[SECURITY] Fedora 43 Update: php-phpseclib-2.0.52-1.fc43

MIT-licensed pure-PHP implementations of an arbitrary-precision integer arithmetic library, fully PKCS1 v2.1 compliant RSA, DES, 3DES, RC4, Rijndael, AES, Blowfish, Twofish, SSH-1, SSH-2, SFTP, and X.509...

SUSE-SU-2026:0434-1 Security update for gpg2

This update for gpg2 fixes the following issues: Security fixes: - CVE-2026-24882: Fixed stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys bsc1257396 - Fixed GnuPG accepting Path Separators and Path Traversals in Literal Data 'Filename' Field bsc1256389...

GNUPG security vulnerabilities

GNU Privacy Guard is a set of open-source encryption software from the GNU community in the United States, licensed under the GNU General Public License. This software supports algorithms such as public key encryption, symmetric encryption, and hashing. Versions of GnuPG prior to 2.5.17 contained...

EUVD-2019-9550

Malware in sbrugna...

EUVD-2009-1471

Malware in sbrugna...

TencentOS Server 3: nss (TSSA-2024:0009)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0009 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

TencentOS Server 2: firefox (TSSA-2024:0095)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0095 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...

TencentOS Server 3: firefox (TSSA-2024:0119)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0119 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CLSA-2025-1742723010 openssl: Fix of CVE-2024-2408

CVE-2024-2408: introduce implicit rejection mechanism for RSA PKCS1 v1.5...

Security Bulletin: Vulnerability in nss library (CVE-2023-5388) affects Power HMC.

Summary The nss library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-5388 DESCRIPTION: Red Hat Enterprise Linux could allow a remote authenticated attacker to obtain sensitive information, caused by an observable timi...

bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack)

A flaw was found in the Bouncy Castle Java cryptography APIs. Affected versions of the org.bouncycastle:bcprov-jdk18on package are vulnerable to Observable Timing Discrepancy via the PKCS1 1.5 and OAEP decryption process a.k.a. Marvin Attack. An attacker can recover cipher-texts via a side-channe...

iPerf3 before 3.17 when used with OpenSSL before 3.2.0 as a server with RSA authentication allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.

...

nss: timing attack against RSA decryption

It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the leak happens...

Debian dla-3757 : libnss3 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3757 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3757-1 [email protected]...

SUSE CVE-2023-52472

In the Linux kernel, the following vulnerability has been resolved: crypto: rsa - add a check for allocation failure Static checkers insist that the mpialloc allocation can fail so add a check to prevent a NULL dereference. Small allocations like this can't actually fail in current kernels, but...

UBUNTU-CVE-2023-52472

In the Linux kernel, the following vulnerability has been resolved: crypto: rsa - add a check for allocation failure Static checkers insist that the mpialloc allocation can fail so add a check to prevent a NULL dereference. Small allocations like this can't actually fail in current kernels, but...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : mozilla-nss (SUSE-SU-2024:0597-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0597-1 advisory. - It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether...

SUSE SLES15 Security Update : mozilla-nss (SUSE-SU-2024:0579-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0579-1 advisory. - It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA...

RHEL 8 : nss (RHSA-2024:0093)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0093 advisory. Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server...

Amazon Linux 2 : nss-softokn (ALAS-2024-2419)

The version of nss-softokn installed on the remote host is prior to 3.90.0-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2419 advisory. It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the...