Lucene search
K

24 matches found

Tenable Nessus
Tenable Nessus
added 2024/07/03 12:0 a.m.14 views

CBL Mariner 2.0 Security Update: cloud-hypervisor / edk2 / hvloader / openssl (CVE-2022-4304)

The version of cloud-hypervisor / edk2 / hvloader / openssl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-4304 advisory. - A timing based side channel exists in the OpenSSL RSA Decryption...

5.9CVSS7.8AI score0.16195EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/12/19 12:0 a.m.33 views

Siemens SIMATIC and SCALANCE Products Encryption Strength (CVE-2022-4304)

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages fo...

5.9CVSS7.8AI score0.16195EPSS
Exploits0References48
Hacker One
Hacker One
added 2023/12/02 11:45 p.m.556 views

Internet Bug Bounty: OpenSSL vulnerable to the Marvin Attack (CVE-2022-4304)

A timing side channel vulnerability in OpenSSL RSA decryption was discovered that could allow plaintext recovery. By measuring decryption time, an attacker could recover RSA plaintext from captured ciphertexts after a large number of decryption attempts. All RSA padding modes were affected. The...

5.9CVSS7AI score0.16195EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/08/31 12:0 a.m.29 views

FreeBSD : FreeBSD -- Multiple vulnerabilities in OpenSSL (c8eb4c40-47bd-11ee-8e38-002590c1f29c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the c8eb4c40-47bd-11ee-8e38-002590c1f29c advisory. - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could ...

7.5CVSS7.9AI score0.59501EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/07/04 12:0 a.m.31 views

EulerOS 2.0 SP11 : openssl (EulerOS-SA-2023-2275)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a netwo...

7.5CVSS7.9AI score0.59501EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/06/25 12:0 a.m.31 views

SUSE SLES12: libopenssl-1_1-devel / libopenssl-1_1-devel-32bit / libopenssl1_1 / etc (SUSE-SU-2023:2623-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2623-1 advisory. - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause...

5.9CVSS7.1AI score0.16195EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/06/07 12:0 a.m.25 views

EulerOS Virtualization 2.11.1 : openssl (EulerOS-SA-2023-2075)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext...

7.5CVSS7.8AI score0.59501EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/06/02 12:0 a.m.35 views

EulerOS Virtualization 2.9.1 : openssl (EulerOS-SA-2023-2001)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext...

7.5CVSS7.6AI score0.59501EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/05/20 12:0 a.m.53 views

AlmaLinux 8 : edk2 (ALSA-2023:2932)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2932 advisory. - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a...

7.5CVSS7.9AI score0.59501EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/05/18 12:0 a.m.45 views

EulerOS 2.0 SP10 : openssl (EulerOS-SA-2023-1960)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a netwo...

7.5CVSS7.9AI score0.59501EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/05/16 12:0 a.m.50 views

CentOS 8 : edk2 (CESA-2023:2932)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:2932 advisory. - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in ...

7.5CVSS7.9AI score0.59501EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/05/14 12:0 a.m.47 views

AlmaLinux 9 : edk2 (ALSA-2023:2165)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2165 advisory. - Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize. CVE-2021-38578 - A timing based side channel exists in t...

9.8CVSS7.9AI score0.59501EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/03/28 12:0 a.m.42 views

Rocky Linux 8 : openssl (RLSA-2023:1405)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:1405 advisory. - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a...

7.5CVSS7.9AI score0.59501EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2023/03/01 12:0 a.m.37 views

SUSE SLES12 Security Update : compat-openssl098 (SUSE-SU-2023:0581-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0581-1 advisory. - CVE-2022-4304: Fixed timing Oracle in RSA Decryption bsc1207534. Tenable has extracted the preceding description block directly from the...

5.9CVSS7.1AI score0.16195EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/02/22 12:0 a.m.62 views

Fedora 36 : openssl (2023-a5564c0a3f)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-a5564c0a3f advisory. Rebase to upstream version 3.0.8 Resolves: CVE-2022-4203 Resolves: CVE-2022-4304 Resolves: CVE-2022-4450 Resolves: CVE-2023-0215 Resolves:...

7.5CVSS7.4AI score0.59501EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2023/02/11 12:0 a.m.59 views

Fedora 37 : openssl (2023-57f33242bc)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-57f33242bc advisory. Rebase to upstream version 3.0.8 Resolves: CVE-2022-4203 Resolves: CVE-2022-4304 Resolves: CVE-2022-4450 Resolves: CVE-2023-0215 Resolves:...

7.5CVSS7.4AI score0.59501EPSS
Exploits0References9
OSV
OSV
added 2023/02/08 8:15 p.m.29 views

CVE-2022-4304

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages fo...

5.9CVSS6.8AI score
Exploits0References3
Cvelist
Cvelist
added 2023/02/08 7:4 p.m.29 views

CVE-2022-4304 Timing Oracle in RSA Decryption

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages fo...

6.7AI score0.16195EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/02/08 12:0 a.m.99 views

Amazon Linux AMI : openssl (ALAS-2023-1683)

The version of openssl installed on the remote host is prior to 1.0.2k-16.162. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1683 advisory. A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover...

7.5CVSS7.8AI score0.59501EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2023/02/07 5:27 p.m.104 views

CVE-2022-4304

A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages...

5.9CVSS6.4AI score0.16195EPSS
Exploits0References4
Rows per page
Query Builder