155 matches found
CVE-2014-3591
Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during...
CVE-2014-3591
CVE-2014-3591 affects Libgcrypt (before 1.6.3) and GnuPG (before 1.4.19), which do not implement ciphertext blinding for ElGamal decryption, enabling physically proximate attackers to potentially extract private keys via crafted ciphertext and EM field fluctuations during multiplication. Related ...
CVE-2019-3591
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in ePO extension in McAfee Data Loss Prevention DLPe for Windows 11.x prior to 11.3.0 allows unauthenticated remote user to trigger specially crafted JavaScript to render in the ePO UI via a carefully crafted uploa...
CVE-2019-3591 DLP Endpoint ePO extension vulnerable to XSS
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in ePO extension in McAfee Data Loss Prevention DLPe for Windows 11.x prior to 11.3.0 allows unauthenticated remote user to trigger specially crafted JavaScript to render in the ePO UI via a carefully crafted uploa...
CVE-2019-3591
McAfee DLPe (Data Loss Prevention Endpoint) with the ePO extension for Windows has a stored XSS vulnerability (CVE-2019-3591) due to improper input neutralization during web page generation in the ePO UI. A remote, unauthenticated user can trigger JavaScript via a crafted upload to a remote websi...
RHEL 7 : kernel (RHSA-2018:3591)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3591 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: out-of-bounds access in the...
CVE-2018-3591
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SDM630, SDM636,...
Ubuntu 14.04 LTS / 16.04 LTS : Django vulnerabilities (USN-3591-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3591-1 advisory. James Davis discovered that Django incorrectly handled certain template filters. A remote attacker could possibly use this issue to cause...
Oracle OIT ContentAccess libvs_mwkd VwStreamReadRecord Memory Corruption Vulnerability(CVE-2016-3591)
Description Partially controlled memory write vulnerability exists in Mac Works Database file format parsing code of Oracle Outside In Technology Content Access SDK. An unchecked pointer arithmetic causes an out of bounds memory write which can lead to denial of service or possibly code execution...
Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2017-3591)
The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2017-3591 advisory. - nfsd: check for oversized NFSv2/v3 arguments J. Bruce Fields Orabug: 26366024 CVE-2017-7645 Tenable has extracted the preceding description block directly...
CVE-2017-3591
CVE-2017-3591 affects Oracle WebCenter Sites (Oracle Fusion Middleware) in the Catalog Mover subcomponent. Affects listed versions: 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. The vulnerability can be exploited by an unauthenticated remote attacker over HTTP, with user interaction required...
Oracle Outside In Vulnerabilities
This security update addresses the following vulnerabilities, which are described in Oracle Critical Patch Update Advisory – July 2016 Remote Code Execution: CVE-2016-3575, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3595, CVE-2016-3594, CVE-2015-6014, CVE-2016-3593, CVE-2016-3592,...
CVE-2016-3591
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2015-3591
CVE-2015-3591 is a duplicate of CVE-2014-3591. The connected records provide concrete details for CVE-2014-3591: Libgcrypt (before 1.6.3) and GnuPG (before 1.4.19) do not implement ciphertext blinding for ElGamal decryption, enabling physically proximate attackers to potentially recover server pr...
CVE-2015-3591
...
SUSE SLED11 / SLES11 Security Update : libgcrypt (SUSE-SU-2015:1626-1)
This update fixes the following issues : - Use ciphertext blinding for Elgamal decryption CVE-2014-3591. See http://www.cs.tau.ac.il/tromer/radioexp/ for details. bsc920057 - Fixed data-dependent timing variations in modular exponentiation related to CVE-2015-0837, Last-Level Cache Side-Channel...
openSUSE Security Update : libgcrypt (openSUSE-2015-566)
This update fixes two security vulnerabilities bsc920057 : - Use ciphertext blinding for Elgamal decryption CVE-2014-3591. See http://www.cs.tau.ac.il/tromer/radioexp/ for details. - Fixed data-dependent timing variations in modular exponentiation related to CVE-2015-0837, Last-Level Cache...
Amazon Linux AMI : libgcrypt (ALAS-2015-577)
Fix a side-channel attack on data-dependent timing variations in modular exponentiation, which can potentially lead to an information leak. CVE-2015-0837 Fix a side-channel attack which can potentially lead to an information leak. CVE-2014-3591 Libgcrypt before 1.5.4, as used in GnuPG and other...
Fedora Update for libgcrypt FEDORA-2015-3399
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for mingw-libgcrypt FEDORA-2015-6881
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...