[SECURITY] [DSA 5349-1] gnutls28 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5349-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 14, 2023 https://www.debian.org/security/faq -...

CVE-2022-43460

Driver Distributor v2.2.3.1 and earlier contains a vulnerability where passwords are stored in a recoverable format. If an attacker obtains a configuration file of Driver Distributor, the encrypted administrator's credentials may be decrypted...

FreeBSD : GnuTLS -- timing sidechannel in RSA decryption (0a7a5dfb-aba4-11ed-be2c-001cc0382b2f)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0a7a5dfb-aba4-11ed-be2c-001cc0382b2f advisory. - A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. Thi...

Fedora 37 : openssl (2023-57f33242bc)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-57f33242bc advisory. Rebase to upstream version 3.0.8 Resolves: CVE-2022-4203 Resolves: CVE-2022-4304 Resolves: CVE-2022-4450 Resolves: CVE-2023-0215 Resolves:...

GnuTLS 安全漏洞

GnuTLS is a free secure communications library for implementing the SSL, TLS and DTLS protocols. GnuTLS suffers from a security vulnerability that originates from the ability to recover keys encrypted with RSA ciphertext over a network. An attacker exploiting this vulnerability could decrypt...

GnuTLS -- timing sidechannel in RSA decryption

The GnuTLS project reports: A vulnerability was found that the response times to malformed RSA ciphertexts in ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding. Only TLS ciphertext processing is affected...

CVE-2023-21443

Improper cryptographic implementation in Samsung Flow for Android prior to version 4.9.04 allows adjacent attackers to decrypt encrypted messages or inject commands...

CVE-2023-21444

Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0 allows adjacent attackers to decrypt encrypted messages or inject commands...

Command injection

Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0 allows adjacent attackers to decrypt encrypted messages or inject commands...

Command injection

Improper cryptographic implementation in Samsung Flow for Android prior to version 4.9.04 allows adjacent attackers to decrypt encrypted messages or inject commands...

Linux Variant of Cl0p Ransomware Discovered with Flawed Encryption Algorithm

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new variant of the Cl0p ransomware for Linux has been discovered. The executable file in ELF format has a flawed encryption algorithm, which allows for the decryption of the locked files without...

CVE-2023-21443

CVE-2023-21443 affects Samsung Flow for Android prior to version 4.9.04, due to an improper cryptographic implementation. This vulnerability enables adjacent attackers to decrypt encrypted messages or inject commands. The publicly available sources identify the affected version range and provide ...

CVE-2023-21443

Improper cryptographic implementation in Samsung Flow for Android prior to version 4.9.04 allows adjacent attackers to decrypt encrypted messages or inject commands...

SAMSUNG Flow 加密问题漏洞

SAMSUNG Flow is a software product from Samsung South Korea. It is used to enable a seamless, secure, and connected experience on devices. A security vulnerability exists in Samsung Flow for PC version 4.9.14.0. An attacker exploiting the vulnerability could decrypt encrypted messages...

CVE-2023-21444

Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0 allows adjacent attackers to decrypt encrypted messages or inject commands...

CVE-2023-21444

Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0 allows adjacent attackers to decrypt encrypted messages or inject commands...

PT-2023-33037 · Openssl · Openssl

Name of the Vulnerable Software and Affected Versions: OpenSSL versions prior to 1.1.0 Description: A timing-based side channel issue exists in the OpenSSL RSA decryption implementation, potentially allowing the recovery of plaintext from across the network. This issue affects all RSA padding...

GHSA-P52G-CM5J-MJV4 openssl-src subject to Timing Oracle in RSA Decryption

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages fo...

openssl-src subject to Timing Oracle in RSA Decryption

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages fo...

CVE-2022-4304

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages fo...