2928 matches found
Important: java-21-openjdk security update
The java-21-openjdk packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fixes: OpenJDK: array out-of-bounds access due to missing range check in C1 compiler 8314468 CVE-2024-20918 OpenJDK: RSA padding issue and timing side-channel...
Important: java-17-openjdk security and bug fix update
The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: OpenJDK: array out-of-bounds access due to missing range check in C1 compiler 8314468 CVE-2024-20918 OpenJDK: incorrect handling of ZIP files with duplica...
DEBIAN-CVE-2024-0553
A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange,...
PT-2024-1281
Name of the Vulnerable Software and Affected Versions GnuTLS affected versions not specified Description The issue is related to a difference in response time when handling RSA ciphertext in ClientKeyExchange messages with correct and incorrect PKCS1 padding. This could allow a remote attacker to...
OESA-2024-1053 python-pycryptodomex security update
PyCryptodome is a self-contained Python package of low-level cryptographic primitives. Security Fixes: PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.CVE-2023-52323...
Oracle Linux 8 : gnutls (ELSA-2024-0155)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-0155 advisory. 3.6.16-8 - timing side-channel in the RSA-PSK authentication CVE-2023-5981 Tenable has extracted the preceding description block directly from the Oracle Linux...
gnutls: timing side-channel in the RSA-PSK authentication
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding...
nss: timing attack against RSA decryption
It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the leak happens...
nss: timing attack against RSA decryption
It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the leak happens...
nss: timing attack against RSA decryption
It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the leak happens...
nss: timing attack against RSA decryption
It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the leak happens...
CentOS 8 : gnutls (CESA-2024:0155)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2024:0155 advisory. - A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct...
nss: timing attack against RSA decryption
It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the leak happens...
DTLS: Deprecated DTLSv1.0 Detection
It was possible to detect the usage of the deprecated DTLSv1.0 protocol on this system. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Medium: gnutls
Issue Overview: A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding. Only TLS ciphertext processing is affected. CVE-2023-5981 Affected Packages: gnutls Issue Correction:...
Ubuntu 18.04 ESM : GnuTLS vulnerability (USN-6499-2)
The remote Ubuntu 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6499-2 advisory. USN-6499-1 fixed vulnerabilities in GnuTLS. This update provides the corresponding update for Ubuntu 18.04 LTS. Tenable has extracted the preceding description...
SUSE CVE-2023-52323
PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack...
PYSEC-2024-3
PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack...
SUSE SLES15 Security Update : gnutls (SUSE-SU-2023:4952-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4952-1 advisory. - A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be...
CVE-2023-41097
An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0...