5879 matches found
CVE-2024-23218
A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.4, macOS Sonoma 14.3, macOS Ventura 13.6.5, tvOS 17.3, watchOS 10.3. An attacker...
CVE-2024-23218
CVE-2024-23218 : A timing side-channel in CoreCrypto could allow decrypting legacy RSA PKCS#1 v1.5 ciphertexts without the private key. Apple patched this in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, and iOS/iPadOS 17.3. The connected sources corroborate the vulnerability and the listed fixes; ...
CVE-2024-23218
A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.4, macOS Sonoma 14.3, macOS Ventura 13.6.5, tvOS 17.3, watchOS 10.3. An attacker...
Ubuntu 22.04 LTS : PyCryptodome vulnerability (USN-6595-1)
The remote Ubuntu 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6595-1 advisory. It was discovered that PyCryptodome had a timing side-channel when performing OAEP decryption. A remote attacker could possibly use this issue to recover sensitiv...
Amazon Linux 2023 : python3-pycryptodomex, python3-pycryptodomex-selftest (ALAS2023-2024-494)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-494 advisory. PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack. CVE-2023-52323 Tenable has extracted the preceding description block directl...
CVE-2024-21484
A flaw was found in jsrsasign, which is vulnerable to an observable discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. This flaw allows an attacker to decrypt ciphertexts. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted wit...
CVE-2024-21484
Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large...
CVE-2024-21484
Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large...
Spoofing
Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large...
CVE-2024-21484
Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large...
CVE-2024-21484
Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large...
CVE-2024-21484
CVE-2024-21484 affects the jsrsasign JavaScript library prior to 11.0.0, where an observable discrepancy in RSA PKCS#1.5 or RSAOAEP decryption can allow an attacker to decrypt ciphertexts. The attack requires access to a large number of ciphertexts encrypted with the same key (Marvin attack). The...
Medium: python-pycryptodomex
Issue Overview: PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack. CVE-2023-52323 Affected Packages: python-pycryptodomex Issue Correction: Run dnf update python-pycryptodomex --releasever 2023.3.20240122 or dnf update...
macOS 14.x < 14.3 Multiple Vulnerabilities (HT214061)
The remote host is running a version of macOS / Mac OS X that is 14.x prior to 14.3. It is, therefore, affected by multiple vulnerabilities: - The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS...
Medium: nss
Issue Overview: It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the...
Medium: nss-softokn
Issue Overview: It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the...
Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : libssh vulnerabilities (USN-6592-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6592-1 advisory. It was discovered that libssh incorrectly handled the ProxyCommand and the ProxyJump features. A remote attacker could possib...
jsrsasign Security Vulnerabilities
The jsrsasign package is an open source cryptographic library from the individual developer Kenji Urashima in Japan. A security vulnerability exists in jsrsasign versions prior to 11.0.0, which stems from the susceptibility to Observable Discrepancy in the decryption process of RSA PKCS1.5 or...
Medium: nss-softokn
Issue Overview: It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the...
Medium: python-pycryptodomex
Issue Overview: PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack. CVE-2023-52323 Affected Packages: python-pycryptodomex Issue Correction: Run dnf update python-pycryptodomex --releasever 2023.3.20240122 to update your...