Security Bulletin: CVE-2023-32342 may affect GSKit shipped with IBM CICS TX Standard

Summary CVE-2023-32342 may affect GSKit shipped with IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-32342 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel ...

CVE-2021-38933

IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210574...

CVE-2023-35763

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a cryptographic vulnerability that could allow an unauthenticated user to decrypt encrypted passwords into plaintext...

openssl: timing attack in RSA Decryption implementation

A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages...

Important: Red Hat Security Advisory: edk2 security update

An update for edk2 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

CVE-2023-37464

A vulnerability was found in cjose. The cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the tag length from the actual Authentication Tag provided in the JSON Web Encryption JWE. A fixed length of 16 octets must ...

RHEL 8 : edk2 (RHSA-2023:4128)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4128 advisory. EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware f...

OESA-2023-1431 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbach...

OESA-2023-1428 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbach...

OESA-2023-1429 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbach...

OESA-2023-1430 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbach...

CVE-2023-37464

OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug...

UBUNTU-CVE-2023-37464

OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug...

CVE-2023-37464 Incorrect Authentication Tag length usage in AES GCM decryption in OpenIDC/cjose

OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug...

CVE-2023-37464

OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug...

cjose 加密问题漏洞

Cisco cjose is a C library from Cisco that implements Javascript Object Signing and Encryption JOSE. A cryptographic issue vulnerability exists in cjose that stems from the AES GCM decryption routines incorrectly using the length of the tag in the actual authentication tag provided in JWE...

Security Bulletin: A vulnerability in IBM GSKit affects IBM Storage Protect Client, IBM Storage Protect for Virtual Environments, and IBM Storage Protect for Space Management (CVE-2023-32342)

Summary IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments Data Protection for Hyper-V and Data Protection for VMware, and IBM Storage Protect for Space Management can be affected by a vulnerability in IBM GSKit. The vulnerability can lead to disclosure of...

Blacklist3r - Accumulate Secret Keys / Secret Materials Related To Various Web Frameworks

The goal of this project is to accumulate the secret keys / secret materials related to various web frameworks, that are publicly available and potentially used by developers. These secrets will be utilized by the Blacklist3r tools to audit the target application and verify the usage of these...

Security Bulletin: Timing side-channel in IBM DataPower Gateway (CVE-2023-32342)

Summary A timing side-channel is present in IBM GSKit. This potentially affects the following IBM DataPower Gateway services: ISAM/TAM, MQ and JMS Vulnerability Details CVEID:CVE-2023-32342 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a...

EulerOS 2.0 SP11 : openssl (EulerOS-SA-2023-2299)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a netwo...