22 matches found
Medium: opensc
Issue Overview: A vulnerability was found in OpenSC where PKCS1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data. CVE-2023-5992 Affected Packages: opensc Note: This advisory is applicable to Amazon Linux 2 AL2 Cor...
SUSE SLES12 Security Update : opensc (SUSE-SU-2024:1625-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1625-1 advisory. - CVE-2023-5992: Fixed a side-channel leaks while stripping encryption PKCS1 padding bsc1219386 Tenable has extracted the preceding...
Fedora 40 : opensc (2024-3dbc3e8105)
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-3dbc3e8105 advisory. New upstream release with security fixes for CVE-2023-5992 and CVE-2024-1454 Tenable has extracted the preceding description block directly from the...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : opensc (SUSE-SU-2024:1402-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1402-1 advisory. - CVE-2023-5992: Fixed side-channel leaks while stripping encryption PKCS1 padding bsc1219386 Tenable has...
Fedora 38 : opensc (2024-b92d44f141)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-b92d44f141 advisory. New upstream release with security fixes for CVE-2023-5992 and CVE-2024-1454 Tenable has extracted the preceding description block directly from the...
Fedora 39 : opensc (2024-6460a03e29)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-6460a03e29 advisory. New upstream release with security fixes for CVE-2023-5992 and CVE-2024-1454 Tenable has extracted the preceding description block directly from the...
AlmaLinux 8 : opensc (ALSA-2024:0967)
The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2024:0967 advisory. - A vulnerability was found in OpenSC where PKCS1 encryption padding removal is not implemented as side- channel resistant. This issue may result in the potential...
Oracle Linux 8 : opensc (ELSA-2024-0967)
The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-0967 advisory. 0.20.0-8 - Fix CVE-2023-5992: Side-channel leaks while stripping encryption PKCS1.5 padding Tenable has extracted the preceding description block directly from...
RHEL 9 : opensc (RHSA-2024:0966)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:0966 advisory. The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operation...
CVE-2023-5992
A vulnerability was found in OpenSC where PKCS1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data...
CVE-2023-5992 Opensc: side-channel leaks while stripping encryption pkcs#1 padding
A vulnerability was found in OpenSC where PKCS1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data...
CVE-2023-5992
A vulnerability was found in OpenSC where PKCS1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data...
CVE-2023-5992
A vulnerability was found in OpenSC where PKCS1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data...
SUSE SLES11 Security Update : openssl1 (SUSE-SU-2019:14171-1)
The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2019:14171-1 advisory. - Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases,...
SUSE SLES11 Security Update : openssl (SUSE-SU-2019:14174-1)
The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2019:14174-1 advisory. - Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases,...
Important: openssl
Issue Overview: Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters instead of using a named curve. In those cases it is possible that such a grou...
EulerOS Virtualization 3.0.2.2 : openssl (EulerOS-SA-2020-1274)
According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker,...
EulerOS 2.0 SP5 : openssl110h (EulerOS-SA-2019-2218)
According to the versions of the openssl110h packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in th...
EulerOS 2.0 SP3 : openssl (EulerOS-SA-2019-2264)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it...
CVE-2019-1547
Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters instead of using a named curve. In those cases it is possible that such a group does not have...