Lucene search
K

131 matches found

Tenable Nessus
Tenable Nessus
added 2016/05/16 12:0 a.m.60 views

OracleVM 3.3 / 3.4 : openssl (OVMSA-2016-0049) (SLOTH)

The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVPEncryptUpdate - fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC - fix CVE-2016-2108...

10CVSS7.8AI score0.89058EPSS
Exploits8References16
Tenable Nessus
Tenable Nessus
added 2016/05/12 12:0 a.m.43 views

openSUSE Security Update : compat-openssl098 (openSUSE-2016-575)

This update for compat-openssl098 fixes the following issues : - CVE-2016-2108: Memory corruption in the ASN.1 encoder bsc977617 - CVE-2016-2105: EVPEncodeUpdate overflow bsc977614 - CVE-2016-2106: EVPEncryptUpdate overflow bsc977615 - CVE-2016-2109: ASN.1 BIO excessive memory allocation bsc97694...

10CVSS7.6AI score0.77906EPSS
Exploits2References12
Oracle linux
Oracle linux
added 2016/05/12 12:0 a.m.61 views

openssl security update

1.0.1e-48.1 - fix CVE-2016-2105 - possible overflow in base64 encoding - fix CVE-2016-2106 - possible overflow in EVPEncryptUpdate - fix CVE-2016-2107 - padding oracle in stitched AES-NI CBC-MAC - fix CVE-2016-2108 - memory corruption in ASN.1 encoder - fix CVE-2016-2109 - possible DoS when readi...

10CVSS1.8AI score0.89058EPSS
Exploits8
Cloud Foundry
Cloud Foundry
added 2016/03/24 12:0 a.m.71 views

USN-2914-1 OpenSSL vulnerabilities | Cloud Foundry

USN-2914-1 OpenSSL vulnerabilities Low Vendor Ubuntu, OpenSSL Versions Affected Ubuntu 14.04 LTS SSLv1 Description Several security issues were fixed in OpenSSL. Yuval Yarom, Daniel Genkin, and Nadia Heninger discovered that OpenSSL was vulnerable to a side-channel attack on modular exponentiatio...

10CVSS8.9AI score0.32414EPSS
Exploits1
OSV
OSV
added 2016/03/03 8:59 p.m.12 views

CVE-2016-0702

The MODEXPCTIMECOPYFROMPREBUF function in crypto/bn/bnexp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the...

5.1CVSS6.8AI score
Exploits0References44
OSV
OSV
added 2016/03/03 8:59 p.m.3 views

DEBIAN-CVE-2016-0702

The MODEXPCTIMECOPYFROMPREBUF function in crypto/bn/bnexp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the...

5.1CVSS8.8AI score0.0191EPSS
Exploits1References1
Cvelist
Cvelist
added 2016/03/03 12:0 a.m.40 views

CVE-2016-0702

The MODEXPCTIMECOPYFROMPREBUF function in crypto/bn/bnexp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the...

6.3AI score0.0191EPSS
Exploits1References44
Debian CVE
Debian CVE
added 2016/03/03 12:0 a.m.64 views

CVE-2016-0702

The MODEXPCTIMECOPYFROMPREBUF function in crypto/bn/bnexp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the...

5.1CVSS7.7AI score0.0191EPSS
Exploits1
OpenVAS
OpenVAS
added 2016/03/02 12:0 a.m.44 views

Ubuntu: Security Advisory (USN-2914-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS8.3AI score0.32414EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2016/03/02 12:0 a.m.90 views

Ubuntu 14.04 LTS : OpenSSL vulnerabilities (USN-2914-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2914-1 advisory. Yuval Yarom, Daniel Genkin, and Nadia Heninger discovered that OpenSSL was vulnerable to a side-channel attack on modular exponentiation. On certain CPUs...

10CVSS7.8AI score0.32414EPSS
Exploits1References6
OSV
OSV
added 2016/03/01 1:0 p.m.3 views

UBUNTU-CVE-2016-0702

The MODEXPCTIMECOPYFROMPREBUF function in crypto/bn/bnexp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the...

5.1CVSS6.8AI score0.0191EPSS
Exploits1References5
OpenSSL
OpenSSL
added 2016/03/01 12:0 a.m.62 views

Vulnerability in OpenSSL - Side channel attack on modular exponentiation

A side-channel attack was found which makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture which could lead to the recovery of RSA keys. The ability to exploit this issue is limited as it relies on an attacker who has control of code in a thread running on the same...

6.6AI score0.0191EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2015/09/25 12:0 a.m.40 views

SUSE SLED11 / SLES11 Security Update : libgcrypt (SUSE-SU-2015:1626-1)

This update fixes the following issues : - Use ciphertext blinding for Elgamal decryption CVE-2014-3591. See http://www.cs.tau.ac.il/tromer/radioexp/ for details. bsc920057 - Fixed data-dependent timing variations in modular exponentiation related to CVE-2015-0837, Last-Level Cache Side-Channel...

5.9CVSS6AI score0.01952EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2015/09/08 12:0 a.m.31 views

openSUSE Security Update : libgcrypt (openSUSE-2015-566)

This update fixes two security vulnerabilities bsc920057 : - Use ciphertext blinding for Elgamal decryption CVE-2014-3591. See http://www.cs.tau.ac.il/tromer/radioexp/ for details. - Fixed data-dependent timing variations in modular exponentiation related to CVE-2015-0837, Last-Level Cache...

5.9CVSS6.1AI score0.01952EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2015/09/08 12:0 a.m.25 views

Amazon Linux: Security Advisory (ALAS-2015-577)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.2AI score0.01952EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2015/04/10 12:0 a.m.34 views

Debian DLA-190-1 : libgcrypt11 security update

Multiple vulnerabilities were discovered in libgcrypt : CVE-2014-3591 The Elgamal decryption routine was susceptible to a side-channel attack discovered by researchers of Tel Aviv University. Ciphertext blinding was enabled to counteract it. Note that this may have a quite noticeable impact on...

5.9CVSS6.2AI score0.01952EPSS
Exploits0References4
Debian
Debian
added 2015/04/09 10:44 a.m.33 views

[SECURITY] [DLA 190-1] libgcrypt11 security update

Package : libgcrypt11 Version : 1.4.5-2+squeeze3 CVE ID : CVE-2014-3591 CVE-2015-0837 Multiple vulnerabilities were discovered in libgcrypt: CVE-2014-3591 The Elgamal decryption routine was susceptible to a side-channel attack discovered by researchers of Tel Aviv University. Ciphertext blinding...

5.9CVSS6.2AI score0.01952EPSS
Exploits0
OSV
OSV
added 2015/04/09 12:0 a.m.37 views

DLA-190-1 libgcrypt11 - security update

Bulletin has no description...

5.9CVSS5.6AI score0.01952EPSS
Exploits0
OSV
OSV
added 2015/03/17 12:0 a.m.34 views

DLA-175-1 gnupg - security update

Bulletin has no description...

5.9CVSS5.7AI score0.01952EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/03/13 12:0 a.m.25 views

Debian DSA-3184-1 : gnupg - security update

Multiple vulnerabilities were discovered in GnuPG, the GNU Privacy Guard : - CVE-2014-3591 The Elgamal decryption routine was susceptible to a side-channel attack discovered by researchers of Tel Aviv University. Ciphertext blinding was enabled to counteract it. Note that this may have a quite...

5.9CVSS6.2AI score0.01952EPSS
Exploits0References9
Rows per page
Query Builder