15 matches found
USN-8108-1: Bouncy Castle vulnerabilities
It was discovered that Bouncy Castle did not sanitize user input when inserting it into an LDAP search filter. An attacker could possibly use this issue to perform an LDAP injection attack. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS...
CVE-2024-58262
A flaw was found in curve25519-dalek. The crate’s implementation of constant-time operations on elliptic curve scalars lacks proper LLVM optimization, potentially revealing information about the scalar's bits. A local attacker can observe timing differences during scalar operations. This...
CVE-2021-37848
common/password.c in Pengutronix barebox through 2021.07.0 leaks timing information because strncmp is used during hash comparison...
Design/Logic Flaw
RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. There is...
CVE-2021-37848
Pengutronix barebox (through 2021.07.0) is affected by CVE-2021-37848 due to a timing leak in common/password.c during hash comparison (strncmp). This is a timing-side-channel vulnerability in the bootloader used in embedded Linux systems. Affected component: barebox binary; issue arises from str...
RHEL 6 : openssl (RHSA-2016:0996)
An update for openssl is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
Amazon Linux: Security Advisory (ALAS-2013-162)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Important: Red Hat Security Advisory: rhevm-spice-client security update
Updated rhevm-spice-client packages that fix multiple security issues are now available for Red Hat Enterprise Virtualization Manager 3. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give...
Critical: java-1.7.0-openjdk
Issue Overview: An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execut...
Amazon Linux AMI : openssl (ALAS-2012-38)
It was discovered that the Datagram Transport Layer Security DTLS protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding...
RedHat Update for nss and nspr RHSA-2013:1135-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RedHat Update for nss and nspr RHSA-2013:1135-01
Check for the Version of nss and nspr OpenVAS Vulnerability Test RedHat Update for nss and nspr RHSA-2013:1135-01 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
Moderate: Red Hat Security Advisory: nss and nspr security, bug fix, and enhancement update
Updated nss and nspr packages that fix two security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which...
Medium: gnutls
Issue Overview: It was discovered that GnuTLS leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding...
Important: Red Hat Security Advisory: java-1.6.0-openjdk security update
Updated java-1.6.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...