSL versions prior to K3C 32.1.15.93 Description: The issue allows an unauthenticated attacker on the local area network to gain control over the plaintext to which an arbitrary blob of ciphertext...

9.3CVSS8.2AI score0.00978EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2021/08/16 12:0 a.m.24 views

OpenSSL: CMS and S/MIME Bleichenbacher Attack (20120312) - Windows

OpenSSL is prone to a Bleichenbacher attack. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5CVSS7.7AI score0.12932EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.24 views

SUSE: Security Advisory (SUSE-SU-2016:0748-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS8.6AI score0.89557EPSS
Exploits21References2
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.25 views

SUSE: Security Advisory (SUSE-SU-2016:0778-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS8.9AI score0.89557EPSS
Exploits22References2
OSV
OSV
added 2021/02/16 5:15 p.m.5 views

ALPINE-CVE-2021-23839

OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater th...

3.7CVSS6.6AI score0.02961EPSS
Exploits0References1
CVE
CVE
added 2021/02/16 4:55 p.m.298 views

CVE-2021-23839

CVE-2021-23839 describes a padding-check logic error in OpenSSL 1.0.2 (affecting 1.0.2s–1.0.2x) where RSA_padding_check_SSLv23() mis-handles SSLv2 rollback protection. The bug causes a server configured for SSLv2 in combination with newer TLS versions to accept connections when a version-rollback...

4.3CVSS5.5AI score0.02961EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2021/01/20 4:15 p.m.6 views

CVE-2020-20949

Bleichenbacher's attack on PKCS 1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube UM1924. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the...

5.9CVSS6.2AI score0.00919EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2021/01/20 12:0 a.m.6 views

PT-2021-10560

Name of the Vulnerable Software and Affected Versions: STM32 cryptographic firmware library software expansion for STM32Cube UM1924 affected versions not specified Description: The issue concerns Bleichenbacher's attack on PKCS 1 v1.5 padding for RSA, which can be exploited using Bleichenbacher's...

5.9CVSS6.3AI score0.00919EPSS
Exploits0References11
Cvelist
Cvelist
added 2021/01/19 12:22 p.m.28 views

CVE-2020-20950

Bleichenbacher's attack on PKCS 1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the vulnerable...

5.6AI score0.00859EPSS
Exploits0References3
CNVD
CNVD
added 2021/01/07 12:0 a.m.6 views

wolfSSL Out-of-Bounds Write Vulnerability

wolfSSL is a small, portable, embedded SSL/TLS library intended for use by embedded systems developers. An out-of-bounds write vulnerability exists in RsaPadPSS in wolfcrypt/src/rsa.c in wolfSSL versions prior to 4.6.0. No detailed vulnerability details are provided at this time...

10CVSS7.1AI score0.03524EPSS
Exploits1References1
OSV
OSV
added 2021/01/06 4:15 p.m.5 views

UBUNTU-CVE-2020-36177

RsaPadPSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size...

9.8CVSS7.3AI score0.03524EPSS
Exploits1References7
OSV
OSV
added 2018/12/03 2:29 p.m.4 views

UBUNTU-CVE-2018-16868

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade...

5.6CVSS7AI score0.00573EPSS
Exploits0References3
OSV
OSV
added 2018/12/03 2:29 p.m.2 views

DEBIAN-CVE-2018-16868

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade...

5.6CVSS5.3AI score0.00573EPSS
Exploits0References1
NVD
NVD
added 2018/08/21 1:29 p.m.26 views

CVE-2017-17305

Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a Bleichenbacher Oracle vulnerability in the IPSEC IKEv1 implementations. Remote attackers can decrypt IPSEC tunnel ciphertext data by leveraging a Bleichenbache...

5.9CVSS6.2AI score0.01045EPSS
Exploits0References1
Rows per page
Query Builder