SUSE SLES15: java-1_8_0-ibm / java-1_8_0-ibm-32bit / java-1_8_0-ibm-alsa / etc (SUSE-SU-2024:0619-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0619-1 advisory. Update to Java 8.0 Service Refresh 8 Fix Pack 20: bsc1219843 Security fixes: - CVE-2023-33850: Fixed information...

Mageia: Security Advisory (MGASA-2024-0049)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

LockBit Ransomware Group Resurfaces After Law Enforcement Takedown

The threat actors behind the LockBit ransomware operation have resurfaced on the dark web using new infrastructure, days after an international law enforcement exercise seized control of its servers. To that end, the notorious group has moved its data leak portal to a new .onion address on the TO...

SUSE SLES12: java-1_8_0-ibm / java-1_8_0-ibm-alsa / java-1_8_0-ibm-devel / etc (SUSE-SU-2024:0605-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0605-1 advisory. Update to Java 8.0 Service Refresh 8 Fix Pack 20: bsc1219843 Security fixes: - CVE-2023-33850: Fixed information disclosure...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-pycryptodome (SUSE-SU-2024:0601-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0601-1 advisory. - CVE-2023-52323: Fixed side-channel leakage in RSA decryption by using constant-time faster padding...

Chosen-Ciphertext Attack (KyberSlash)

pypqc vulnerable to a chosen-ciphertext attack. The vulnerability is caused by to an attacker submitting numerous ciphertexts for decryption and observing the response, potentially allowing them to recover the private key...

SUSE SLES15 Security Update : python-pycryptodome (SUSE-SU-2024:0585-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0585-1 advisory. - CVE-2023-52323: Fixed side-channel leakage in RSA decryption by using constant-time faster padding decoding for OAEP bsc1218564. Tenable h...

SUSE-SU-2024:0597-1 Security update for mozilla-nss

This update for mozilla-nss fixes the following issues: Update to NSS 3.90.2: - CVE-2023-5388: Fixed timing attack against RSA decryption in TLS bsc1216198...

SUSE-SU-2024:0585-1 Security update for python-pycryptodome

This update for python-pycryptodome fixes the following issues: - CVE-2023-52323: Fixed side-channel leakage in RSA decryption by using constant-time faster padding decoding for OAEP bsc1218564...

PT-2024-10390 · Ibm · Ibm Mq Operator +1

Name of the Vulnerable Software and Affected Versions: IBM MQ Container versions 2.0.0 through 2.0.22, 2.2.0 through 2.2.2, 2.3.0 through 2.3.3, 2.4.0 through 2.4.8, 3.0.0, 3.0.1, 3.1.0 through 3.1.3 Description: The issue is related to the use of weaker than expected cryptographic algorithms in...

Timing Side Channel Attack

NodeJS is vulnerable to Timing Side Channel Attack. The vulnerability is caused due to a defect in privateDecrypt API of the crypto library during PKCS1 v1.5 padding error handling where there is a significant timing differences in decryption for valid and invalid ciphertexts. An attackers can...

CVE-2024-26582 net: tls: fix use-after-free with partial reads and async decrypt

In the Linux kernel, the following vulnerability has been resolved: net: tls: fix use-after-free with partial reads and async decrypt tlsdecryptsg doesn't take a reference on the pages from clearskb, so the putpage in tlsdecryptdone releases them, and we trigger a use-after-free in processrxlist...

CVE-2024-26582

In the Linux kernel, the following vulnerability has been resolved: net: tls: fix use-after-free with partial reads and async decrypt tlsdecryptsg doesn't take a reference on the pages from clearskb, so the putpage in tlsdecryptdone releases them, and we trigger a use-after-free in processrxlist...

SUSE-SU-2024:0579-1 Security update for mozilla-nss

This update for mozilla-nss fixes the following issues: Update to NSS 3.90.2: - CVE-2023-5388: Fixed timing attack against RSA decryption in TLS bsc1216198...

SUSE-SU-2024:0578-1 Security update for mozilla-nss

This update for mozilla-nss fixes the following issues: Update to NSS 3.90.2: - CVE-2023-5388: Fixed timing attack against RSA decryption in TLS bsc1216198...

SUSE SLES15 / openSUSE 15 Security Update : python-pycryptodomex (SUSE-SU-2024:0557-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:0557-1 advisory. - CVE-2023-52323: Fixed a side-channel in the OAEP decryption, exploitable by a Manger attack bsc1218564. Tenable has extracted the...

LockBit Ransomware Operation Shut Down; Criminals Arrested; Decryption Keys Released

The U.K. National Crime Agency NCA on Tuesday confirmed that it obtained LockBit's source code as well as a wealth of intelligence pertaining to its activities and their affiliates as part of a dedicated task force called Operation Cronos. "Some of the data on LockBit's systems belonged to victim...

CVE-2022-48625

Yealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key pair, and thus there is a risk of decryption by an adversary...

CVE-2022-48625

Yealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key pair, and thus there is a risk of decryption by an adversary...

Design/Logic Flaw

Yealink Config Encrypt Tool add RSA before 1.2 has a built-in RSA key pair, and thus there is a risk of decryption by an adversary...