18 matches found
EUVD-2026-34159
OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Prior to version 4.11.0, on many of the ECDH shared secret paths, the public key isn't verified to be a point on the correct curve. By...
Cost-Effective Optimization and Implementation of the CRT-Paillier Decryption Algorithm for Enhanced Performance
To address the privacy protection problem in cloud computing, privacy enhancement techniques such as the Paillier additive homomorphism algorithm are receiving widespread attention. Paillier algorithm allows addition and scalar multiplication operations in dencrypted state, which can effectively...
Verifiable Weighted Secret Sharing
Traditionally, threshold secret sharing TSS schemes assume all parties have equal weight, yet emerging systems like blockchains reveal disparities in party trustworthiness, such as stake or reputation. Weighted Secret Sharing WSS addresses this by assigning varying weights to parties, ensuring...
Oracle MySQL Server <= 5.5.45 / 5.6 <= 5.6.26 Security Update (cpujan2016) - Windows
Oracle MySQL Server is prone to a vulnerability in a third party library. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MariaDB 10.1.0 < 10.1.9 Multiple Vulnerabilities
The version of MariaDB installed on the remote host is prior to 10.1.9. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.1.9 advisory. - Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality,...
Amazon Linux AMI : mysql56 (ALAS-2016-684)
wolfSSL formerly CyaSSL before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem CRT process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS...
Mageia: Security Advisory (MGASA-2016-0072)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated libgcrypt packages fix security vulnerabilities
Updated libgcrypt packages fix security vulnerability: Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered that the ECDH secret decryption keys in applications using the libgcrypt20 library could be leaked via a side-channel attack CVE-2015-7511. The libgcrypt package was also...
Security update for MySQL (important)
This update to MySQL 5.6.28 fixes the following issues bsc962779: - CVE-2015-7744: Lack of verification against faults associated with the Chinese Remainder Theorem CRT process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote...
openSUSE Security Update : MySQL (openSUSE-2016-165)
This update to MySQL 5.6.28 fixes the following issues bsc962779 : - CVE-2015-7744: Lack of verification against faults associated with the Chinese Remainder Theorem CRT process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote...
OpenSSL CVE-2 0 1 6-0 7 0 1 Private Key Recovery attack vulnerability analysis-vulnerability warning-the black bar safety net
by: au2o3t @3 6 0 Cloud Security Team 0x01 Foreword 2 0 1 6 1 2 8, OpenSSL official published number for the CVE-2 0 1 6-0 7 0 1 vulnerabilities. The vulnerability occurs in the OpenSSL 1.0.2 versionOpenSSL 1.0.2 f and later versions not affected, when using the DH algorithm to a different client...
OpenSSL Cryptographic Algorithm Cracking Vulnerability
OpenSSL is a general-purpose open source cryptographic library that implements Secure Sockets Layer and Secure Transport Layer protocols and can support a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure hashing algorithms, and so on. OpenSSL there is a...
CVE-2015-7744
wolfSSL formerly CyaSSL before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem CRT process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS...
Design/Logic Flaw
wolfSSL formerly CyaSSL before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem CRT process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS...
CVE-2015-7744
wolfSSL formerly CyaSSL before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem CRT process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS...
CVE-2015-7744
wolfSSL formerly CyaSSL before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem CRT process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS...
CVE-2015-7744
CVE-2015-7744 affects wolfSSL (formerly CyaSSL) before 3.6.8. The flaw is in handling faults during the CRT-based RSA key exchange when performing ephemeral key exchange on servers with limited memory, enabling remote attackers to extract private RSA keys from TLS handshakes (Lenstra attack). Pub...
OpenJDK: insufficient hardening of RSA-CRT implementation (JCE, 8071726)
It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures...