Oracle Linux 9 : kernel (ELSA-2024-2758)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2758 advisory. - x86/sev: Harden VC instruction emulation somewhat Vitaly Kuznetsov RHEL-30030 RHEL-30031 CVE-2024-25743 CVE-2024-25742 Tenable has extracted the...

kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation

A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key...

Moderate: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Moderate: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation CVE-2023-6240 CVE-2024-25743 hw: amd: Instruction raise VC exception at exit...

ALSA-2024:2758 Moderate: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation CVE-2023-6240 CVE-2024-25743 hw: amd: Instruction raise VC exception at exit...

SUSE-SU-2024:1539-1 Security update for bouncycastle

This update for bouncycastle fixes the following issues: Update to version 1.78.1, including fixes for: - CVE-2024-30171: Fixed timing side-channel attacks against RSA decryption both PKCS1v1.5 and OAEP. bsc1223252...

kernel security, bug fix, and enhancement update

An update is available for kernel. This update affects Rocky Linux SIG Cloud 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux...

Oracle Linux 9 : fence-agents (ELSA-2024-2132)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2132 advisory. - bundled urllib3: fix CVE-2023-45803 Resolves: RHEL-18139 - bundled pycryptodome: fix CVE-2023-52323 Resolves: RHEL-20917 - bundled jinja2: fix...

K000139508: rust-openssl vulnerability CVE-2024-3296

Security Advisory Description A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of tria...

CVE-2023-40696

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 264939...

CVE-2020-4874

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 190837...

CVE-2020-4874

CVE-2020-4874 affects IBM Cognos Controller: versions 10.4.1, 10.4.2, and 11.0.0 use weaker cryptographic algorithms that could let an attacker decrypt highly sensitive data. Remediation is available via upgrades to: 11.0.1 FP2, 10.4.2 FP3, or 10.4.1 FP1 (as listed by IBM). No exploit details are...

PT-2024-12908 · Ibm · Ibm Cognos Controller

Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 10.4.1 through 11.0.0 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. Recommendations: For...

PT-2024-10853 · Ibm · Ibm Cognos Controller

Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 10.4.1 through 11.0.0 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive information. Recommendations: For...

jose-go: improper handling of highly compressed data

A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti...

jose-go: improper handling of highly compressed data

A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti...

jose-go: improper handling of highly compressed data

A vulnerability was found in Jose due to improper handling of highly compressed data. This issue could allow an attacker to send a JWE containing compressed data that uses large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti...

CVE-2024-3543

Use of reversible password encryption algorithm allows attackers to decrypt passwords. Sensitive information can be easily unencrypted by the attacker, stolen credentials can be used for arbitrary actions to corrupt the system...

DELL ECS Connection Manager 安全漏洞

DELL ECS Connection Manager is a software for managing enterprise cloud storage from Dell DELL USA. A security vulnerability exists in DELL ECS Connection Manager that stems from the use of a reversible password encryption algorithm that allows an attacker to decrypt passwords...

UBUNTU-CVE-2024-26980

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-out-of-bounds in smb2allocaterspbuf If -ProtocolId is SMB2TRANSFORMPROTONUM, smb2 request size validation could be skipped. if request size is smaller than sizeofstruct smb2queryinforeq, slab-out-of-bounds read ca...