CVSS: 5.9EPSS: 0%CPEs: 10EXPL: 1CVE-2022-4304 – Timing Oracle in RSA Decryption
https://notcve.org/view.php?id=CVE-2022-4304
07 Feb 2023 — A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the serve... • https://github.com/Trinadh465/Openssl-1.1.1g_CVE-2022-4304 • CWE-203: Observable Discrepancy •
CVSS: 7.4EPSS: 85%CPEs: 9EXPL: 0CVE-2023-0286 – X.400 address type confusion in X.509 GeneralName
https://notcve.org/view.php?id=CVE-2023-0286
07 Feb 2023 — There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may a... • https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-31814
https://notcve.org/view.php?id=CVE-2021-31814
10 Feb 2022 — In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a client from accessing the VPN and can obtain sensitive information through the SN VPN SSL Client. En Stormshield versiones 1.1.0, y versiones 2.1.0 hasta 2.9.0, un atacante puede bloquear el acceso de un cliente a la VPN y puede obtener información confidencial mediante el cliente SN VPN SSL • https://advisories.stormshield.eu • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37613
https://notcve.org/view.php?id=CVE-2021-37613
10 Feb 2022 — Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service. Stormshield Network Security (SNS) versiones 1.0.0 hasta 4.2.3, permite una Denegación de Servicio • https://advisories.stormshield.eu •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-28096
https://notcve.org/view.php?id=CVE-2021-28096
27 Jan 2022 — An issue was discovered in Stormshield SNS before 4.2.3 (when the proxy is used). An attacker can saturate the proxy connection table. This would result in the proxy denying any new connections. Se ha detectado un problema en Stormshield SNS versiones anteriores a 4.2.3 (cuando es usado el proxy). Un atacante puede saturar la tabla de conexiones del proxy. • https://advisories.stormshield.eu/2021-005 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 4%CPEs: 60EXPL: 2CVE-2002-20001
https://notcve.org/view.php?id=CVE-2002-20001
11 Nov 2021 — The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it c... • https://github.com/c0r0n3r/dheater • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-28127
https://notcve.org/view.php?id=CVE-2021-28127
01 Jul 2021 — An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur. Se ha detectado un problema en Stormshield SNS versiones hasta 4.2.1. Puede ocurrir un ataque de fuerza bruta • https://advisories.stormshield.eu • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2018-20850
https://notcve.org/view.php?id=CVE-2018-20850
04 Jul 2019 — Stormshield Network Security 2.0.0 through 2.13.0 and 3.0.0 through 3.7.1 has self-XSS in the command line interface of the SNS web server. Stormshield Network Security versión 2.0.0 hasta la versión 2.13.0 y versión 3.0.0 hasta la versión 3.7.1 tiene self-XSS en la interfaz de línea de comandos del servidor web SNS. • https://advisories.stormshield.eu/2018-006 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •