80 matches found
Mageia: Security Advisory (MGASA-2023-0130)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 8 : gnutls (RHSA-2023:1569)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1569 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS...
Amazon Linux 2023 : openssl, openssl-devel, openssl-libs (ALAS2023-2023-101)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-101 advisory. A flaw was found in Open SSL. A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain...
AlmaLinux 9 : gnutls (ALSA-2023:1141)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:1141 advisory. - A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypte...
RHEL 9 : gnutls (RHSA-2023:1141)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1141 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS...
Oracle Linux 9 : gnutls (ELSA-2023-1141)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-1141 advisory. 3.7.6-18 - Update gnutls-3.7.8-fips-pct-dh.patch to the upstream version 2168610 3.7.6-17 - Fix timing side-channel in TLS RSA key exchange 2162600 3.7.6-16 -...
Fedora 37 : gnutls / guile-gnutls (2023-1c4a6a47ae)
The remote Fedora 37 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-1c4a6a47ae advisory. Release of gnutls 3.8.0 fixes CVE-2023-0361 Release of gnutls guile bingings as standalone package. Tenable has extracted the preceding description block...
K07051153: TMUI vulnerability CVE-2020-5905
Security Advisory Description In the BIG-IP Configuration utility Network WCCP page, the system does not sanitize all user-provided data before displaying the page. CVE-2020-5905 Impact Authenticated administrative users with access to this page in the Configuration utility may inject code onto t...
Debian dla-3321 : gnutls-bin - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3321 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3321-1 [email protected] https://www.debian.org/lts/security/...
CVE-2023-0361
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to...
FreeBSD : GnuTLS -- timing sidechannel in RSA decryption (0a7a5dfb-aba4-11ed-be2c-001cc0382b2f)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0a7a5dfb-aba4-11ed-be2c-001cc0382b2f advisory. - A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. Thi...
Slackware Linux 15.0 / current gnutls Vulnerability (SSA:2023-041-01)
The version of gnutls installed on the remote host is prior to 3.7.9. It is, therefore, affected by a vulnerability as referenced in the SSA:2023-041-01 advisory. - A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficien...
CVE-2022-4304 Timing Oracle in RSA Decryption
A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages fo...
CVE-2022-4304 Timing Oracle in RSA Decryption
A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages fo...
SUSE SLES15: libopenssl-1_0_0-devel / libopenssl10 / libopenssl1_0_0 / etc (SUSE-SU-2023:0305-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0305-1 advisory. - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERALNAMEcmp for x400Address bsc1207533. - CVE-2023-0215: Fixed...
CVE-2022-27221
A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. An attacker in machine-in-the-middle could obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown strin...
Security Bulletin: Vulnerability in GnuTLS affects Power Hardware Management Console ( CVE-2018-10845 CVE-2018-10844)
Summary It was found that GnuTLS's implementation of HMAC-SHA-384 and HMAC-SHA-256 was vulnerable to a Lucky Thirteen-style attack. A remote attacker could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets...
New SpookJS Attack Bypasses Google Chrome's Site Isolation Protection
A newly discovered side-channel attack demonstrated on modern processors can be weaponized to successfully overcome Site Isolation protections weaved into Google Chrome and Chromium browsers and leak sensitive data in a Spectre-style speculative execution attack. Dubbed "Spook.js" by academics fr...
CVE-2020-5933
On versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, when a BIG-IP system that has a virtual server configured with an HTTP compression profile processes compressed HTTP message payloads that require deflation, a Slowloris-style attack can trigger a...
F5 Networks BIG-IP : BIG-IP HTTP compression profile vulnerability (K26244025)
The version of F5 Networks BIG-IP installed on the remote host is prior to 11.6.5.2 / 12.1.5.2 / 13.1.3.5 / 14.1.2.5 / 15.1.1 / 16.0.0. It is, therefore, affected by a vulnerability as referenced in the K26244025 advisory. - On versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4,...