Lucene search
K

131 matches found

RedHat Linux
RedHat Linux
added 2020/11/04 2:16 a.m.3 views

openssl: Integer overflow in RSAZ modular exponentiation on x86_64

An integer overflow was found in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. As per upstream: No EC algorithms are affected. Attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are...

5.3CVSS6.6AI score0.14298EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2020/10/28 4:2 p.m.5 views

openssl: Integer overflow in RSAZ modular exponentiation on x86_64

An integer overflow was found in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. As per upstream: No EC algorithms are affected. Attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are...

5.3CVSS6.6AI score0.14298EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2020/10/28 3:49 p.m.7 views

openssl: Integer overflow in RSAZ modular exponentiation on x86_64

An integer overflow was found in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. As per upstream: No EC algorithms are affected. Attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are...

5.3CVSS6.6AI score0.14298EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2020/07/02 12:0 a.m.5 views

PT-2021-6718

Name of the Vulnerable Software and Affected Versions Arm Mbed TLS versions prior to 2.23.0 Description The issue is related to a side channel in modular exponentiation, which could disclose an RSA private key used in a secure enclave. This is due to a dependency of the instruction timing on the...

9.8CVSS6.6AI score0.02569EPSS
Exploits6References62
Tenable Nessus
Tenable Nessus
added 2020/07/01 12:0 a.m.37 views

Debian DLA-2266-1 : nss security update

Several vulnerabilities were fixed in nss, the Network Security Service libraries. CVE-2020-12399 Force a fixed length for DSA exponentiation. CVE-2020-12402 Side channel vulnerabilities during RSA key generation. For Debian 8 'Jessie', these problems have been fixed in version 2:3.26-1+debu8u11...

4.4CVSS7.3AI score0.00651EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2020/06/26 12:0 a.m.4 views

The vulnerability of the BN_mod_exp function (crypto/bn/asm/x86_64-mont5.pl) in the OpenSSL library, which allows a perpetrator to gain unauthorized access to confidential data

The vulnerability of the BNmodexp function crypto/bn/asm/x8664-mont5.pl in the OpenSSL library is related to the lack of protection for service data. Exploiting this vulnerability could allow a remote attacker to gain unauthorized access to confidential data...

7.8CVSS6.8AI score0.25137EPSS
Exploits1References5Affected Software3
Tenable Nessus
Tenable Nessus
added 2020/06/17 12:0 a.m.31 views

EulerOS 2.0 SP2 : libgcrypt (EulerOS-SA-2020-1672)

According to the versions of the libgcrypt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proxima...

5.9CVSS6.1AI score0.01952EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/02/26 12:0 a.m.30 views

SUSE SLES12 Security Update : openssl (SUSE-SU-2020:0474-1)

This update for openssl fixes the following issues : Security issue fixed : CVE-2019-1551: Fixed an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli bsc1158809. Non-security issue fixed: Fixed a crash in BNcopy bsc1160163. Note that Tenable Networ...

5.3CVSS6.9AI score0.14298EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.27 views

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-2699)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS6.3AI score0.14298EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/01/13 12:0 a.m.26 views

SUSE SLED15 / SLES15 Security Update : openssl-1_0_0 (SUSE-SU-2020:0064-1)

This update for openssl-100 fixes the following issues : Security issue fixed : CVE-2019-1551: Fixed an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli bsc1158809. Note that Tenable Network Security has extracted the preceding description block...

5.3CVSS6.9AI score0.14298EPSS
Exploits0References4
OSV
OSV
added 2020/01/10 10:2 a.m.6 views

SUSE-SU-2020:0064-1 Security update for openssl-1_0_0

This update for openssl-100 fixes the following issues: Security issue fixed: - CVE-2019-1551: Fixed an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli bsc1158809...

5.3CVSS5.9AI score0.14298EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/01/09 12:0 a.m.250 views

OpenSSL 1.0.2 < 1.0.2u Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.0.2u. It is, therefore, affected by a vulnerability as referenced in the 1.0.2u advisory. - There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are...

5.3CVSS6.9AI score0.14298EPSS
Exploits0References4
OSV
OSV
added 2020/01/07 2:11 p.m.5 views

SUSE-SU-2020:0028-1 Security update for openssl-1_0_0

This update for openssl-100 fixes the following issues: Security issue fixed: - CVE-2019-1551: Fixed an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli bsc1158809...

5.3CVSS5.9AI score0.14298EPSS
Exploits0References3
OSV
OSV
added 2020/01/05 3:37 p.m.7 views

MGASA-2020-0023 Updated openssl packages fix security vulnerability

Updated compat-openssl10 and openssl packages fix security vulnerability: There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and...

5.3CVSS5.8AI score0.14298EPSS
Exploits0References3
Veracode
Veracode
added 2019/12/10 6:8 a.m.155 views

Integer Overflow

OpenSSL is vulnerable to integer overflows. It exists due to a mishandling of overflow in rsaz512sqr for the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli...

5.3CVSS3.9AI score0.14298EPSS
Exploits0References32Affected Software14
Prion
Prion
added 2019/12/06 6:15 p.m.52 views

Buffer overflow

There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are...

5CVSS5.5AI score0.14298EPSS
Exploits0References24Affected Software9
CVE
CVE
added 2019/12/06 5:20 p.m.549 views

CVE-2019-1551

CVE-2019-1551 refers to an overflow bug in the x64_64 Montgomery squaring procedure used in OpenSSL during exponentiation with 512-bit moduli. OpenSSL notes no impact to EC, while DH512 attacks are only just feasible under certain conditions. Public disclosures and advisories confirm the issue an...

5.3CVSS6AI score0.14298EPSS
Exploits0References24Affected Software1
NVD
NVD
added 2019/11/29 10:15 p.m.23 views

CVE-2015-0837

The mpipowm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."...

5.9CVSS5.7AI score0.01952EPSS
Exploits0References5
OSV
OSV
added 2019/11/29 10:15 p.m.1 views

DEBIAN-CVE-2015-0837

The mpipowm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."...

5.9CVSS5.9AI score0.01952EPSS
Exploits0References1
Prion
Prion
added 2019/11/29 10:15 p.m.26 views

Design/Logic Flaw

The mpipowm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."...

4.3CVSS6.2AI score0.01952EPSS
Exploits0References5Affected Software3
Rows per page
Query Builder