CVE-2023-0580 Information Disclosure vulnerability in My Control System (on-premise)

Insecure Storage of Sensitive Information vulnerability in ABB My Control System on-premise allows an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application. Of the services that make up the My Control System...

ABB My Control System 安全漏洞

ABB My Control System is a delivery platform for advanced digital services from ABB Switzerland. It is used to visualize and analyze your control system performance, software, and security. ABB My Control System has a security vulnerability that stems from an insecure storage of sensitive...

AlmaLinux 8 : gnutls (ALSA-2023:1569)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:1569 advisory. - A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypte...

PT-2023-13294 · Modem · Modem

Name of the Vulnerable Software and Affected Versions: Modem affected versions not specified Description: Memory corruption occurs due to improper validation of an array index when a malformed APDU is sent from a card. Recommendations: At the moment, there is no information about a newer version...

Authorization

An attacker authenticated as a user with a non-administrative role and a common remote execution authorization in SAP Solution Manager and ABAP managed systems ST-PI - versions 20881700, 20081710, 740, can use a vulnerable interface to execute an application function to perform actions which they...

RHEL 9 : gnutls (RHSA-2023:1200)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1200 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS...

AlmaLinux 9 : gnutls (ALSA-2023:1141)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:1141 advisory. - A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypte...

RHEL 9 : gnutls (RHSA-2023:1141)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1141 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS...

Rocky Linux 9 : gnutls (RLSA-2023:1141)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:1141 advisory. - A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key...

PT-2023-17732 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-13 Description: The issue is related to a path traversal error in the clearApplicationUserData function of ActivityManagerService.java. This error could allow the removal of system files, potentiall...

K51025324: Apache Tomcat 7.x vulnerabilities CVE-2015-5346, CVE-2015-5351, and CVE-2016-0763

Security Advisory Description CVE-2015-5346 Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to...

Debian dla-3321 : gnutls-bin - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3321 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3321-1 [email protected] https://www.debian.org/lts/security/...

CVE-2023-0361

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to...

CVE-2023-0361

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to...

Code injection

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to...

SUSE CVE-2017-5898

Integer overflow in the emulatedapdufromguest function in usb/dev-smartcard-reader.c in Quick Emulator Qemu, when built with the CCID Card device emulator support, allows local users to cause a denial of service application crash via a large Application Protocol Data Units APDU unit...

CVE-2023-0361

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to...

CVE-2023-0361

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to...

CVE-2022-4304 Timing Oracle in RSA Decryption

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages fo...

CVE-2022-4304

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages fo...