Lucene search
K

298 matches found

Tenable Nessus
Tenable Nessus
added 2024/06/12 12:0 a.m.27 views

Amazon Linux 2 : openssl11 (ALAS-2024-2564)

The version of openssl11 installed on the remote host is prior to 1.1.1g-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2564 advisory. Issue summary: Some non-default TLS server configurations can cause unboundedmemory growth when processing TLSv1.3 sessions...

5.9CVSS6.6AI score0.54026EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/06/07 12:0 a.m.11 views

OpenSSL 1.0.0 < 1.0.0b Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.0.0b. It is, therefore, affected by a vulnerability as referenced in the 1.0.0b advisory. - Multiple race conditions in ssl/t1lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi- threading and internal caching are...

7.6CVSS8.2AI score0.22145EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/06/07 12:0 a.m.20 views

OpenSSL 0.9.8 < 0.9.8p Vulnerability

The version of OpenSSL installed on the remote host is prior to 0.9.8p. It is, therefore, affected by a vulnerability as referenced in the 0.9.8p advisory. - Multiple race conditions in ssl/t1lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi- threading and internal caching are...

7.6CVSS8.2AI score0.22145EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/06/07 12:0 a.m.19 views

OpenSSL 0.9.7 < 0.9.7h Vulnerability

The version of OpenSSL installed on the remote host is prior to 0.9.7h. It is, therefore, affected by a vulnerability as referenced in the 0.9.7h advisory. - The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSLOPMSIESSLV2RSAPADDING option,...

5CVSS6.5AI score0.04866EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/05/28 12:0 a.m.43 views

Oracle Linux 8 : container-tools:ol8 (ELSA-2024-2988)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2988 advisory. - The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type wh...

7.5CVSS7.1AI score0.93305EPSS
Exploits7References17
Tenable Nessus
Tenable Nessus
added 2024/05/15 12:0 a.m.32 views

Amazon Linux 2 : edk2 (ALAS-2024-2539)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2539 advisory. Issue summary: Some non-default TLS server configurations can cause unboundedmemory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to...

5.9CVSS6.5AI score0.54026EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/04/08 12:0 a.m.186 views

OpenSSL 1.1.1 < 1.1.1y Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.1.1y. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.1y advisory. - Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impac...

7.5CVSS7.4AI score0.54026EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/03/25 8:29 p.m.3 views

nss: timing attack against RSA decryption

It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the leak happens...

6.5CVSS7.1AI score0.00816EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/03/25 8:16 p.m.2 views

nss: timing attack against RSA decryption

It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the leak happens...

6.5CVSS7.1AI score0.00816EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/03/25 8:13 p.m.6 views

nss: timing attack against RSA decryption

It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the leak happens...

6.5CVSS7.1AI score0.00816EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/03/25 8:11 p.m.3 views

nss: timing attack against RSA decryption

It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the leak happens...

6.5CVSS7.1AI score0.00816EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/03/25 7:40 p.m.3 views

nss: timing attack against RSA decryption

It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the leak happens...

6.5CVSS7.1AI score0.00816EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/03/25 7:39 p.m.5 views

nss: timing attack against RSA decryption

It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the leak happens...

6.5CVSS7.1AI score0.00816EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/03/25 7:36 p.m.3 views

nss: timing attack against RSA decryption

It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the leak happens...

6.5CVSS7.1AI score0.00816EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/03/25 6:54 p.m.2 views

nss: timing attack against RSA decryption

It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the leak happens...

6.5CVSS7.1AI score0.00816EPSS
Exploits0References6
OSV
OSV
added 2024/03/06 11:4 a.m.42 views

BIT-GOLANG-2021-34558

The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic...

6.5CVSS6.5AI score0.07032EPSS
Exploits1References17
OSV
OSV
added 2024/03/06 11:2 a.m.37 views

BIT-NODE-2022-3786 X.509 Email Address Variable Length Buffer Overflow

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate...

7.5CVSS8.1AI score0.91153EPSS
Exploits2References6
OSV
OSV
added 2024/03/06 11:1 a.m.19 views

BIT-GOLANG-2022-27536

Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic...

7.5CVSS7.2AI score0.01346EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/02/23 12:0 a.m.22 views

SUSE SLED15: libfreebl3 / libfreebl3-32bit / libsoftokn3 / libsoftokn3-32bit / etc (SUSE-SU-2024:0597-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0597-1 advisory. Update to NSS 3.90.2: - CVE-2023-5388: Fixed timing attack against RSA decryption in TLS bsc1216198 Tenab...

6.5CVSS6.6AI score0.00816EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/02/22 12:0 a.m.32 views

SUSE SLES15: libfreebl3 / libfreebl3-32bit / libsoftokn3 / libsoftokn3-32bit / etc (SUSE-SU-2024:0579-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0579-1 advisory. Update to NSS 3.90.2: - CVE-2023-5388: Fixed timing attack against RSA decryption in TLS bsc1216198 Tenable has extracted the preceding...

6.5CVSS6.6AI score0.00816EPSS
Exploits0References4
Rows per page
Query Builder