Lucene search
K

257 matches found

Positive Technologies
Positive Technologies
added 2025/06/30 12:0 a.m.4 views

PT-2025-27492 · Unknown · Tiny-Secp256K1

Name of the Vulnerable Software and Affected Versions: tiny-secp256k1 versions prior to 1.1.7 Description: A private key can be extracted when signing a malicious JSON-stringifiable object, affecting environments where the global Buffer is the buffer package. The Buffer.isBuffer check can be...

9.1CVSS7.4AI score0.00317EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/06/30 12:0 a.m.5 views

PT-2025-28010

Name of the Vulnerable Software and Affected Versions: Mbed TLS versions prior to 3.6.4 Description: The issue is related to a race condition in AESNI detection that can occur under certain compiler optimizations. This could potentially allow an attacker to extract an AES key from a multithreaded...

7.8CVSS7.1AI score0.00189EPSS
Exploits1References56
RedhatCVE
RedhatCVE
added 2025/06/18 12:2 a.m.10 views

CVE-2025-27587

OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVPDigestSign API, and then using the private key to extract the K value nonce from the signatures. Next, based on the bit size of t...

5.3CVSS6AI score0.00361EPSS
Exploits0References1
NVD
NVD
added 2025/06/16 10:15 p.m.31 views

CVE-2025-27587

OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVPDigestSign API, and then using the private key to extract the K value nonce from the signatures. Next, based on the bit size of t...

5.3CVSS0.00361EPSS
Exploits0References2
OSV
OSV
added 2025/06/16 10:15 p.m.8 views

DEBIAN-CVE-2025-27587

OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVPDigestSign API, and then using the private key to extract the K value nonce from the signatures. Next, based on the bit size of t...

5.3CVSS7.2AI score0.00361EPSS
Exploits0References1
OSV
OSV
added 2025/06/16 10:15 p.m.5 views

CVE-2025-27587

OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVPDigestSign API, and then using the private key to extract the K value nonce from the signatures. Next, based on the bit size of t...

5.3CVSS6.8AI score
Exploits0References2
Cvelist
Cvelist
added 2025/06/16 12:0 a.m.62 views

CVE-2025-27587

OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVPDigestSign API, and then using the private key to extract the K value nonce from the signatures. Next, based on the bit size of t...

0.00361EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/16 12:0 a.m.4 views

OpenSSL 安全漏洞

OpenSSL is an open source general-purpose cryptographic library capable of implementing the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols from the OpenSSL team. It supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...

5.3CVSS7.3AI score0.00361EPSS
Exploits0References4
CVE
CVE
added 2025/06/16 12:0 a.m.100 views

CVE-2025-27587

CVE-2025-27587 affects OpenSSL 3.0.0–3.3.2 on the PowerPC architecture. The vulnerability arises from a Minerva-side-channel attack that can be exploited by measuring the signing time of random messages via EVP_DigestSign, enabling extraction of the nonce (K) and potential private-key leakage. Th...

5.3CVSS6.8AI score0.00361EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/06/16 12:0 a.m.11 views

CVE-2025-27587

OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVPDigestSign API, and then using the private key to extract the K value nonce from the signatures. Next, based on the bit size of t...

5.3CVSS7.2AI score0.00361EPSS
Exploits0
Cvelist
Cvelist
added 2025/06/11 8:1 a.m.35 views

CVE-2025-29756 MQTT implementation in Sungrow iSolarCloud allowed users to subscribe to all data of all connected inverters

SunGrow's back end users system iSolarCloud https://isolarcloud.com uses an MQTT service to transport data from the user's connected devices to the user's web browser. The MQTT server however did not have sufficient restrictions in place to limit the topics that a user could subscribe to. While...

8.3CVSS0.00212EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 10:31 a.m.13 views

CVE-2024-45678

Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack that requires physical access and expensive equipment in which an electromagnetic side channel is present because of a non-constant-time modular...

4.2CVSS6.9AI score0.00329EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 9:50 p.m.6 views

CVE-2022-25569

Bettini Srl GAMS Product Line v4.3.0 was discovered to re-use static SSH keys across installations, allowing unauthenticated attackers to login as root users via extracting a key from the software...

9.8CVSS7.4AI score0.01133EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:55 p.m.6 views

CVE-2020-25082

An attacker with physical access to Nuvoton Trusted Platform Module NPCT75x 7.2.x before 7.2.2.0 could extract an Elliptic Curve Cryptography ECC private key via a side-channel attack against ECDSA, because of an Observable Timing Discrepancy...

3.8CVSS6.5AI score0.00207EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:53 p.m.7 views

CVE-2020-25232

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Due to the usage of an insecure random number generation function and a deprecated cryptographic function, an attacker could extract the key that is used when communicating with an affected device on port...

7.5CVSS6.7AI score0.00659EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:50 p.m.8 views

CVE-2020-25230

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Due to the usage of an outdated cipher mode on port 10005/tcp, an attacker could extract the encryption key from a captured communication with the device...

7.5CVSS6.6AI score0.004EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:24 p.m.6 views

CVE-2020-27209

The ECDSA operation of the micro-ecc library 1.0 is vulnerable to simple power analysis attacks which allows an adversary to extract the private ECC key...

7.5CVSS6.8AI score0.01537EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 10:6 a.m.10 views

CVE-2019-13140

Inteno EG200 EG200-WU7P1UADAMO3.16.4-1902261650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP...

6.5CVSS7AI score0.02035EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:7 a.m.7 views

CVE-2019-14334

An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated Certificate and RSA Private Key extraction through an insecure sslcert-get.cgi HTTP command...

5.5CVSS6.9AI score0.0043EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:3 a.m.7 views

CVE-2019-13054

The Logitech R500 presentation clicker allows attackers to determine the AES key, leading to keystroke injection. On Windows, any text may be injected by using ALT+NUMPAD input to bypass the restriction on the characters A through Z...

6.5CVSS7.3AI score0.00849EPSS
Exploits1References1
Rows per page
Query Builder