Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Security Release on RHEL 6

Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys

OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key...

openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys

OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key...

openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys

OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key...

Broadcom Brocade SANnav Encryption Issue Vulnerability

Broadcom Brocade SANnav is a suite of SAN management platforms from Broadcom USA. A security vulnerability exists in the encryption key generation process in the PBE algorithm of Broadcom Brocade SANnav versions prior to 2.0. An attacker can exploit this vulnerability to decrypt passwords...

CVE-2019-16208

Password-based encryption PBE algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services Radius, TACAS, etc...

CVE-2019-16208

Password-based encryption PBE algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services Radius, TACAS, etc...

Cross site scripting

Password-based encryption PBE algorithm, of Brocade SANnav versions before v2.0, has a weakness in generating cryptographic keys that may allow an attacker to decrypt passwords used with several services Radius, TACAS, etc...

CVE-2019-16208

CVE-2019-16208 concerns Broadcom/Brocade SANnav prior to version 2.0, where the underlying password-based encryption (PBE) key-generation process is weak. This weakness may allow an attacker to decrypt passwords used by several services (e.g., Radius, TACACS) due to insufficient cryptographic str...

CVE-2013-2257

CVE-2013-2257 affects Cryptocat prior to version 2.0.42. The issue is described as a Group Chat ECC Private Key Generation Brute Force Weakness, indicating weakness in how ECC private keys for group chats are generated. The public descriptions in connected records consistently reference Cryptocat

CVE-2013-2257

Cryptocat before 2.0.42 has Group Chat ECC Private Key Generation Brute Force Weakness...

[SECURITY] Fedora 31 Update: python-ecdsa-0.13.3-1.fc31

This is an easy-to-use implementation of ECDSA cryptography Elliptic Curve Digital Signature Algorithm, implemented purely in Python, released under the MIT license. With this library, you can quickly create keypairs signing key and verifying key, sign messages, and verify the signatures. The key...

CVE-2019-3739

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys...

CVE-2019-3739

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys...

Information disclosure

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys...

CVE-2019-3740

CVE-2019-3740 concerns RSA BSAFE Crypto-J used by Oracle GoldenGate Install (Dell BSAFE Crypto-J). The root cause is a timing-discrepancy vulnerability during DSA key generation that could allow a remote attacker to recover DSA private keys. Affected product/component: Oracle GoldenGate (Install ...

CVE-2019-3739

CVE-2019-3739 concerns RSA BSAFE Crypto-J versions prior to 6.2.5, where information exposure can occur via timing discrepancy during ECDSA key generation. The vulnerability could allow a remote attacker to recover ECDSA keys. The provided documents identify the affected component as Dell/Certico...

CVE-2019-3740

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys...

EulerOS 2.0 SP8 : compat-openssl10 (EulerOS-SA-2019-1643)

According to the versions of the compat-openssl10 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the clien...

SUSE-SU-2019:1553-1 Security update for openssl

This update for openssl fixes the following issues: - CVE-2018-0732: Reject excessively large primes in DH key generation bsc1097158 - CVE-2018-0734: Timing vulnerability in DSA signature generation bsc1113652 - CVE-2018-0737: Cache timing vulnerability in RSA Key Generation bsc1089039 -...