CVE-2023-5388

NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager (CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition used by IBM Tivoli System Automation Application Manager. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker t...

Mozilla Firefox ESR < 115.9

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-13 advisory. - Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs...

RHEL 8 : opencryptoki (RHSA-2024:1411)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1411 advisory. The opencryptoki packages contain version 2.11 of the PKCS11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These...

Security Vulnerabilities fixed in Firefox 124 — Mozilla

An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. Passing invalid data could have led to invalid wasm values being created, such as...

Security Vulnerabilities fixed in Firefox ESR 115.9 — Mozilla

An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. Note: This issue only affected Windows operating systems. Other operating system...

CVE-2024-28864

SecureProps is a PHP library designed to simplify the encryption and decryption of property data in objects. A vulnerability in SecureProps version 1.2.0 and 1.2.1 involves a regex failing to detect tags during decryption of encrypted data. This occurs when the encrypted data has been encoded wit...

CVE-2024-28864

CVE-2024-28864 affects the PHP library SecureProps (versions 1.2.0 and 1.2.1). The issue arises when encrypted data is encoded with NullEncoder and fed into TagAwareCipher ; a regex fails to detect tags (especially with special characters such as “\n”), causing the decryption to be skipped and th...

CVE-2024-28864 [TagAwareCipher] - Decryption Failure (Regex Match)

SecureProps is a PHP library designed to simplify the encryption and decryption of property data in objects. A vulnerability in SecureProps version 1.2.0 and 1.2.1 involves a regex failing to detect tags during decryption of encrypted data. This occurs when the encrypted data has been encoded wit...

CVE-2024-28864 [TagAwareCipher] - Decryption Failure (Regex Match)

SecureProps is a PHP library designed to simplify the encryption and decryption of property data in objects. A vulnerability in SecureProps version 1.2.0 and 1.2.1 involves a regex failing to detect tags during decryption of encrypted data. This occurs when the encrypted data has been encoded wit...

CVE-2024-28864 [TagAwareCipher] - Decryption Failure (Regex Match)

SecureProps is a PHP library designed to simplify the encryption and decryption of property data in objects. A vulnerability in SecureProps version 1.2.0 and 1.2.1 involves a regex failing to detect tags during decryption of encrypted data. This occurs when the encrypted data has been encoded wit...

[TagAwareCipher] - Decryption Failure (Regex Match)

Impact Vulnerability in SecureProps involves a regex failing to detect tags during decryption of encrypted data. This occurs when the encrypted data has been encoded with NullEncoder and passed to TagAwareCipher, and contains special characters such as \n. As a result, the decryption process is...

GHSA-RJ29-J2G4-77Q8 [TagAwareCipher] - Decryption Failure (Regex Match)

Impact Vulnerability in SecureProps involves a regex failing to detect tags during decryption of encrypted data. This occurs when the encrypted data has been encoded with NullEncoder and passed to TagAwareCipher, and contains special characters such as \n. As a result, the decryption process is...

PT-2024-22613

Name of the Vulnerable Software and Affected Versions SecureProps versions 1.2.0 through 1.2.1 Description A vulnerability in SecureProps involves a regex failing to detect tags during decryption of encrypted data. This occurs when the encrypted data has been encoded with NullEncoder and passed t...

Timing Side-Channel Attack

Firefox is vulnerable to Timing Side-Channel Attack. The vulnerability is caused due to the improper handling of timing during decryption, potentially enabling attackers to recover private data...

Security Bulletin: IBM Rational® Application Developer for WebSphere® Software is vulnerable to a remote attack to obtain sensitive information due to an algorithm decryption implementation

Summary IBM® SDK, Java™ Technology Edition, is used by IBM Rational® Application Developer for WebSphere® Software as the runtime and development kit. CVE-2023-33850 Vulnerability Details CVEID:CVE-2023-33850 DESCRIPTION: IBM GSKit-Crypto could allow a remote attacker to obtain sensitive...

Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to multiple issues due to IBM Runtime Environment Java Technology Edition

Summary IBM Sterling Connect:Direct File Agent uses IBM Runtime Environment Java Technology Edition, Version 7 and 8. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related ...

EulerOS 2.0 SP11 : python-pycryptodome (EulerOS-SA-2024-1248)

According to the versions of the python-pycryptodome package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack...

Huawei EulerOS: Security Advisory for python-pycryptodome (EulerOS-SA-2024-1248)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP11 : python-pycryptodome (EulerOS-SA-2024-1226)

According to the versions of the python-pycryptodome package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack...