nss: timing attack against RSA decryption

It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the leak happens...

nss: timing attack against RSA decryption

It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the leak happens...

nss: timing attack against RSA decryption

It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the leak happens...

OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

Important: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: code injection and privilege escalation through Linux capabilities CVE-2024-21892 nodejs: reading unprocessed HTTP request with unbounded...

Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2024-1442)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6696-1: OpenJDK 8 vulnerabilities

Yi Yang discovered that the Hotspot component of OpenJDK 8 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. CVE-2024-20918 It was discovered that the Hotspot...

USN-6696-1 openjdk-8 vulnerabilities

Yi Yang discovered that the Hotspot component of OpenJDK 8 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. CVE-2024-20918 It was discovered that the Hotspot...

Ubuntu: Security Advisory (USN-6696-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated java 1.8.0, 11 & latest packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Array out-of-bounds access due to missing range check in C1 compiler. CVE-2024-20918 RSA padding issue and timing side-channel attack against TLS. CVE-2024-20952 Arbitrary Java code execution in Nashorn. CVE-2024-20926 JVM class file verifier fla...

Fedora 39 : opensc (2024-6460a03e29)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-6460a03e29 advisory. New upstream release with security fixes for CVE-2023-5992 and CVE-2024-1454 Tenable has extracted the preceding description block directly from the...

Fedora 38 : opensc (2024-b92d44f141)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-b92d44f141 advisory. New upstream release with security fixes for CVE-2023-5992 and CVE-2024-1454 Tenable has extracted the preceding description block directly from the...

Mageia: Security Advisory (MGASA-2024-0061)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6673-2 python-cryptography vulnerability

USN-6673-1 provided a security update for python-cryptography. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: Hubert Kario discovered that python-cryptography incorrectly handled errors returned by the OpenSSL API when processing incorrect padding i...

USN-6663-2 openssl update

USN-6663-1 provided a security update for OpenSSL. This update provides the corresponding update for Ubuntu 16.04 LTS. Original advisory details: As a security improvement, this update prevents OpenSSL from returning an error when detecting wrong padding in PKCS1 v1.5 RSA, to prevent its use in...

SUSE SLES15 Security Update : gnutls (SUSE-SU-2024:0860-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0860-1 advisory. - A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response time...

SUSE-SU-2024:0847-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: - CVE-2024-20952: Fixed RSA padding issue and timing side-channel attack against TLS 8317547 bsc1218911. - CVE-2024-20921: Fixed range check loop optimization issue 8314307 bsc1218905. - CVE-2024-20926: Fixed rbitrary Java code executio...

EulerOS 2.0 SP10 : gnutls (EulerOS-SA-2024-1312)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertext...

Debian dla-3757 : libnss3 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3757 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3757-1 [email protected]...