Timing Attack

jsrsasign is vulnerable to timing attack. A timing attack can be performed to discover the private key due to the usage of an unsafe method for ECDSA key generation and signing in the signHex function...

The vulnerability of the PRNG component of the FortiOS operating system allows a hacker to gain unauthorized access to protected information.

The vulnerability of the PRNG component in the FortiOS operating system relates to the use of a weak entropy source during key generation. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information, when FortiOS acts as a client...

Threat Analysis: Active C2 Discovery Using Protocol Emulation Part2 (Winnti 4.0)

Summary The VMware Carbon Black Threat Analysis Unit TAU previously released a blog post documenting the Winnti version 4.0 malware. The new command and control C2 protocol that was implemented in one of the 4.0 samples was completely different from the existing understanding of the 3.0 protocol...

Security advisory YSA-2020-02, YSA-2020-03 | Yubico | YubiKey

The libykpiv library, included in the Yubico PIV Tool project and the YubiKey Smart Card Minidriver, does not properly check embedded length fields during device communication. A maliciously-crafted PIV token could possibly misreport the returned length fields during RSA key generation. This coul...

Huawei EulerOS: Security Advisory for openssl110f (EulerOS-SA-2018-1214)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2015-0558

The ADB formerly Pirelli Broadband Solutions P.DGA4001N router with firmware PDGTEFSP4.06L.6, and possibly other routers, uses "1236790" and the MAC address to generate the WPA key...

Security Bulletin: Vulnerabilities CVE-2018-0732 and CVE-2018-0737 in OpenSSL affect IBM i

Summary OpenSSL is used by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2018-0732 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the sending of a very large prime value to the client by a malicious server during key agreement in a TLS...

The vulnerability of the p256-ECDH key generation function in browsers Firefox, Firefox ESR, and the email client Thunderbird allows a hacker to induce a service failure.

The vulnerability of the p256-ECDH key generation function in Firefox browsers, Firefox ESR, and the Thunderbird email client is related to a lack of mechanisms for verifying input data. Exploiting this vulnerability can allow an attacker to cause service failures...

UBUNTU-CVE-2012-2130

A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys...

CVE-2013-2228

SaltStack RSA Key Generation allows remote users to decrypt communications...

Code injection

SaltStack RSA Key Generation allows remote users to decrypt communications...

CVE-2013-2228

SaltStack RSA Key Generation allows remote users to decrypt communications...

CVE-2013-2228

Removed by vendor...

CVE-2013-2228

Technical details about CVE-2013-2228 are not publicly provided in the supplied documents. Monitor for updates and new advisories.

CVE-2013-2228

SaltStack RSA Key Generation allows remote users to decrypt communications...

CVE-2011-4121

The OpenSSL extension of Ruby Git trunk versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation...

Design/Logic Flaw

The OpenSSL extension of Ruby Git trunk versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation...

CVE-2011-4121

The OpenSSL extension of Ruby Git trunk versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation...

Debian DLA-2002-1 : libice security update

It has been found, that libice, an X11 Inter-Client Exchange library, uses weak entropy to generate keys. Using arc4randombuf from libbsd should avoid this flaw. For Debian 8 'Jessie', this problem has been fixed in version 2:1.0.9-1+deb8u1. We recommend that you upgrade your libice packages. NOT...

RHEL 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 7 (Important) (RHSA-2019:3933)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3933 advisory. This release adds the new Apache HTTP Server 2.4.37 packages that are part of the JBoss Core Services offering. This release serves as a...