exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 43 RSS Feed

CVE-2022-4304

Status Candidate

Overview

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.

Related Files

Gentoo Linux Security Advisory 202402-08
Posted Feb 5, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202402-8 - Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in denial of service. Versions greater than or equal to 3.0.10 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2022-3358, CVE-2022-4203, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0216, CVE-2023-0217, CVE-2023-0286, CVE-2023-0401, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-2975
SHA-256 | 21ad378435b07083191f0c5fc69298cd031080be76d8665f35aae2aacebb11f1
Ubuntu Security Notice USN-6564-1
Posted Jan 3, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6564-1 - Hubert Kario discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. CarpetFuzz, Dawei Wang discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0401
SHA-256 | ae06e9d7de3a8aa6879c9ffafc7bea669c2fbcc0dec9e5141b1982070bee30b7
Red Hat Security Advisory 2023-5103-01
Posted Sep 12, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5103-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.11.6 images.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-3709, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0361, CVE-2023-2828, CVE-2023-3089, CVE-2023-38408, CVE-2023-3899
SHA-256 | ff86c5fcb20d801641ee0a943d716618abfc792dd089f942079ae10795581374
Red Hat Security Advisory 2023-4982-01
Posted Sep 6, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4982-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.6 images.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-3709, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0361, CVE-2023-2602, CVE-2023-2603, CVE-2023-27536, CVE-2023-28321, CVE-2023-28484, CVE-2023-29469, CVE-2023-32681, CVE-2023-34969, CVE-2023-38408
SHA-256 | b9023400cec5412855af688ab8ee78059b127eabc4f5cf42938b74354d4cde03
Red Hat Security Advisory 2023-4310-01
Posted Aug 2, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4310-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.46. Issues addressed include denial of service and out of bounds read vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-38561, CVE-2022-4304, CVE-2023-0215, CVE-2023-0286, CVE-2023-24329, CVE-2023-2828
SHA-256 | ca92d84023a0e05b7798a857cca840a5ac2e7d09d50d170362be6bb5b247c0cb
Red Hat Security Advisory 2023-4421-01
Posted Aug 2, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4421-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.5 images.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-24736, CVE-2022-41723, CVE-2022-4304, CVE-2023-0215, CVE-2023-0286, CVE-2023-1667, CVE-2023-2283, CVE-2023-24329, CVE-2023-24540, CVE-2023-26604, CVE-2023-2828, CVE-2023-3089
SHA-256 | db79e46b0eba3e1a78e180a54c5653048a4f2e53759b8bc14de7603ad8f84236
Red Hat Security Advisory 2023-4091-01
Posted Jul 21, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4091-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.5. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2022-41717, CVE-2022-41723, CVE-2022-4304, CVE-2022-4450, CVE-2022-46663, CVE-2023-0215, CVE-2023-0361, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-1255, CVE-2023-1260, CVE-2023-2253, CVE-2023-24329
SHA-256 | 5fffb192f782f6a62532ee7fa26b357fcb1d898b1d066d385c135895e70cea38
Red Hat Security Advisory 2023-4128-01
Posted Jul 18, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4128-01 - EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-4304, CVE-2023-0215, CVE-2023-0286
SHA-256 | 26d7d6b2c7ca45bddabac4bf3d4c499fd5b957034a4976dfaaadd7854797b918
Red Hat Security Advisory 2023-4113-01
Posted Jul 18, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4113-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-24736, CVE-2022-41723, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0361, CVE-2023-1667, CVE-2023-2283, CVE-2023-24329, CVE-2023-26604, CVE-2023-3089
SHA-256 | 729c365dd06942907c827ed3d0802c357c17c67b289a8964d793af4404274523
Red Hat Security Advisory 2023-4112-01
Posted Jul 18, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4112-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-24736, CVE-2022-41723, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0361, CVE-2023-1667, CVE-2023-2283, CVE-2023-24329, CVE-2023-26604, CVE-2023-3089
SHA-256 | c7742e00a1388aea1d5f85faa7bd185acac12f047bfdcf09c76b69b1cf58228e
Red Hat Security Advisory 2023-4114-01
Posted Jul 18, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4114-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-24736, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0361, CVE-2023-1667, CVE-2023-2283, CVE-2023-24329, CVE-2023-26604, CVE-2023-3089
SHA-256 | 7ff43dc4b81b02a1c2a7a4189b7ed0a52cde440b4d27f256fe8f7a0912bb24ef
Red Hat Security Advisory 2023-3615-01
Posted Jun 27, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3615-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.22. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2021-4235, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0361
SHA-256 | 7fb4743cf0f6421a8fc76e5aeabe5a0d1c7e99c6c059a74b0989a6981fbfe871
Red Hat Security Advisory 2023-3614-01
Posted Jun 23, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3614-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.4.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-41723, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0361, CVE-2023-24329, CVE-2023-24540
SHA-256 | 9c2f46c33295c1b0e7ecb18249a60f635ddabddc6a6d5b912f2e4088da5e5897
Red Hat Security Advisory 2023-3645-01
Posted Jun 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3645-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. This advisory covers the RPM packages for the release. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2021-20329, CVE-2021-43138, CVE-2022-24999, CVE-2022-25858, CVE-2022-27664, CVE-2022-2880, CVE-2022-36227, CVE-2022-39229, CVE-2022-41715, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0361
SHA-256 | 3023d0e9a727cd7cb6e6e20ebd2258d11d98d83016ff62bc73e6192f91c39a04
Red Hat Security Advisory 2023-3624-01
Posted Jun 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3624-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.

tags | advisory, web, denial of service
systems | linux, redhat
advisories | CVE-2021-46848, CVE-2022-1304, CVE-2022-25147, CVE-2022-2795, CVE-2022-2880, CVE-2022-35737, CVE-2022-36227, CVE-2022-3627, CVE-2022-3970, CVE-2022-41715, CVE-2022-41717, CVE-2022-42898, CVE-2022-4304, CVE-2022-4450
SHA-256 | d2f80d582085aae75b12f07fd85ac399fe95b0c3197d108af14ac014209e5633
Red Hat Security Advisory 2023-3542-01
Posted Jun 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3542-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.43. Issues addressed include denial of service and out of bounds read vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-38561, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0361, CVE-2023-24540
SHA-256 | a6dfd1ba4139a8bed6278e3d4f8eea860ff137066b8b41f230ff63c5ed9d4d59
Red Hat Security Advisory 2023-3455-01
Posted Jun 6, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3455-01 - OpenShift Serverless version 1.29.0 contains a moderate security impact. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2022-36227, CVE-2022-41723, CVE-2022-41724, CVE-2022-41725, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0361, CVE-2023-0767, CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939
SHA-256 | fb699e506aa118c17dbd87137af0d14f01a829ce5c8b64ec9846e9ca82990b0b
Red Hat Security Advisory 2023-3421-01
Posted Jun 6, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3421-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.3 serves as a replacement for Red Hat JBoss Web Server 5.7.2. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include double free and use-after-free vulnerabilities.

tags | advisory, java, web, vulnerability
systems | linux, redhat
advisories | CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286
SHA-256 | b7e1a0f2d05b87882ca88c3378b08af039b9aeff34f0360edcb8d3063a932038
Red Hat Security Advisory 2023-3354-01
Posted Jun 6, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3354-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass, denial of service, double free, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2006-20001, CVE-2022-25147, CVE-2022-4304, CVE-2022-43551, CVE-2022-43552, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-23914, CVE-2023-23915, CVE-2023-23916, CVE-2023-25690
SHA-256 | 872079b042f0763e48a97309fcbc46a8880cc332bd629c972bb2a0f58175222a
Red Hat Security Advisory 2023-3420-02
Posted Jun 6, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3420-02 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.3 serves as a replacement for Red Hat JBoss Web Server 5.7.2. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include double free and use-after-free vulnerabilities.

tags | advisory, java, web, vulnerability
systems | linux, redhat
advisories | CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286
SHA-256 | 7dc1c42b2d4f1fd9c491c25d54360d67b2b29c51a72221e9df51c6909ebdb4f8
Red Hat Security Advisory 2023-3355-01
Posted Jun 6, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3355-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass, denial of service, double free, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2006-20001, CVE-2022-25147, CVE-2022-4304, CVE-2022-43551, CVE-2022-43552, CVE-2022-43680, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-23914, CVE-2023-23915, CVE-2023-23916, CVE-2023-25690
SHA-256 | cced047a9c8b64215ce3e215ff5c91c3249ad0174bafa7de957f9317816d705d
Red Hat Security Advisory 2023-3408-01
Posted Jun 1, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3408-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include double free and use-after-free vulnerabilities.

tags | advisory, vulnerability, protocol
systems | linux, redhat
advisories | CVE-2022-4304, CVE-2022-4450, CVE-2023-0215
SHA-256 | f72c65031868645261cd4d6a767c461670e58de67837da3bcbb897896baa72fe
Red Hat Security Advisory 2023-2932-01
Posted May 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2932-01 - EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Issues addressed include double free and use-after-free vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286
SHA-256 | 00200990c07f487dedd50b1c32123acb4670b6fc0d2132bec18aad3ba0cb10cd
Red Hat Security Advisory 2023-2165-01
Posted May 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2165-01 - EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Issues addressed include double free, privilege escalation, and use-after-free vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2021-38578, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286
SHA-256 | 066a0b8b887b807496ca5e4cab3ba9a903e29113186a10b4fa2c79670fcb6c9c
Red Hat Security Advisory 2023-2107-01
Posted May 4, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2107-01 - The Migration Toolkit for Containers (MTC) 1.7.9 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2022-41724, CVE-2022-41725, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0361, CVE-2023-23916, CVE-2023-25173, CVE-2023-28617
SHA-256 | 4e5916017cd2c38d0dbb46d07a4b6c5a15d545e4b934c30942abd25556065af8
Page 1 of 2
Back12Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close