CVE-2023-46324

pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is used, allows an Invalid Curve Attack because it may compute a shared secret via an uncompressed public key that has not been validated. An attacker can send arbitrary SUCIs to the UDM, which tries to decrypt them via both its...

CVE-2023-46324

pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is used, allows an Invalid Curve Attack because it may compute a shared secret via an uncompressed public key that has not been validated. An attacker can send arbitrary SUCIs to the UDM, which tries to decrypt them via both its...

UBUNTU-CVE-2023-5388

NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : wpa_supplicant and hostapd vulnerability (USN-3745-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3745-1 advisory. It was discovered that wpasupplicant and hostapd incorrectly handled certain messages. An attacker could possibly use this to access...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : Python-RSA vulnerability (USN-4478-2)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-4478-2 advisory. USN-4478-1 fixed a vulnerability in Python-RSA. This update provides the corresponding update for Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and...

CVE-2022-25332 SK_LOAD timing side channel during AES module decryption in Texas Instruments OMAP L138

The AES implementation in the Texas Instruments OMAP L138 secure variants, present in mask ROM, suffers from a timing side channel which can be exploited by an adversary with non-secure supervisor privileges by managing cache contents and collecting timing information for different ciphertext...

IBM HTTP Server 8.5.0.0 < 8.5.5.24 / 9.0.0.0 < 9.0.5.16 Information Disclosure (6998037)

The version of IBM HTTP Server running on the remote host is affected by an information disclosure vulnerability due to IBM GSKit which is used for SSL connections. An unauthenticated, remote attacker could exploit a timing-based side channel in the RSA Decryption implementation, by sending an...

TETRA BURST Security Vulnerability

TETRA BURST is a terrestrial trunked radio standard for radio communications from TETRA BURST. A security vulnerability exists in TETRA BURST that stems from the Air Interface Encryption AIE keystream generator's dependence on network time, which can be publicly broadcast in an unauthenticated...

CVE-2023-5552

A password disclosure vulnerability in the Secure PDF eXchange SPX feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 19.5.3 and older, if the password type is set to “Specified by sender”...

CVE-2023-5552

A password disclosure vulnerability in the Secure PDF eXchange SPX feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 19.5.3 and older, if the password type is set to “Specified by sender”...

Sophos Firewall Information Disclosure Vulnerability

Sophos Firewall is a firewall from Sophos UK. An information disclosure vulnerability exists in Sophos Firewall 19.5.3 and earlier versions, which stems from the presence of a password disclosure vulnerability that allows an attacker with email access to decrypt PDFs...

SUSE CVE-2023-5388

NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : rage-encryption (SUSE-SU-2023:4060-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4060-1 advisory. - aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version...

Mozilla NSS Security Vulnerability

NSS is an underlying cryptography library from the Mozilla Foundation. The library supports a variety of cryptographic algorithms, and the Firefox browser's TLS implementation is based on this library. A security vulnerability exists in Mozilla NSS, which arises when the numeric library for RSA...

CVE-2022-33160

IBM Security Directory Suite 8.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228568...

IBM Security Directory Suite Encryption Issue Vulnerability

IBM Security Directory Suite is a scalable, standards-based identity platform from International Business Machines IBM that simplifies identity and directory management. A security vulnerability exists in IBM Security Directory Suite that stems from the use of weaker-than-expected encryption...

PT-2023-13231 · Ibm · Ibm Security Directory Suite Va

Name of the Vulnerable Software and Affected Versions: IBM Security Directory Suite version 8.0.1 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. Recommendations: For IBM Security...

CVE-2023-3350

A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. By firstly downloading the log file, an attacker could retrieve the SQL query sent to the application in plaint text. This log file contains the password hashes coded with AES-CBC-128 bits algorithm, whi...

Design/Logic Flaw

A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. By firstly downloading the log file, an attacker could retrieve the SQL query sent to the application in plaint text. This log file contains the password hashes coded with AES-CBC-128 bits algorithm, whi...

CVE-2023-3350 Cryptographic Issues on IBERMATICA RPS

A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. By firstly downloading the log file, an attacker could retrieve the SQL query sent to the application in plaint text. This log file contains the password hashes coded with AES-CBC-128 bits algorithm, whi...