K42944216: Erlang vulnerability CVE-2017-1000385

Security Advisory Description The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS 1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key this is a variation of the Bleichenbacher attack...

K32553170: OpenSSL vulnerability CVE-2022-3358

Security Advisory Description OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom...

K17452: OpenSSH vulnerabilities CVE-2001-0361, CVE-2001-0572, CVE-2004-2069, CVE-2006-0225, and CVE-2006-0883

Security Advisory Description CVE-2001-0361 Implementations of SSH version 1.5, including 1 OpenSSH up to version 2.3.0, 2 AppGate, and 3 ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS1 version...

OESA-2023-1107 openssl security update

Security Fixes: The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a...

Debian dla-3325 : libssl-dev - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3325 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3325-1 [email protected]...

Debian: Security Advisory (DLA-3321-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3321-1] gnutls28 security update

Debian LTS Advisory DLA-3321-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany February 18, 2023 https://wiki.debian.org/LTS Package : gnutls28 Version : 3.6.7-4+deb10u10 CVE ID : CVE-2023-0361 Hubert Kario discovered a timing side channel in the RSA decryption...

Security Bulletin: Multiple vulnerabilities in Java affect the IBM FlashSystem 840 (CVEs 2015-0204, 2015-0488, and 2015-1916)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition version that is used by the IBM FlashSystem 840. These issues were disclosed as part of the IBM SDK, Java Technology Edition Quarterly CPU - April 2015. A man-in-the-middle exploit of one of these vulnerabilities could...

Debian dla-3321 : gnutls-bin - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3321 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3321-1 [email protected] https://www.debian.org/lts/security/...

OESA-2023-1092 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL...

CVE-2022-29054

A missing cryptographic steps vulnerability CWE-325 in the functions that encrypt the DHCP and DNS keys in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.9, 6.2.x and 6.0.x may allow an attacker in possession of the encrypted key to decipher it...

Design/Logic Flaw

Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an attacker to decrypt and forge protocol communication messages...

Fortinet FortiSwitch和FortiWeb数据伪造问题漏洞

Fortinet FortiWeb and FortiSwitch are both products of Fortinet, a Web application layer firewall that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc., ensures the security of Web applications and protects sensitive database content. FortiSwitc...

FreeBSD -- Multiple vulnerabilities in OpenSSL

Problem Description: X.400 address type confusion in X.509 GeneralName CVE-2023-0286 There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrect...

Fedora 37 : edk2 (2023-e1ffb79ddf)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-e1ffb79ddf advisory. update openssl CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304. ---- cherry-pick aarch64 bugfixes, set firmware build release date, add...

CVE-2023-0361

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to...

ALPINE-CVE-2023-0361

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to...

UBUNTU-CVE-2023-0361

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to...

CVE-2023-0361

A timing side-channel vulnerability was found in RSA ClientKeyExchange messages in GnuTLS. This side-channel may be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, the attacker would need to send ...

SUSE CVE-2005-3256

The key selection dialogue in Enigmail before 0.92.1 can incorrectly select a key with a user ID that does not have additional information, which allows parties with that key to decrypt the message...