5878 matches found
DEBIAN-CVE-2023-5388
NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9...
CVE-2023-5388
CVE-2023-5388 concerns an NSS timing attack during RSA decryption that could leak private data. Connected entries confirm affected software: Mozilla Firefox (including ESR) and Thunderbird, with vulnerable builds prior to Firefox 124 and Thunderbird 115.9.x. Root cause is a timing side-channel in...
CVE-2023-5388
NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9...
CVE-2023-5388
NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9...
CVE-2023-5388
NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager (CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850)
Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition used by IBM Tivoli System Automation Application Manager. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker t...
Security Vulnerabilities fixed in Firefox ESR 115.9 — Mozilla
An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. Note: This issue only affected Windows operating systems. Other operating system...
RHEL 8 : opencryptoki (RHSA-2024:1411)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1411 advisory. The opencryptoki packages contain version 2.11 of the PKCS11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These...
Security Vulnerabilities fixed in Firefox 124 — Mozilla
An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. Passing invalid data could have led to invalid wasm values being created, such as...
Mozilla Firefox ESR < 115.9
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-13 advisory. - Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs...
CVE-2024-28864
SecureProps is a PHP library designed to simplify the encryption and decryption of property data in objects. A vulnerability in SecureProps version 1.2.0 and 1.2.1 involves a regex failing to detect tags during decryption of encrypted data. This occurs when the encrypted data has been encoded wit...
CVE-2024-28864 [TagAwareCipher] - Decryption Failure (Regex Match)
SecureProps is a PHP library designed to simplify the encryption and decryption of property data in objects. A vulnerability in SecureProps version 1.2.0 and 1.2.1 involves a regex failing to detect tags during decryption of encrypted data. This occurs when the encrypted data has been encoded wit...
CVE-2024-28864 [TagAwareCipher] - Decryption Failure (Regex Match)
SecureProps is a PHP library designed to simplify the encryption and decryption of property data in objects. A vulnerability in SecureProps version 1.2.0 and 1.2.1 involves a regex failing to detect tags during decryption of encrypted data. This occurs when the encrypted data has been encoded wit...
CVE-2024-28864 [TagAwareCipher] - Decryption Failure (Regex Match)
SecureProps is a PHP library designed to simplify the encryption and decryption of property data in objects. A vulnerability in SecureProps version 1.2.0 and 1.2.1 involves a regex failing to detect tags during decryption of encrypted data. This occurs when the encrypted data has been encoded wit...
CVE-2024-28864
CVE-2024-28864 affects the PHP library SecureProps (versions 1.2.0 and 1.2.1). The issue arises when encrypted data is encoded with NullEncoder and fed into TagAwareCipher ; a regex fails to detect tags (especially with special characters such as “\n”), causing the decryption to be skipped and th...
[TagAwareCipher] - Decryption Failure (Regex Match)
Impact Vulnerability in SecureProps involves a regex failing to detect tags during decryption of encrypted data. This occurs when the encrypted data has been encoded with NullEncoder and passed to TagAwareCipher, and contains special characters such as \n. As a result, the decryption process is...
GHSA-RJ29-J2G4-77Q8 [TagAwareCipher] - Decryption Failure (Regex Match)
Impact Vulnerability in SecureProps involves a regex failing to detect tags during decryption of encrypted data. This occurs when the encrypted data has been encoded with NullEncoder and passed to TagAwareCipher, and contains special characters such as \n. As a result, the decryption process is...
PT-2024-22613
Name of the Vulnerable Software and Affected Versions SecureProps versions 1.2.0 through 1.2.1 Description A vulnerability in SecureProps involves a regex failing to detect tags during decryption of encrypted data. This occurs when the encrypted data has been encoded with NullEncoder and passed t...
Timing Side-Channel Attack
Firefox is vulnerable to Timing Side-Channel Attack. The vulnerability is caused due to the improper handling of timing during decryption, potentially enabling attackers to recover private data...
Security Bulletin: IBM Rational® Application Developer for WebSphere® Software is vulnerable to a remote attack to obtain sensitive information due to an algorithm decryption implementation
Summary IBM® SDK, Java™ Technology Edition, is used by IBM Rational® Application Developer for WebSphere® Software as the runtime and development kit. CVE-2023-33850 Vulnerability Details CVEID:CVE-2023-33850 DESCRIPTION: IBM GSKit-Crypto could allow a remote attacker to obtain sensitive...