CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

SUSE CVE•added 2023/02/15 4:34 a.m.•1 views

SUSE CVE-2018-0737

The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev Affected 1.1.0-1.1.0h...

4.7CVSS6.5AI score0.38121EPSS

Exploits0References41

vulnersOsv•added 2021/08/25 8:52 p.m.•0 views

openssl-sys (>=0.9.35 <=0.9.37) potentially affected by CVE-2021-23841 via openssl-src (=110.0.7+1.1.0i)

openssl-src CARGO version =110.0.7+1.1.0i is affected by a known vulnerability. The following packages have a transitive dependency on openssl-src and may be impacted: - openssl-sys =0.9.35, =0.9.37 Source cves: CVE-2021-23841 Source advisory: OSV:GHSA-84RM-QF37-FGC2...

5.9CVSS6.7AI score0.00958EPSS

Exploits0

Tenable Nessus•added 2019/01/03 12:0 a.m.•38 views

Fedora 28 : 1:openssl (2018-520e4c5b4e)

Update to 1.1.0i version from upstream fixing minor security issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...

7.5CVSS6.4AI score0.78382EPSS

Exploits0References3

Mageia•added 2018/11/27 3:26 p.m.•55 views

Updated openssl packages fix security vulnerabilities

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a Affected 1.1.1. Fixed in OpenSSL 1.1.0j Affected 1.1.0-1.1.0i. Fixed in OpenSSL 1.0.2q...

5.9CVSS6AI score0.05057EPSS

Exploits4References3

AlpineLinux•added 2018/10/29 1:0 p.m.•33 views

CVE-2018-0735

The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j Affected 1.1.0-1.1.0i. Fixed in OpenSSL 1.1.1a Affected 1.1.1...

5.9CVSS5.7AI score0.04803EPSS

Exploits0

Positive Technologies•added 2018/10/16 12:0 a.m.•3 views

PT-2018-2639

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 1.1.1a OpenSSL versions 1.1.0 through 1.1.0i OpenSSL versions 1.0.2 through 1.0.2p MySQL Server versions 5.6.42 and earlier MySQL Server versions 5.7.24 and earlier MySQL Server versions 8.0.13 and earlier Description...

10CVSS6.9AI score0.94464EPSS

Exploits241References482

Tenable Nessus•added 2018/08/27 12:0 a.m.•191 views

OpenSSL 1.1.0 < 1.1.0i Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.1.0i. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.0i advisory. - Simultaneous Multi-threading SMT in processors can enable local users to exploit software vulnerable to timing attacks via a...

7.5CVSS6.9AI score0.78382EPSS

Exploits4References12

RedhatCVE•added 2018/06/14 5:18 a.m.•56 views

CVE-2018-0732

During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This...

7.5CVSS2.7AI score0.78382EPSS

Exploits0References2