Moderate: opencryptoki security update

The opencryptoki packages contain version 2.11 of the PKCS11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These packages includes support for the IBM 4758 Cryptographic CoProcessor with the PKCS11 firmware loaded, the IBM eServer Cryptographic Accelerator FC 4960 ...

CVE-2023-32691

CVE-2023-32691 affects gost (GO Simple Tunnel) written in Go. The root cause is untrusted input from an HTTP header being compared directly to a secret (not using constant-time comparison), enabling a side-channel timing attack to guess secrets. The common remediation is to switch to constant-tim...

Nuvoton TPM 2.0 ECDSA Vulnerability - Lenovo Support US

No description provided...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-1326)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-16863

STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL...

Code injection

STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL...

CVE-2019-16863

STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL...

CVE-2019-16863

CVE-2019-16863 affects STMicroelectronics ST33TPHF2ESPI TPM devices. The vulnerability stems from a side-channel timing flaw in ECDSA scalar multiplication, allowing an attacker to extract parts of the ECDSA private key. Impact is limited to affected TPM firmware prior to 2019-09-12; exploitation...

Oracle Tuxedo Multiple Vulnerabilities (Apr 2019 CPU)

The version of Oracle Tuxedo installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities: - An information disclosure vulnerability exists in OpenSSL due to the potential for a side-channel timing attack. An unauthenticated attacker can exploit...

Oracle Enterprise Manager Cloud Control (Apr 2019 CPU)

The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - Networking component of Enterprise Manager Base Platform Spring Framework is easily exploited and may allow an...

OpenSSL 1.0.2 < 1.0.2q Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.2q. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.2q advisory. - Simultaneous Multi-threading SMT in processors can enable local users to exploit software vulnerable to timing attacks via a...

CVE-2018-5407

Simultaneous Multi-threading SMT in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'...

CVE-2018-5407

CVE-2018-5407 is a PortSmash timing-side channel vulnerability in SMT/Hyper-Threading affecting OpenSSL. Local attackers could exploit a timing leakage during cryptographic operations to gain information. Documented in multiple advisories (e.g., ALAS/ALAS2 for OpenSSL) with remediation stating to...

CVE-2018-5407

Simultaneous Multi-threading SMT in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'...

CVE-2018-5407

Simultaneous Multi-threading SMT in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'...

WordPress < 4.2.4 Multiple Vulnerabilities

Binary data 9031.prm...

CVE-2014-0852

The CVE affects IBM WebSphere DataPower SOA Appliances. Affected versions include 4.0.2.15, 5.x up to 5.0.0.17, 6.0.0.x up to 6.0.0.9, and 6.0.1.x up to 6.0.1.5. Root cause: a SSL/TLS side-channel timing vulnerability that can reveal the PreMasterSecret when an attacker on the same LAN sends mill...

Moderate: Red Hat Security Advisory: openstack-nova security and bug fix update

Updated openstack-nova packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common...

Important: Red Hat Security Advisory: Fuse ESB Enterprise 7.1.0 update

Fuse ESB Enterprise 7.1.0 Patch 3, which fixes three security issues and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give...