EulerOS 2.0 SP11 : openssl (EulerOS-SA-2023-2275)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a netwo...

Fluhorse: Flutter-Based Android Malware Targets Credit Cards and 2FA Codes

Cybersecurity researchers have shared the inner workings of an Android malware family called Fluhorse. The malware "represents a significant shift as it incorporates the malicious components directly within the Flutter code," Fortinet FortiGuard Labs researcher Axelle Apvrille said in a report...

Security Bulletin: IBM MQ is vulnerable to an issue in IBM GSKit (CVE-2023-32342)

Summary Vulnerabilities in GSKit affect IBM MQ. IBM MQ has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-32342 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By...

SUSE SLED15: libopenssl-1_1-devel / libopenssl-1_1-devel-32bit / libopenssl1_1 / etc (SUSE-SU-2023:2648-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2648-1 advisory. - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timi...

Security Bulletin: IBM i Access Client Solutions - Windows Application Package is vulnerable to a timing issue with RSA Decryption in GSKit builds prior to 8.0.55.31 (CVE-2023-32342)

Summary IBM GSKit is used by IBM i Access Client Solutions - Windows Application Package when making TLS connections to an IBM i partition. If an RSA cipher is used, IBM GSKit could allow a remote attacker to obtain sensitive information. Vulnerability Details CVEID:CVE-2023-32342 DESCRIPTION: IB...

CVE-2023-26276

IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 248147...

CVE-2023-26276

IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 248147...

zip4j: does not always check the MAC when decrypting a ZIP archive

A flaw was found in Zip4j. In this issue, it does not always check the MAC when decrypting a ZIP archive...

Hitachi Energy GMS600

SUMMARY Hitachi Energy is aware of the vulnerability, CVE-2022-4304 in the OSS component OpenSSL, that affects the GMS600 versions that are listed below. An attacker successfully exploiting this vulnerability could send trial messages to the server and record the time taken to process them...

SUSE-SU-2023:2633-1 Security update for openssl-1_0_0

This update for openssl-100 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case bsc1207534...

SUSE SLES12: libopenssl-1_0_0-devel / libopenssl-1_0_0-devel-32bit / etc (SUSE-SU-2023:2624-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2624-1 advisory. - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause...

SUSE: Security Advisory (SUSE-SU-2023:2622-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15: libopenssl-3-devel / libopenssl-3-devel-32bit / libopenssl3 / etc (SUSE-SU-2023:2620-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2620-1 advisory. - CVE-2023-1255: Fixed input buffer over-read in AES-XTS implementation on 64 bit ARM bsc1210714...

SUSE SLES12: libopenssl-1_1-devel / libopenssl-1_1-devel-32bit / libopenssl1_1 / etc (SUSE-SU-2023:2623-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2623-1 advisory. - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause...

SUSE SLES15: libopenssl-1_1-devel / libopenssl-1_1-devel-32bit / libopenssl1_1 / etc (SUSE-SU-2023:2622-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2622-1 advisory. - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause...

Security Bulletin: IBM Communications Server for AIX is vulnerable to Timing Oracle in RSA Decryption in GSKit builds prior to 8.0.55.31 ( CVE-2023-32342 )

Summary IBM GSKit is used by IBM Communications Server for AIX as part of the TN3270 Server and TN Redirector features. CVE-2023-32342. Vulnerability Details CVEID:CVE-2023-32342 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side...

Security Bulletin: IBM Communications Server for Linux & CS for Linux on System z is vulnerable to Timing Oracle in RSA Decryption in GSKit builds prior to 8.0.55.31 ( CVE-2023-32342 )

Summary IBM GSKit is used by IBM Communications Server for Linux & CS for Linux on System z as part of the TN3270 Server and TN Redirector features. CVE-2023-32342. Vulnerability Details CVEID:CVE-2023-32342 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information,...

WordPress Abandoned Cart Lite For WooCommerce 5.14.2 Authentication Bypass

Entering the URL in browser will give you access to the respective users account. If the wordpress admin user himself...

Killer - Is A Tool Created To Evade AVs And EDRs Or Security Tools

It's a AV/EDR Evasion tool created to bypass security tools for learning, until now the tool is FUD. Features: Module Stomping for Memory scanning evasion DLL Unhooking by fresh ntdll copy IAT Hiding and Obfuscation & API Unhooking ETW Patchnig for bypassing some security controls Included sandbo...

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to remote sensitive information exposure due to IBM GSKit (CVE-2023-32342)

Summary There is a vulnerability in IBM GSKit used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-32342 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain...