SUSE CVE-2019-9506

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks aka "KNOB" that can decrypt traffic and inject arbitrary...

SUSE CVE-2020-25658

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA...

SUSE CVE-2020-25657

A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality...

SUSE CVE-2021-3580

A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service...

Timing Attack

openssl is vulnerable to Timing Attack. The vulnerability exists in rsa/rsaossl.c because an attacker can recover ciphertext with a Bleichenbacher style attack by sending a large number of trial messages...

GnuTLS -- timing sidechannel in RSA decryption

The GnuTLS project reports: A vulnerability was found that the response times to malformed RSA ciphertexts in ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding. Only TLS ciphertext processing is affected...

Information Disclosure

github.com/aws/aws-sdk-go is vulnerable to information disclosure. The library sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field which could be used to brute force the plaintext, when the hash is readable to the attacker...

GHSA-6JVC-Q2X7-PCHV AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field

The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it...

CVE-2022-2582

The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it...

Code injection

The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it...

CVE-2022-2582

The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it...

AWS SDK for Android 加密问题漏洞

AWS SDK for Android is an AWS SDK for Android open source by AWS Amplify. A security vulnerability exists in AWS SDK for Android that stems from sending an unencrypted hash of plaintext along with ciphertext as a metadata field. If the hash is readable by an attacker, the hash can be used to brut...

CVE-2022-4087

A vulnerability was found in iPXE. It has been declared as problematic. This vulnerability affects the function tlsnewciphertext of the file src/net/tls.c of the component TLS. The manipulation of the argument padlen leads to information exposure through discrepancy. The name of the patch is...

iPXE 安全漏洞

iPXE is iPXE open source a network bootstrap program . An information disclosure vulnerability exists in versions of iPXE prior to iPXE 2022.11.08 that affects the tlsnewciphertext function in the component TLS src/net/tls.c file and can be exploited by an attacker to obtain sensitive information...

CVE-2022-20940

A vulnerability in the TLS handler of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper implementation of countermeasures against a Bleichenbacher attack on a device that uses...

CVE-2022-20940

A vulnerability in the TLS handler of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper implementation of countermeasures against a Bleichenbacher attack on a device that uses...

Information disclosure

A vulnerability in the TLS handler of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper implementation of countermeasures against a Bleichenbacher attack on a device that uses...

CVE-2022-20940

A vulnerability in the TLS handler of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper implementation of countermeasures against a Bleichenbacher attack on a device that uses...

CVE-2022-20940

Cisco Firepower Threat Defense (FTD) Software is affected by a Bleichenbacher-related information disclosure in the TLS handler and SSL decryption policy implementation. The root cause is improper countermeasures against Bleichenbacher attacks, allowing an unauthenticated remote attacker to poten...

Cisco Firepower Threat Defense Software SSL Decryption Policy Bleichenbacher Attack Vulnerability

A vulnerability in the TLS handler of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper implementation of countermeasures against a Bleichenbacher attack on a device that uses...