Lucene search
K

79 matches found

Prion
Prion
added 2018/04/16 6:29 p.m.28 views

Design/Logic Flaw

The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev Affected 1.1.0-1.1.0h...

4.3CVSS6.2AI score0.12046EPSS
Exploits0References34Affected Software2
OSV
OSV
added 2018/04/16 6:29 p.m.3 views

ALPINE-CVE-2018-0737

The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev Affected 1.1.0-1.1.0h...

5.9CVSS6.8AI score0.12046EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2018/04/16 5:0 p.m.78 views

CVE-2018-0737

The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev Affected 1.1.0-1.1.0h...

5.9CVSS6.9AI score0.12046EPSS
Exploits0
OSV
OSV
added 2018/04/16 12:0 a.m.3 views

UBUNTU-CVE-2018-0737

The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev Affected 1.1.0-1.1.0h...

5.9CVSS6.5AI score0.12046EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2018/04/16 12:0 a.m.44 views

CVE-2018-0737

The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev Affected 1.1.0-1.1.0h...

5.9CVSS6.3AI score0.12046EPSS
Exploits0References6
ThreatPost
ThreatPost
added 2017/07/05 1:48 p.m.26 views

Libgcrypt Attack Allowed Recovery of RSA-1024 Keys

The cryptographic library Libgcrypt is vulnerable to a local side-channel attack; something researchers warn could allow full key recovery for RSA-1024. The vulnerability CVE-2017-7526 is tied to the fact that Libgcrypt, which is based on code from GnuPG, uses left to right sliding windows...

4.3CVSS0.8AI score0.03885EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2017/02/09 12:0 a.m.51 views

openSUSE Security Update : libressl (openSUSE-2017-222)

This update for libressl fixes the following issues : - CVE-2016-7056: Difficult to execute cache timing attack that may have allowed a local user to recover the private part from ECDSA P-256 keys boo1019334 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

5.5CVSS7.2AI score0.00594EPSS
Exploits0References2
Veracode
Veracode
added 2017/01/25 2:53 a.m.38 views

Cache-timing Attack

OpenSSL is vulnerable to a cache-timing attack. The attack exists due to a flaw in signing function of crypto/ecdsa/ecdsaossl.c which sets the BNFLGCONSTTIME flag for nonces instead of taking a secure code path in the BNmodinverse method...

5.5CVSS6.5AI score0.00594EPSS
Exploits0References22Affected Software10
CNVD
CNVD
added 2017/01/12 12:0 a.m.3 views

OpenSSL ECDSA P-256 Private Key Acquisition Vulnerability

OpenSSL is an open source capable of implementing the Secure Sockets Layer SSL v2/v3 and Secure Transport Layer TLS v1 protocols developed by the OpenSSL team as a general-purpose cryptographic library that supports a wide range of cryptographic algorithms including symmetric ciphers, hash...

5.5CVSS9.2AI score0.00594EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2016/11/03 8:8 a.m.2 views

nettle: RSA/DSA code is vulnerable to cache-timing related attacks

It was found that nettle's RSA and DSA decryption code was vulnerable to cache-related side channel attacks. An attacker could use this flaw to recover the private key from a co-located virtual-machine instance...

7.5CVSS7.4AI score0.05007EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2016/09/26 12:0 a.m.55 views

Ubuntu 14.04 LTS / 16.04 LTS : OpenSSL regression (USN-3087-2)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3087-2 advisory. USN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update...

9.8CVSS7.6AI score0.44218EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2016/09/24 12:0 a.m.60 views

Ubuntu: Security Advisory (USN-3087-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.2AI score0.95707EPSS
Exploits8References3
Tenable Nessus
Tenable Nessus
added 2016/09/23 12:0 a.m.75 views

Ubuntu 14.04 LTS / 16.04 LTS : OpenSSL vulnerabilities (USN-3087-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3087-1 advisory. Shi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request extension. A remote attacker could possibly use this issue to cau...

9.8CVSS7.5AI score0.95707EPSS
Exploits8References12
myhack58
myhack58
added 2015/04/07 12:0 a.m.19 views

Not found the rear door: open source encryption software TrueCrypt security audit-vulnerability warning-the black bar safety net

TrueCrypt is a popular open source file encryption software, which the user includes a large number of“sensitive persons”, such as businessmen, politicians, journalists, and therefore its safety has been well received by the attention. 2 0 1 4 年 5 months, the open source encryption software...

7.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/07/03 12:0 a.m.44 views

CentOS 3 / 4 : openssl (CESA-2005:476)

Updated OpenSSL packages that fix security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols as well as a...

5.6CVSS6.1AI score0.00505EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2005/06/08 12:0 a.m.35 views

Mandrake Linux Security Advisory : openssl (MDKSA-2005:096)

Colin Percival reported a cache timing attack that could be used to allow a malicious local user to gain portions of cryptographic keys CVE-2005-0109. The OpenSSL library has been patched to add a new fixed-window modexp implementation as default for RSA, DSA, and DH private key operations. The...

5.6CVSS6.3AI score0.00505EPSS
Exploits0References1
Cent OS
Cent OS
added 2005/06/01 11:22 p.m.87 views

openssl, openssl095a, openssl096 security update

CentOS Errata and Security Advisory CESA-2005:476-01 Updated OpenSSL packages that fix security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secure Sockets Layer SSL v2/v3 and...

5.6CVSS6.3AI score0.00505EPSS
Exploits0References8
Cent OS
Cent OS
added 2005/06/01 5:56 p.m.81 views

openssl, openssl096b security update

CentOS Errata and Security Advisory CESA-2005:476 Updated OpenSSL packages that fix security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secure Sockets Layer SSL v2/v3 and...

5.6CVSS6.3AI score0.00505EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2005/06/01 1:32 p.m.31 views

Moderate: Red Hat Security Advisory: openssl security update

Updated OpenSSL packages that fix security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols as well as a...

5.6CVSS6.3AI score0.00505EPSS
Exploits0References4
Rows per page
Query Builder