IBM Global Security Kit 安全漏洞

IBM Global Security Kit is a library and utility program for SSL or TLS communications from International Business Machines IBM. The IBM Global Security Kit suffers from a cryptographic issue vulnerability that stems from a time-based side-channel in the RSA decryption implementation, which could...

OESA-2023-1299 libtpms security update

A library providing TPM functionality for VMs. Targeted for integration into Qemu. Security Fixes: An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfull...

CVE-2023-33982

Bramble Handshake Protocol BHP in Briar before 1.5.3 is not forward secure: eavesdroppers can decrypt network traffic between two accounts if they later compromise both accounts. NOTE: the eavesdropping is typically impractical because BHP runs over an encrypted session that uses the Tor hidden...

PT-2023-24616 · Briar · Briar

Name of the Vulnerable Software and Affected Versions: Briar versions prior to 1.5.3 Description: The issue affects the Bramble Handshake Protocol BHP in Briar, allowing eavesdroppers to decrypt network traffic between two accounts if they later compromise both accounts. However, the eavesdroppin...

Oracle Linux 8 : edk2 (ELSA-2023-2932)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2932 advisory. - Resolves: bz2164531 CVE-2023-0286 edk2: openssl: X.400 address type confusion in X.509 GeneralName rhel-8 - Resolves: bz2164543 CVE-2022-4304 edk2:...

CVE-2023-27921

JINS MEME CORE Firmware version 2.2.0 and earlier uses a hard-coded cryptographic key, which may lead to data acquired by a sensor of the affected product being decrypted by a network-adjacent attacker...

Hardcoded credentials

JINS MEME CORE Firmware version 2.2.0 and earlier uses a hard-coded cryptographic key, which may lead to data acquired by a sensor of the affected product being decrypted by a network-adjacent attacker...

Mageia: Security Advisory (MGASA-2023-0067)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-27921

JINS MEME CORE Firmware version 2.2.0 and earlier uses a hard-coded cryptographic key, which may lead to data acquired by a sensor of the affected product being decrypted by a network-adjacent attacker...

Export feature adds clear text password to the directories configuration on the zip file - Import fails with "Can't decrypt data"

h3. Problem When exporting a Bamboo configuration, the resulting zip file will contain clear-text passwords on db-export/directories.xml. This introduces a security issue and a broken import with the following error: code:java 2023-05-22 15:18:52,590 INFO main SecretEncryptionServiceImpl Can't...

AlmaLinux 8 : edk2 (ALSA-2023:2932)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2932 advisory. - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a...

EulerOS 2.0 SP10 : gnutls (EulerOS-SA-2023-1953)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover...

Rockwell Automation ThinManager Encryption Issue Vulnerability

Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, Inc. It allows thin clients to be assigned to multiple remote desktop servers simultaneously. Rockwell Automation ThinManager has an encryption issue vulnerability that stems from allowing the use of...

openssl: timing attack in RSA Decryption implementation

A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages...

CentOS 8 : edk2 (CESA-2023:2932)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:2932 advisory. - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in ...

RHEL 8 : edk2 (RHSA-2023:2932)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2932 advisory. EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware f...

Oracle Linux 9 : openssl (ELSA-2023-2523)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-2523 advisory. - Fixed X.509 Name Constraints Read Buffer Overflow Resolves: CVE-2022-4203 - Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed Double free...

Oracle Linux 9 : pki-core (ELSA-2023-2293)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-2293 advisory. - Bug 2106459 - CVE-2022-2393 pki-core: Improper authentication/authorization with caServerKeygenDirUserCert profile - Bug 2107336 - CVE-2022-2414 pki-core:...

Oracle Linux 9 : edk2 (ELSA-2023-2165)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2165 advisory. - Resolves: bz2164534 CVE-2023-0286 edk2: openssl: X.400 address type confusion in X.509 GeneralName rhel-9 - Resolves: bz2164550 CVE-2022-4304 edk2:...

EulerOS 2.0 SP9 : openssl (EulerOS-SA-2023-1850)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a netwo...