466 matches found
Oracle Linux 7 : nss, / nss-softokn, / nss-util, / and / nspr (ELSA-2019-2237)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2237 advisory. nspr 4.21.0-1 - Rebase to NSPR 4.21 nss 3.44.0-4 - Fix certutil man page - Fix extracting a public key from a private key for dh, ec, and dsa 3.44.0-3 ...
FreeBSD : FreeBSD -- Multiple vulnerabilities in OpenSSL (c8eb4c40-47bd-11ee-8e38-002590c1f29c)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the c8eb4c40-47bd-11ee-8e38-002590c1f29c advisory. - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could ...
SUSE SLES15: libopenssl-1_1-devel / libopenssl-1_1-devel-32bit / libopenssl1_1 / etc (SUSE-SU-2023:3179-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3179-1 advisory. - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out...
OESA-2023-1431 edk2 security update
EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbach...
EulerOS 2.0 SP11 : gnutls (EulerOS-SA-2023-2267)
According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover...
EulerOS 2.0 SP11 : openssl (EulerOS-SA-2023-2275)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a netwo...
SUSE SLED15: libopenssl-1_1-devel / libopenssl-1_1-devel-32bit / libopenssl1_1 / etc (SUSE-SU-2023:2648-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2648-1 advisory. - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timi...
SUSE SLES12: libopenssl-1_0_0-devel / libopenssl-1_0_0-devel-32bit / etc (SUSE-SU-2023:2624-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2624-1 advisory. - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause...
SUSE SLES12: libopenssl-1_1-devel / libopenssl-1_1-devel-32bit / libopenssl1_1 / etc (SUSE-SU-2023:2623-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2623-1 advisory. - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause...
F5 Networks BIG-IP : OpenSSL vulnerability (K000132943)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10 / 16.1.5 / 17.1.1 17.1.0.1. It is, therefore, affected by a vulnerability as referenced in the K000132943 advisory. A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be...
Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2023-2070)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 2.11.0 : gnutls (EulerOS-SA-2023-2122)
According to the versions of the gnutls packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be...
openssl: timing attack in RSA Decryption implementation
A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages...
openssl: timing attack in RSA Decryption implementation
A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages...
EulerOS Virtualization 2.9.1 : openssl (EulerOS-SA-2023-2001)
According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext...
Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2023-1953)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Linux 9 : edk2 (ELSA-2023-2165)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2165 advisory. - Resolves: bz2164534 CVE-2023-0286 edk2: openssl: X.400 address type confusion in X.509 GeneralName rhel-9 - Resolves: bz2164550 CVE-2022-4304 edk2:...
EulerOS 2.0 SP9 : openssl (EulerOS-SA-2023-1850)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a netwo...
The vulnerabilities of encryption algorithms such as PKCS#1 v1.5, RSA-OEAP, and RSASVE in the OpenSSL cryptographic library allow attackers to execute the Bleichenbacher attack.
The vulnerability of encryption algorithms such as PKCS1 v1.5, RSA-OEAP, and RASSEV in the OpenSSL cryptographic library is related to the creation of a secondary synchronization channel due to time differences. Exploiting this vulnerability can allow an attacker operating remotely to execute a...
EulerOS 2.0 SP8 : openssl (EulerOS-SA-2023-1602)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a netwo...