Lucene search
K

80 matches found

OpenVAS
OpenVAS
added 2023/04/12 12:0 a.m.27 views

Mageia: Security Advisory (MGASA-2023-0130)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.59501EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2023/04/04 12:0 a.m.55 views

RHEL 8 : gnutls (RHSA-2023:1569)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1569 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS...

7.4CVSS7.2AI score0.01403EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2023/03/21 12:0 a.m.44 views

Amazon Linux 2023 : openssl, openssl-devel, openssl-libs (ALAS2023-2023-101)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-101 advisory. A flaw was found in Open SSL. A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain...

7.5CVSS7.5AI score0.59501EPSS
Exploits0References18
Tenable Nessus
Tenable Nessus
added 2023/03/13 12:0 a.m.32 views

AlmaLinux 9 : gnutls (ALSA-2023:1141)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:1141 advisory. - A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypte...

7.4CVSS7AI score0.01403EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/03/09 12:0 a.m.42 views

RHEL 9 : gnutls (RHSA-2023:1141)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1141 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS...

7.4CVSS7.2AI score0.01403EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2023/03/08 12:0 a.m.17 views

Oracle Linux 9 : gnutls (ELSA-2023-1141)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-1141 advisory. 3.7.6-18 - Update gnutls-3.7.8-fips-pct-dh.patch to the upstream version 2168610 3.7.6-17 - Fix timing side-channel in TLS RSA key exchange 2162600 3.7.6-16 -...

7.4CVSS7AI score0.01403EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/02/28 12:0 a.m.23 views

Fedora 37 : gnutls / guile-gnutls (2023-1c4a6a47ae)

The remote Fedora 37 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-1c4a6a47ae advisory. Release of gnutls 3.8.0 fixes CVE-2023-0361 Release of gnutls guile bingings as standalone package. Tenable has extracted the preceding description block...

7.4CVSS7AI score0.01403EPSS
Exploits1References2
F5 Networks
F5 Networks
added 2023/02/21 7:38 p.m.35 views

K07051153: TMUI vulnerability CVE-2020-5905

Security Advisory Description In the BIG-IP Configuration utility Network WCCP page, the system does not sanitize all user-provided data before displaying the page. CVE-2020-5905 Impact Authenticated administrative users with access to this page in the Configuration utility may inject code onto t...

6CVSS5.1AI score0.00681EPSS
Exploits0Affected Software11
Tenable Nessus
Tenable Nessus
added 2023/02/18 12:0 a.m.28 views

Debian dla-3321 : gnutls-bin - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3321 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3321-1 [email protected] https://www.debian.org/lts/security/...

7.4CVSS6.9AI score0.01403EPSS
Exploits1References4
NVD
NVD
added 2023/02/15 6:15 p.m.24 views

CVE-2023-0361

A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to...

7.4CVSS8.1AI score0.01403EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2023/02/13 12:0 a.m.16 views

FreeBSD : GnuTLS -- timing sidechannel in RSA decryption (0a7a5dfb-aba4-11ed-be2c-001cc0382b2f)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0a7a5dfb-aba4-11ed-be2c-001cc0382b2f advisory. - A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. Thi...

7.4CVSS7AI score0.01403EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2023/02/10 12:0 a.m.14 views

Slackware Linux 15.0 / current gnutls Vulnerability (SSA:2023-041-01)

The version of gnutls installed on the remote host is prior to 3.7.9. It is, therefore, affected by a vulnerability as referenced in the SSA:2023-041-01 advisory. - A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficien...

7.4CVSS7AI score0.01403EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/02/08 7:4 p.m.30 views

CVE-2022-4304 Timing Oracle in RSA Decryption

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages fo...

6.7AI score0.16195EPSS
Exploits0References2
OSV
OSV
added 2023/02/08 7:4 p.m.30 views

CVE-2022-4304 Timing Oracle in RSA Decryption

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages fo...

5.9CVSS7AI score0.16195EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/02/08 12:0 a.m.56 views

SUSE SLES15: libopenssl-1_0_0-devel / libopenssl10 / libopenssl1_0_0 / etc (SUSE-SU-2023:0305-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0305-1 advisory. - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERALNAMEcmp for x400Address bsc1207533. - CVE-2023-0215: Fixed...

7.5CVSS7.1AI score0.59501EPSS
Exploits0References10
OSV
OSV
added 2022/06/14 10:15 a.m.6 views

CVE-2022-27221

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. An attacker in machine-in-the-middle could obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown strin...

5.9CVSS5.7AI score0.00907EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/22 11:5 p.m.37 views

Security Bulletin: Vulnerability in GnuTLS affects Power Hardware Management Console ( CVE-2018-10845 CVE-2018-10844)

Summary It was found that GnuTLS's implementation of HMAC-SHA-384 and HMAC-SHA-256 was vulnerable to a Lucky Thirteen-style attack. A remote attacker could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets...

5.9CVSS0.4AI score0.03623EPSS
Exploits0Affected Software1
The Hacker News
The Hacker News
added 2021/09/13 7:54 a.m.84 views

New SpookJS Attack Bypasses Google Chrome's Site Isolation Protection

A newly discovered side-channel attack demonstrated on modern processors can be weaponized to successfully overcome Site Isolation protections weaved into Google Chrome and Chromium browsers and leak sensitive data in a Spectre-style speculative execution attack. Dubbed "Spook.js" by academics fr...

5.6CVSS2AI score0.93838EPSS
Exploits12
NVD
NVD
added 2020/10/29 4:15 p.m.35 views

CVE-2020-5933

On versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, when a BIG-IP system that has a virtual server configured with an HTTP compression profile processes compressed HTTP message payloads that require deflation, a Slowloris-style attack can trigger a...

7.8CVSS7.6AI score0.0105EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/10/29 12:0 a.m.45 views

F5 Networks BIG-IP : BIG-IP HTTP compression profile vulnerability (K26244025)

The version of F5 Networks BIG-IP installed on the remote host is prior to 11.6.5.2 / 12.1.5.2 / 13.1.3.5 / 14.1.2.5 / 15.1.1 / 16.0.0. It is, therefore, affected by a vulnerability as referenced in the K26244025 advisory. - On versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4,...

7.8CVSS7.4AI score0.0105EPSS
Exploits0References2
Rows per page
Query Builder