Lucene search
K

178 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/03/19 1:36 p.m.63 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM License Metric Tool. These issues were disclosed as part of the IBM Java SDK updates in Jan 2024. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE...

7.5CVSS7.1AI score0.01026EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/19 8:48 a.m.35 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager (CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850)

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition used by IBM Tivoli System Automation Application Manager. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could allow a remote attacker t...

7.5CVSS6.9AI score0.01026EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2024/03/14 6:8 p.m.29 views

CVE-2024-2467

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The...

5.9CVSS5.3AI score0.00516EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/07 6:55 p.m.35 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8 used by IBM Installation Manager and IBM Packaging Utility. The IBM Installation Manager and IBM Packaging Utility have addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An...

7.5CVSS7.6AI score0.00918EPSS
Exploits0Affected Software1
NVD
NVD
added 2024/03/06 10:15 p.m.25 views

CVE-2024-2236

A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts...

5.9CVSS5.6AI score0.01114EPSS
Exploits0References6
Prion
Prion
added 2024/03/06 10:15 p.m.13 views

Information disclosure

A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts...

2.6CVSS7.3AI score0.01114EPSS
Exploits0References2
CVE
CVE
added 2024/03/06 10:7 p.m.191 views

CVE-2024-2236

CVE-2024-2236 : IBM bulletin confirms a timing-based side-channel vulnerability in libgcrypt’s RSA implementation. The issue enables a Bleichenbacher-style attack that could decrypt RSA ciphertexts. Root cause: observable timing discrepancies in RSA operations. Affected component: libgcrypt’s RSA...

5.9CVSS7AI score0.01114EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/03/06 10:7 p.m.132 views

CVE-2024-2236 Libgcrypt: vulnerable to marvin attack

A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts...

5.9CVSS6.7AI score0.01114EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2024/03/06 10:7 p.m.274 views

CVE-2024-2236

A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts...

5.9CVSS7AI score0.01114EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/02/11 12:0 a.m.40 views

IBM Java 8.0 < 8.0.8.20

The version of IBM Java installed on the remote host is prior to 8.0 8.0.8.20. It is, therefore, affected by a vulnerability as referenced in the IBM Security Update February 2024 advisory. - IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based...

7.5CVSS7AI score0.00855EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/01/16 12:0 a.m.47 views

EulerOS 2.0 SP11 : linux-sgx (EulerOS-SA-2023-3047)

According to the versions of the linux-sgx packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a...

7.5CVSS7.4AI score0.75116EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2023/12/19 12:0 a.m.46 views

Siemens SIMATIC and SCALANCE Products Encryption Strength (CVE-2023-0286)

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This field is subsequentl...

7.4CVSS7.9AI score0.59501EPSS
Exploits0References29
Tenable Nessus
Tenable Nessus
added 2023/12/07 12:0 a.m.33 views

Oracle Linux 8 : edk2 (ELSA-2023-13025)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-13025 advisory. - Create new 20230821 release for OL8 which includes the following fixed CVEs: CVE-2019-14560 - Update to OpenSSL 1.1.1v which includes the following...

10CVSS7.3AI score0.96275EPSS
Exploits18References5
Hacker One
Hacker One
added 2023/12/02 11:45 p.m.556 views

Internet Bug Bounty: OpenSSL vulnerable to the Marvin Attack (CVE-2022-4304)

A timing side channel vulnerability in OpenSSL RSA decryption was discovered that could allow plaintext recovery. By measuring decryption time, an attacker could recover RSA plaintext from captured ciphertexts after a large number of decryption attempts. All RSA padding modes were affected. The...

5.9CVSS7AI score0.16195EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.39 views

Rocky Linux 8 : nss (RLSA-2021:0538)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:0538 advisory. - When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based...

9.1CVSS7.4AI score0.01541EPSS
Exploits0References12
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/03 7:55 p.m.24 views

Security Bulletin: IBM® Db2® is vulnerable to an information disclosure vulnerability due to the consumed GSKit library (CVE-2023-32342)

Summary IBM® Db2® is vulnerable to an information disclosure vulnerability due to the consumed GSKit library. The fix for this issue was already published in an earlier bulletin. If you have already applied the appropriate Db2 special build or installed GSKit version 8.0.55.31, which contains the...

7.5CVSS6AI score0.00925EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/10/19 12:0 a.m.55 views

IBM HTTP Server 8.5.0.0 < 8.5.5.24 / 9.0.0.0 < 9.0.5.16 Information Disclosure (6998037)

The version of IBM HTTP Server running on the remote host is affected by an information disclosure vulnerability due to IBM GSKit which is used for SSL connections. An unauthenticated, remote attacker could exploit a timing-based side channel in the RSA Decryption implementation, by sending an...

7.5CVSS7.5AI score0.00925EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/14 5:10 a.m.29 views

Security Bulletin: IBM GSKit as shipped with IBM Security Verify Access has fixed a reported vulnerability (CVE-2023-32342)

Summary IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. The issue has been addressed in the IBM Security Verify Access Container and Appliance products. Vulnerability Details CVEID:CVE-2023-32342...

7.5CVSS7.4AI score0.00925EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/04 11:26 a.m.45 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive informatio...

7.5CVSS8.6AI score0.75116EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/09/29 12:0 a.m.26 views

ABB RTU500 and AFS Series OpenSSL Bleichenbacher Style Attack (CVE-2022-4304)

A vulnerability exists in the OpenSSL that affects the RTU500 Series product versions listed below. RTU500 series CMU Firmware versions 12.0.1 – 12.0.15 12.2.1 – 12.2.12 12.4.1 – 12.4.12 12.6.1 – 12.6.9 12.7.1 – 12.7.6 13.2.1 – 13.2.6 13.3.1 – 13.3.3 13.4.2 A timing based side chann...

5.9CVSS7.8AI score0.16195EPSS
Exploits0References6
Rows per page
Query Builder