656 matches found
Security Bulletin: IBM Maximo Application Suite uses "bcprov-jdk18on-1.75.jar" which is vulnerable to CVE-2024-30171
Summary IBM Maximo Application Suite uses "bcprov-jdk18on-1.75.jar" which is vulnerable to CVE-2024-30171. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-30171 DESCRIPTION: The Bouncy Castle Crypto Package For Java could allow ...
Linux Distros Unpatched Vulnerability : CVE-2023-6240
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt...
Linux Distros Unpatched Vulnerability : CVE-2020-25657
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed...
Linux Distros Unpatched Vulnerability : CVE-2024-0914
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could...
Linux Distros Unpatched Vulnerability : CVE-2022-4304
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a...
Linux Distros Unpatched Vulnerability : CVE-2018-16868
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS1 v1.5 data. An attacker wh...
Azure Linux 3.0 Security Update: cloud-hypervisor / edk2 / hvloader / openssl (CVE-2022-4304)
The version of cloud-hypervisor / edk2 / hvloader / openssl installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-4304 advisory. - A timing based side channel exists in the OpenSSL RSA Decryption...
Astra Linux - уязвимость в python-cryptography
python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS1 v1.5 ciphertext...
CVE-2020-26263
tlslite-ng is an open source python library that implements SSL and TLS cryptographic protocols. In tlslite-ng before versions 0.7.6 and 0.8.0-alpha39, the code that performs decryption and padding check in RSA PKCS1 v1.5 decryption is data dependant. In particular, the code has multiple ways in...
Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues
Summary Multple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest iFixes Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker to cause high...
Security Bulletin: IBM Maximo Application Suite - MVI Component uses tar-6.2.0.tgz, Flask_Cors-3.0.10-py2.py3-none-any.whl, bcprov-jdk18on-1.72.jar which are vulnerable to CVE-2024-28863, CVE-2024-1681 and CVE-2024-30171
Summary Security Bulletin: IBM Maximo Application Suite - MVI Component uses tar-6.2.0.tgz, FlaskCors-3.0.10-py2.py3-none-any.whl, bcprov-jdk18on-1.72.jar which are vulnerable to CVE-2024-28863, CVE-2024-1681 and CVE-2024-30171 Vulnerability Details CVEID:CVE-2024-28863 DESCRIPTION: isaacs node-t...
BIT-NODE-MIN-2023-46809
Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/hkario/marvin/, if PCKS 1 v1.5 padding is allowed when performing RSA descryption using a privat...
Security Bulletin: IBM Sterling B2B Integrator is affected by multiple Bouncy Castle vulnerabilities
Summary IBM Sterling B2B Integrator is affected by multiple Bouncy Castle vulnerabilities. Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by improper input validation. By importing an EC certificate wi...
Security Bulletin: Denial of service, DNS poisoning, and information disclosure might affect IBM Storage Defender – Resiliency Service
Summary IBM Storage Defender – Resiliency Service is vulnerable and can result in denial of service, DNS poisoning, and information disclosure. The vulnerabilities have been addressed. CVE-2024-34447, CVE-2024-30172, CVE-2024-30171, CVE-2024-29857, CVE-2024-45296, CVE-2023-44487, CVE-2024-29857...
Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2024-2657)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2024-2623)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: Multiple vulnerabilities in Bouncy Castle Crypto affect IBM Robotic Process Automation.
Summary Multiple vulnerabilities in Bouncy Castle Crypto affect IBM Robotic Process Automation. IBM Robotic Process Automation uses Bouncy Catle Crypto for some cryptographic processing. This bulletin identifies the security fixes to apply to address the vulnerabilities. Vulnerability Details...
Security Bulletin: Multiple Vulnerabilities in Rational Synergy 7.2.2.6
Summary Vulnerabilities in the Java Runtime Environment JRE 8.0.8.0 and earlier component shipped with Rational Synergy may affect the security of the product. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could...
Security Bulletin: IBM Security Verify Governance has multiple vulnerabilities
Summary Multiple security vulnerabilities have been addressed in an update for IBM Security Verify Governance. Vulnerability Details CVEID:CVE-2024-30172 DESCRIPTION: The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by an infinite loop in the Ed25519...
golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey and ctx. That functi...