CentOS 8 : curl (CESA-2023:4523)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:4523 advisory. - An authentication bypass vulnerability exists libcurl 8.0.0 in the connection reuse feature which can reuse previously established connections with...

Timing Attack

Cryptography is vulnerable to a Timing Attack. This vulnerability is due to the predictable structure of padding in ciphertexts during RSA encryption. This flaw enables an attacker to distinguish between different types of padding errors, potentially leading to the decryption of captured messages...

CVE-2023-50782

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...

Design/Logic Flaw

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...

CVE-2023-50782

CVE-2023-50782 affects the python-cryptography library across multiple Linux distributions. The underlying issue is a Bleichenbacher timing/PKCS#1 v1.5 RSA decryption handling flaw that could allow a remote attacker to decrypt TLS RSA-exchange messages, potentially exposing confidential data. Aff...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : OpenSSL vulnerabilities (USN-6622-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6622-1 advisory. David Benjamin discovered that OpenSSL incorrectly handled excessively long X9.42 DH keys. A remote attacker could possibly use this...

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Certificate Validation in the RHEL UBI (CVE-2023-28321)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. CVE-2023-28321 This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. Vulnerability Details CVEID:CVE-2023-28321 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security...

RHEL 8 : nss (RHSA-2024:0093)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0093 advisory. Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server...

Medium: nss

Issue Overview: It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the...

Medium: nss-softokn

Issue Overview: It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the...

Medium: nss-softokn

Issue Overview: It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the...

EulerOS Virtualization 3.0.6.0 : curl (EulerOS-SA-2023-3425)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when...

EulerOS Virtualization 2.11.1 : curl (EulerOS-SA-2023-2719)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass...

FreeBSD : OpenSSL -- Vector register corruption on PowerPC (8337251b-b07b-11ee-b0d7-84a93843eb75)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 8337251b-b07b-11ee-b0d7-84a93843eb75 advisory. - Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might...

Siemens SCALANCE OpenSSL Out-of-bounds Read (CVE-2022-4203)

A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...

nss: timing attack against RSA decryption

It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the leak happens...

nss: timing attack against RSA decryption

It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the leak happens...

CentOS 8 : nss (CESA-2024:0105)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2024:0105 advisory. - It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero...

UBUNTU-CVE-2023-6129

Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC...

Security Bulletin: IBM Event Streams is affected by a vulnerability in cURL libcurl (CVE-2023-28321)

Summary This security vulnerability affects the base image being used to build IBM Event Stream images. CVE-2023-28321 Vulnerability Details CVEID:CVE-2023-28321 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw when listed as "Subject...