Lucene search
K

177 matches found

Tenable Nessus
Tenable Nessus
added 2023/08/31 12:0 a.m.29 views

FreeBSD : FreeBSD -- Multiple vulnerabilities in OpenSSL (c8eb4c40-47bd-11ee-8e38-002590c1f29c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the c8eb4c40-47bd-11ee-8e38-002590c1f29c advisory. - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could ...

7.5CVSS7.9AI score0.59501EPSS
Exploits0References5
NVD
NVD
added 2023/08/22 9:15 p.m.26 views

CVE-2023-33850

IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive...

7.5CVSS7.4AI score0.00855EPSS
Exploits0References5
Prion
Prion
added 2023/08/22 9:15 p.m.33 views

Design/Logic Flaw

IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive...

5CVSS7.2AI score0.00855EPSS
Exploits0References4Affected Software2
Cvelist
Cvelist
added 2023/08/22 8:31 p.m.35 views

CVE-2023-33850 IBM GSKit-Crypto information disclosure

IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive...

7.5CVSS7.3AI score0.00855EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/08/22 8:31 p.m.17 views

CVE-2023-33850 IBM GSKit-Crypto information disclosure

IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive...

7.5CVSS7.3AI score0.00855EPSS
Exploits0References3
CVE
CVE
added 2023/08/22 8:31 p.m.194 views

CVE-2023-33850

CVE-2023-33850 involves IBM GSKit-Crypto and a timing-based side channel in the RSA Decryption routine that could allow a remote attacker to obtain sensitive information. The connected IBM bulletins enumerate this CVE among others and indicate affected IBM products (e.g., a range of IBM Java/SDK/...

7.5CVSS7.4AI score0.00855EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2023/08/22 12:0 a.m.3 views

PT-2023-24517 · Ibm +1 · Ibm Gskit-Crypto +2

Name of the Vulnerable Software and Affected Versions: IBM GSKit-Crypto affected versions not specified Description: The issue is caused by a timing-based side channel in the RSA Decryption implementation, allowing a remote attacker to obtain sensitive information by sending an overly large numbe...

7.5CVSS5.9AI score0.01026EPSS
Exploits0References59
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/13 1:22 p.m.34 views

Security Bulletin: A vulnerability in IBM GSKit affects IBM Storage Protect Client, IBM Storage Protect for Virtual Environments, and IBM Storage Protect for Space Management (CVE-2023-32342)

Summary IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments Data Protection for Hyper-V and Data Protection for VMware, and IBM Storage Protect for Space Management can be affected by a vulnerability in IBM GSKit. The vulnerability can lead to disclosure of...

7.5CVSS7.1AI score0.00925EPSS
Exploits0Affected Software3
Tenable Nessus
Tenable Nessus
added 2023/07/04 12:0 a.m.30 views

EulerOS 2.0 SP11 : openssl (EulerOS-SA-2023-2299)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a netwo...

7.5CVSS7.9AI score0.59501EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/06/26 12:0 a.m.36 views

SUSE SLES12: libopenssl-1_0_0-devel / libopenssl-1_0_0-devel-32bit / etc (SUSE-SU-2023:2624-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2624-1 advisory. - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause...

5.9CVSS7.1AI score0.16195EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/06/25 12:0 a.m.15 views

SUSE SLED15: libopenssl-1_1-devel / libopenssl-1_1-devel-32bit / libopenssl1_1 / etc (SUSE-SU-2023:29171-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:29171-1 advisory. - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers...

6.5CVSS7.1AI score0.73461EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/15 10:15 a.m.34 views

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to remote sensitive information exposure due to IBM GSKit (CVE-2023-32342)

Summary There is a vulnerability in IBM GSKit used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-32342 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain...

7.5CVSS7.2AI score0.00925EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/06/13 12:0 a.m.33 views

EulerOS Virtualization 3.0.6.0 : openssl (EulerOS-SA-2023-2242)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the da...

7.5CVSS7.6AI score0.59501EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/06/07 12:0 a.m.27 views

EulerOS Virtualization 2.11.0 : openssl (EulerOS-SA-2023-2127)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext...

7.5CVSS7.8AI score0.59501EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/06/02 12:0 a.m.27 views

EulerOS Virtualization 2.9.0 : openssl (EulerOS-SA-2023-2022)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext...

7.5CVSS7.6AI score0.59501EPSS
Exploits0References6
NVD
NVD
added 2023/05/30 10:15 p.m.13 views

CVE-2023-32342

IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IB...

7.5CVSS7.2AI score0.00925EPSS
Exploits0References1
Prion
Prion
added 2023/05/30 10:15 p.m.31 views

Design/Logic Flaw

IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IB...

5CVSS7.1AI score0.00925EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/30 9:3 p.m.4 views

CVE-2023-32342 IBM GSKit information disclosure

IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IB...

7.5CVSS6.4AI score0.00925EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/05/30 9:3 p.m.15 views

CVE-2023-32342 IBM GSKit information disclosure

IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IB...

7.5CVSS7.2AI score0.00925EPSS
Exploits0References1
CVE
CVE
added 2023/05/30 9:3 p.m.185 views

CVE-2023-32342

CVE-2023-32342 is a timing-based side-channel vulnerability in IBM GSKit’s RSA Decryption. The IBM bulletins show this can lead to information disclosure and affect multiple IBM products that ship GSKit (e.g., Db2, Informix, Sterling, Datacap, and related containers). Root cause: timing differenc...

7.5CVSS7.2AI score0.00925EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder