Lucene search
+L

658 matches found

ibm
ibm
added 2024/10/04 9:46 a.m.35 views

Security Bulletin: IBM Security Verify Governance has multiple vulnerabilities

Summary Multiple security vulnerabilities have been addressed in an update for IBM Security Verify Governance. Vulnerability Details CVEID:CVE-2024-30172 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by an infinite loop in the Ed25519...

8.1CVSS8AI score0.01197EPSS
Exploits1Affected Software1
redhat
redhat
added 2024/09/26 6:39 p.m.7 views

golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey​ and ctx​. That functi...

7.5CVSS7.2AI score0.01533EPSS
Exploits0References9
nessus
nessus
added 2024/09/24 12:0 a.m.36 views

EulerOS 2.0 SP8 : python-cryptography (EulerOS-SA-2024-2486)

According to the versions of the python-cryptography packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS1...

5.9CVSS7AI score0.02454EPSS
Exploits0References2
openvas
openvas
added 2024/09/23 12:0 a.m.9 views

Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2024-2486)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS7.1AI score0.02454EPSS
Exploits0References2
nvd
nvd
added 2024/09/07 4:15 p.m.49 views

CVE-2023-46809

Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/hkario/marvin/, if PCKS 1 v1.5 padding is allowed when performing RSA descryption using a privat...

7.4CVSS0.01302EPSS
Exploits0References3
osv
osv
added 2024/09/07 4:15 p.m.1 views

DEBIAN-CVE-2023-46809

Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/hkario/marvin/, if PCKS 1 v1.5 padding is allowed when performing RSA descryption using a privat...

7.4CVSS6.7AI score0.01302EPSS
Exploits0References1
osv
osv
added 2024/09/07 4:15 p.m.4 views

UBUNTU-CVE-2023-46809

Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/hkario/marvin/, if PCKS 1 v1.5 padding is allowed when performing RSA descryption using a privat...

7.4CVSS6.9AI score0.01302EPSS
Exploits0References4
cvelist
cvelist
added 2024/09/07 4:3 p.m.188 views

CVE-2023-46809

Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/hkario/marvin/, if PCKS 1 v1.5 padding is allowed when performing RSA descryption using a privat...

0.01302EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/09/07 4:3 p.m.205 views

CVE-2023-46809

Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/hkario/marvin/, if PCKS 1 v1.5 padding is allowed when performing RSA descryption using a privat...

6.4AI score0.01302EPSS
Exploits0References1
nessus
nessus
added 2024/09/05 12:0 a.m.117 views

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.5.6.6)

The version of AOS installed on the remote host is prior to 6.5.6.6. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.5.6.6 advisory. - ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the stri...

8.6CVSS7.7AI score0.70561EPSS
Exploits5References8
ibm
ibm
added 2024/08/22 2:33 p.m.43 views

Security Bulletin: IBM® Db2® federated server is affected by vulnerabilities in the open source bcprov-jdk18on library (CVE-2024-30171, CVE-2024-30172, CVE-2024-29857)

Summary IBM® Db2® federated server is affected by vulnerabilities in the open source bcprov-jdk18on library. Vulnerability Details CVEID:CVE-2024-30172 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by an infinite loop in the Ed25519 verificati...

7.5CVSS7.4AI score0.011EPSS
Exploits0Affected Software1
nessus
nessus
added 2024/08/16 12:0 a.m.27 views

CBL Mariner 2.0 Security Update: iperf3 (CVE-2024-26306)

The version of iperf3 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-26306 advisory. - iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing...

5.9CVSS6.6AI score0.01098EPSS
Exploits0References2
redhat
redhat
added 2024/08/08 5:23 p.m.8 views

bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack)

A flaw was found in the Bouncy Castle Java cryptography APIs. Affected versions of the org.bouncycastle:bcprov-jdk18on package are vulnerable to Observable Timing Discrepancy via the PKCS1 1.5 and OAEP decryption process a.k.a. Marvin Attack. An attacker can recover cipher-texts via a side-channe...

5.9CVSS7.3AI score0.00901EPSS
Exploits0References5
ibm
ibm
added 2024/08/01 4:33 p.m.23 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a sensitive information exposure in Bouncy Castle Crypto Package For Java [CVE-2024-30171]

Summary Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a sensitive information exposure in Bouncy Castle Crypto Package For Java, caused by a flaw in the RSA decryption both PKCS1v1.5 and OAEP feature CVE-2024-30171. Bouncy Castle Crypto Packag...

5.9CVSS6.2AI score0.00901EPSS
Exploits0Affected Software1
ibm
ibm
added 2024/07/31 12:22 p.m.27 views

Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition for Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint

Summary CVE-2024-20918, CVE-2024-20921 and CVE-2023-33850 were disclosed in the Oracle 2024 Critical Patch Update. Vulnerability Details CVEID:CVE-2024-20918 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause high confidentialit...

7.5CVSS6.7AI score0.00911EPSS
Exploits0Affected Software1
ibm
ibm
added 2024/07/30 2:54 p.m.25 views

Security Bulletin: Timing Oracle in GSKit.

Summary A timing based side channel exists in the RSA Decryption implementation used by GSKit builds prior to 8.0.55.31. Vulnerability Details CVEID:CVE-2023-32342 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RS...

7.5CVSS7.3AI score0.00925EPSS
Exploits0Affected Software1
nessus
nessus
added 2024/07/25 12:0 a.m.29 views

SUSE SLES15: libfreebl3 / libfreebl3-32bit / libsoftokn3 / libsoftokn3-32bit / etc (SUSE-SU-2024:2600-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2600-1 advisory. - FIPS: Added more safe memset bsc1222811. - FIPS: Adjusted AES GCM restrictions bsc1222830. - FIPS: Adjusted approved ciphers bsc1222813,...

6.5CVSS6.9AI score0.00816EPSS
Exploits0References20
nessus
nessus
added 2024/07/22 12:0 a.m.16 views

EulerOS 2.0 SP8 : python-cryptography (EulerOS-SA-2024-2048)

According to the versions of the python-cryptography packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS1...

5.9CVSS7AI score0.02454EPSS
Exploits0References2
openvas
openvas
added 2024/07/22 12:0 a.m.16 views

Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2024-2048)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS7.1AI score0.02454EPSS
Exploits0References2
openvas
openvas
added 2024/07/19 12:0 a.m.17 views

Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2024-2008)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS5.9AI score0.02454EPSS
Exploits0References2
Rows per page
Query Builder