Lucene search
K

177 matches found

Tenable Nessus
Tenable Nessus
added 2024/05/11 12:0 a.m.81 views

RHEL 7 : packagekit (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - PackageKit: Information Disclosure in Transaction Interface via timing CVE-2022-0987 - PackageKit provide...

4.7AI score0.00462EPSS
Exploits1References2
CVE
CVE
added 2024/05/09 12:0 a.m.1357 views

CVE-2024-30171

CVE-2024-30171 : Affects the Bouncy Castle Java TLS API and JSSE Provider before 1.78. The issue is a timing-based leakage in RSA-based handshakes caused by exception processing. There is no exploit detail provided in the documents. Remediation: upgrade to a version containing the fix (BC 1.78 or...

5.9CVSS6.4AI score0.00901EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/05/09 12:0 a.m.44 views

CVE-2024-30171

An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing...

7.2AI score0.00901EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/05/09 12:0 a.m.47 views

CVE-2024-30171

An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing...

6.6AI score0.00901EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2024/05/03 7:9 p.m.44 views

K000139508: rust-openssl vulnerability CVE-2024-3296

Security Advisory Description A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of tria...

5.9CVSS5.7AI score0.00415EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/04/30 12:0 a.m.35 views

IBM MQ 9.0 <= 9.0.0.24 / 9.1 <= 9.1.0.21 / 9.2 <= 9.2.0.25 / 9.3 <= 9.3.0.17 / 9.3 <= 9.3.5.1 (7149586)

The version of IBM MQ Server running on the remote host is affected by multiple vulnerabilities as referenced in the 7149586 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions...

7.5CVSS6.6AI score0.00911EPSS
Exploits0References3
NVD
NVD
added 2024/04/25 5:15 p.m.19 views

CVE-2024-2467

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The...

5.9CVSS5.4AI score0.00516EPSS
Exploits0References4
OSV
OSV
added 2024/04/25 5:15 p.m.22 views

CVE-2024-2467

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The...

5.9CVSS6.3AI score0.00516EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/04/25 4:45 p.m.279 views

CVE-2024-2467 Perl-crypt-openssl-rsa: side-channel attack in pkcs#1 v1.5 padding mode (marvin attack)

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The...

5.9CVSS6.4AI score0.00516EPSS
Exploits0References4
Veracode
Veracode
added 2024/04/10 11:30 a.m.20 views

Timing Based Side-Channel Attack

Libgcrypt is vulnerable to a timing-based side-channel attack. The vulnerability is due to the handling of RSA decryption, which may allow a remote attacker to initiate a Bleichenbacher-style attack and decrypt arbitrary RSA ciphertexts...

5.9CVSS7.2AI score0.01114EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2024/04/04 1:47 p.m.39 views

CVE-2024-3296 Rust-openssl: timing based side-channel can lead to a bleichenbacher style attack

A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages for decryption. The...

5.9CVSS5.7AI score0.00415EPSS
Exploits0References2
CVE
CVE
added 2024/04/04 1:47 p.m.86 views

CVE-2024-3296

CVE-2024-3296 involves the rust-openssl crate and a timing-based side-channel that could permit plaintext recovery over a network via a Bleichenbacher-style attack on the legacy PKCS#1v1.5 padding. An attacker would need to send many trial decryptions to achieve success. The connected documents c...

5.9CVSS5.4AI score0.00415EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2024/04/04 12:0 a.m.19 views

CVE-2024-3296

A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages for decryption. The...

5.9CVSS6.2AI score0.00415EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/27 8:44 p.m.31 views

Security Bulletin: This Power System update is being released to address CVE-2022-4304

Summary The OpenSSL RSA Decryption timing-based side channel attack affects BMC's HTTPS and SSH connections. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption...

5.9CVSS6.7AI score0.16195EPSS
Exploits0
NVD
NVD
added 2024/03/26 2:15 p.m.12 views

CVE-2023-33855

Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture CCA 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack. IBM X-Force ID: 257676...

3.7CVSS4.8AI score0.00452EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/03/26 2:4 p.m.20 views

CVE-2023-33855 IBM Common Cryptographic Architecture information disclosure

Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture CCA 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack. IBM X-Force ID: 257676...

3.7CVSS4AI score0.00452EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/26 2:4 p.m.11 views

CVE-2023-33855 IBM Common Cryptographic Architecture information disclosure

Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture CCA 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack. IBM X-Force ID: 257676...

3.7CVSS6AI score0.00452EPSS
Exploits0References2
CVE
CVE
added 2024/03/26 2:4 p.m.86 views

CVE-2023-33855

CVE-2023-33855 affects IBM Common Cryptographic Architecture (CCA) used with the IBM 4769 Developer’s Toolkit. Affected versions are CCA 7.0.0 through 7.5.36, where RSA operations may exhibit non-constant-time behavior under certain conditions, potentially allowing a remote attacker to obtain sen...

3.7CVSS3.7AI score0.00452EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/25 4:45 p.m.40 views

Security Bulletin: Security Vulnerability in IBM GSKit affects IBM Security Directory Server Container Products (CVE-2023-32342)

Summary A Security Vulnerability in IBM GSKit that ships with IBM Security Directory Server Container Products has been addressed in an update. Vulnerability Details CVEID:CVE-2023-32342 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based...

7.5CVSS7.4AI score0.00925EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/03/19 1:36 p.m.63 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9.

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM License Metric Tool. These issues were disclosed as part of the IBM Java SDK updates in Jan 2024. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE...

7.5CVSS7.1AI score0.01026EPSS
Exploits0Affected Software1
Rows per page
Query Builder