5 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-45287
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but...
AZL-37310 CVE-2023-45287 affecting package golang for versions less than 1.21.6-1
Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS1 padding may leak timing...
TP-LINK Smart bulb Tapo series security vulnerability
TP-LINK Smart bulb Tapo series is a series of multi-color smart Wi-Fi bulbs from China P&L TP-LINK. A security vulnerability exists in TPLink Smart bulb Tapo series L530 v.1.0.0, Tapo Application v.2.8.14. A remote attacker could exploit the vulnerability to obtain sensitive information via the...
SUSE CVE-2012-3137
The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force...
ZyXEL ZyWALL/USG Series Device Information Disclosure Vulnerability
ZyXEL ZyWALL/USG is a network security firewall appliance from Hopkins ZyXEL Technology. A security vulnerability exists in the Internet Key Exchange IKE handshake implementation used for IPsec-based VPN connections in the ZyXEL ZyWALL/USG series devices. An attacker can exploit the vulnerability...