Lucene search
K

3242 matches found

AlmaLinux
AlmaLinux
added 2023/03/22 12:0 a.m.79 views

Important: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: X.400 address type confusion in X.509 GeneralName CVE-2023-0286 openssl: timing attack in RSA...

7.5CVSS7.5AI score0.59501EPSS
Exploits0References10
Veracode
Veracode
added 2023/03/17 12:51 a.m.19 views

Timing Attack

ezsystems and ibexa/core are vulnerable to Timing Attacks. The vulnerability exists because the library uses random execution time to hinder timing attacks against user accounts which allows a remote attacker to discover whether a given account exists in a system without knowing its password,...

3.7CVSS4.7AI score0.00458EPSS
Exploits0References8Affected Software3
RedHat Linux
RedHat Linux
added 2023/03/14 1:57 p.m.3 views

openssl: timing attack in RSA Decryption implementation

A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages...

5.9CVSS6.7AI score0.16195EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/03/14 1:57 p.m.68 views

Important: Red Hat Security Advisory: openssl security and bug fix update

An update for openssl is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.5CVSS7.2AI score0.59501EPSS
Exploits0References20
OSV
OSV
added 2023/03/12 6:30 a.m.14 views

GHSA-66M4-GC8H-HPJX Timing attack in eZ Platform Ibexa

Ibexa DXP is using random execution time to hinder timing attacks against user accounts, a method of discovering whether a given account exists in a system without knowing its password, thus affecting privacy. This implementation was found to not be good enough in some situations. The fix replace...

3.7CVSS3.9AI score0.00458EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2023/03/12 6:30 a.m.27 views

Timing attack in eZ Platform Ibexa

Ibexa DXP is using random execution time to hinder timing attacks against user accounts, a method of discovering whether a given account exists in a system without knowing its password, thus affecting privacy. This implementation was found to not be good enough in some situations. The fix replace...

3.7CVSS4.8AI score0.00458EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2023/03/12 5:15 a.m.23 views

CVE-2022-48366

An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack...

3.7CVSS4.5AI score
Exploits0References3
NVD
NVD
added 2023/03/12 5:15 a.m.24 views

CVE-2022-48366

An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack...

3.7CVSS4AI score0.00458EPSS
Exploits0References3
Prion
Prion
added 2023/03/12 5:15 a.m.16 views

Code injection

An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack...

2.6CVSS4.1AI score0.00458EPSS
Exploits0References3Affected Software7
CVE
CVE
added 2023/03/12 12:0 a.m.73 views

CVE-2022-48366

CVE-2022-48366 affects eZ Platform Ibexa Kernel prior to 1.3.19, enabling an attacker to determine whether an account exists via a timing attack (remote, no auth, no user interaction). The CVSS v3.1 vector indicates network access, high attack complexity, and no privileges required, with a low co...

3.7CVSS4AI score0.00458EPSS
Exploits0References3Affected Software7
Cvelist
Cvelist
added 2023/03/12 12:0 a.m.22 views

CVE-2022-48366

An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack...

4.5AI score0.00458EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/03/12 12:0 a.m.5 views

CVE-2022-48366

An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack...

4.1AI score0.00458EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.14 views

Debian: Security Advisory (DLA-262-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS7.6AI score0.02879EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.22 views

Debian: Security Advisory (DSA-2260-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS9.6AI score0.03022EPSS
Exploits1References3
OSV
OSV
added 2023/03/07 2:17 p.m.7 views

SUSE-SU-2023:0648-1 Security update for python-rsa

This update for python-rsa fixes the following issues: - CVE-2020-25658: Fixed a Bleichenbacher timing oracle attack against RSA decryption bsc1178676...

7.5CVSS7.6AI score0.01631EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2023/02/28 8:22 a.m.6 views

openssl: timing attack in RSA Decryption implementation

A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages...

5.9CVSS6.7AI score0.16195EPSS
Exploits0References5
OSV
OSV
added 2023/02/28 12:0 a.m.41 views

ALSA-2023:0946 Moderate: openssl security and bug fix update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: read buffer overflow in X.509 certificate verification CVE-2022-4203 openssl: timing attack in RS...

7.5CVSS7.6AI score0.59501EPSS
Exploits0References18
Tenable Nessus
Tenable Nessus
added 2023/02/28 12:0 a.m.23 views

Fedora 37 : gnutls / guile-gnutls (2023-1c4a6a47ae)

The remote Fedora 37 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-1c4a6a47ae advisory. Release of gnutls 3.8.0 fixes CVE-2023-0361 Release of gnutls guile bingings as standalone package. Tenable has extracted the preceding description block...

7.4CVSS7AI score0.01403EPSS
Exploits1References2
AlmaLinux
AlmaLinux
added 2023/02/28 12:0 a.m.67 views

Moderate: openssl security and bug fix update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: read buffer overflow in X.509 certificate verification CVE-2022-4203 openssl: timing attack in RS...

7.5CVSS7.8AI score0.59501EPSS
Exploits0References18
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/24 6:34 a.m.45 views

Security Bulletin: Vulnerabilities found within Apache Storm that is used by IBM Tivoli Network Manager (ITNM) IP Edition

Summary Vulnerabilities found within Apache Storm CVE-2020-25649, CVE-2020-36518, CVE-2021-22569, CVE-2021-38153 that is used by IBM Tivoli Network Manager ITNM IP Edition Vulnerability Details CVEID:CVE-2020-25649 DESCRIPTION: FasterXML Jackson Databind could provide weaker than expected securit...

7.5CVSS7.2AI score0.17611EPSS
Exploits2Affected Software1
Rows per page
Query Builder