CVE-2024-35537

CVE-2024-35537 affects TVS Motor Company Limited TVS Connect on Android v4.6.0 and iOS v5.0.0. The root cause is insecure handling of the RSA key pair, which could allow an attacker to decrypt and access sensitive information. Publicly available documents consistently describe the issue as improp...

CVE-2024-35537

TVS Motor Company Limited TVS Connect Android v4.6.0 and IOS v5.0.0 was discovered to insecurely handle the RSA key pair, allowing attackers to possibly access sensitive information via decryption...

jose-go: improper handling of highly compressed data

A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti...

The vulnerability of the JWE Token Handler component in JavaScript object signing and encryption technologies is related to an uncontrolled resource consumption, allowing attackers to cause service failures.

The vulnerability of the JWE Token Handler component in JavaScript object signing and encryption technologies with Python is related to high resource consumption during decryption using the created JSON Web Encryption token. Exploiting this vulnerability can allow a malicious actor to cause servi...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : bouncycastle (SUSE-SU-2024:1539-2)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1539-2 advisory. Update to version 1.78.1, including fixes for: - CVE-2024-30171: Fixed timing side-channel attacks agains...

SUSE-SU-2024:1539-2 Security update for bouncycastle

This update for bouncycastle fixes the following issues: Update to version 1.78.1, including fixes for: - CVE-2024-30171: Fixed timing side-channel attacks against RSA decryption both PKCS1v1.5 and OAEP. bsc1223252...

jose: resource exhaustion

Jose was found to have an uncontrolled resource consumption vulnerability. Under certain conditions, the user's environment can consume an unreasonable amount of CPU time or memory during JWE decryption operations, leading to a denial of service...

Mageia: Security Advisory (MGASA-2024-0226)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the command-line interface of FortiOS operating systems and the FortiProx proxy server, which allows a hacker to decrypt the backup file.

The vulnerability of the command-line interface of FortiOS operating systems and the FortiProxy proxy server for protecting against Internet attacks is related to insufficient calculation of password hashes. Exploiting this vulnerability can allow attackers to decrypt the backup file...

Updated iperf packages fix security vulnerability

iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of message...

SUSE CVE-2024-28176

jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens JWT, JSON Web Signature JWS, JSON Web Encryption JWE, JSON Web Key JWK, JSON Web Key Set JWKS, and more. A vulnerability has been identified in the JSON Web Encryption JWE decryption interfaces...

OESA-2024-1729 iperf3 security update

Iperf is a tool for active measurements of the maximum achievable bandwidth on IP networks. It supports tuning of various parameters related to timing, protocols, and buffers. Security Fixes: iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a...

CVE-2024-27159

All the Toshiba printers contain a shell script using the same hardcoded key to encrypt logs. An attacker can decrypt the encrypted files using the hardcoded key. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for th...

CVE-2024-27161

CVE-2024-27161 concerns Toshiba multifunction printers (MFPs) with programs containing a hardcoded key used to encrypt files. The root cause is the use of a hardcoded credential and insecure encryption, allowing an attacker who can access the device to decrypt stored/files by using that key. Seve...

PT-2024-21694 · Toshiba · Toshiba Printers

Name of the Vulnerable Software and Affected Versions: Toshiba printers affected versions not specified Description: The issue concerns Toshiba printers that have programs containing a hardcoded key used for file encryption. An attacker can exploit this by using the hardcoded key to decrypt...

CVE-2024-34113

Adobe ColdFusion is affected by CVE-2024-34113 (Weak Cryptography for Passwords) affecting ColdFusion 2023u7, 2021u13 and earlier. The issue stems from insufficiently strong cryptographic algorithms or flawed implementation used for password protection, enabling potential decryption or guessing o...

The vulnerability of the OpenSSL Handler component in the IPerf3 network bandwidth measurement tool allows a hacker to access confidential information.

The vulnerability of the OpenSSL Handler component in the IPerf3 network bandwidth measurement tool is related to the use of a secondary synchronization channel during RSA decryption operations. Exploiting this vulnerability can allow a remote attacker to gain access to confidential information...

Security Bulletin: IBM Maximo Application Suite uses bcprov-jdk18on-1.74.jar which is vulnerable to CVE-2024-30171

Summary IBM Maximo Application Suite uses bcprov-jdk18on-1.74.jar which is vulnerable to CVE-2024-30171.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-30171 DESCRIPTION: The Bouncy Castle Crypto Package For Java could allow a...

CVE-2024-2408

The RSA decryption implementation using PKCS1 v1.5 padding in OpenSSL is vulnerable to a timing side-channel attack known as the Marvin Attack. This vulnerability arises because the execution time of the opensslprivatedecrypt function in PHP with OpenSSL varies based on whether a valid message is...

jose-go: improper handling of highly compressed data

A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti...