93 matches found
EUVD-2024-25920
Malicious code in bioql PyPI...
EUVD-2024-0448
Malicious code in bioql PyPI...
EUVD-2025-18430
Malicious code in bioql PyPI...
K000156613: OpenSSL for PowerPC vulnerability CVE-2025-27587
Security Advisory Description OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVPDigestSign API, and then using the private key to extract the K value nonce from the signatures...
Linux Distros Unpatched Vulnerability : CVE-2024-28834
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to...
Linux Distros Unpatched Vulnerability : CVE-2025-27587
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using...
Linux Distros Unpatched Vulnerability : CVE-2024-23342
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ecdsa PyPI package is a pure Python implementation of ECC Elliptic Curve Cryptography with support for ECDSA Elliptic Curve Digital Signature Algorithm, EdD...
CVE-2025-27587
OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVPDigestSign API, and then using the private key to extract the K value nonce from the signatures. Next, based on the bit size of t...
DEBIAN-CVE-2025-27587
OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVPDigestSign API, and then using the private key to extract the K value nonce from the signatures. Next, based on the bit size of t...
CVE-2025-27587
OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVPDigestSign API, and then using the private key to extract the K value nonce from the signatures. Next, based on the bit size of t...
CVE-2025-27587
OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVPDigestSign API, and then using the private key to extract the K value nonce from the signatures. Next, based on the bit size of t...
OpenSSL 安全漏洞
OpenSSL is an open source general-purpose cryptographic library capable of implementing the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols from the OpenSSL team. It supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...
CVE-2025-27587
OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVPDigestSign API, and then using the private key to extract the K value nonce from the signatures. Next, based on the bit size of t...
CVE-2025-27587
CVE-2025-27587 affects OpenSSL 3.0.0–3.3.2 on the PowerPC architecture. The vulnerability arises from a Minerva-side-channel attack that can be exploited by measuring the signing time of random messages via EVP_DigestSign, enabling extraction of the nonce (K) and potential private-key leakage. Th...
CVE-2025-27587
OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVPDigestSign API, and then using the private key to extract the K value nonce from the signatures. Next, based on the bit size of t...
CVE-2025-27587
OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVPDigestSign API, and then using the private key to extract the K value nonce from the signatures. Next, based on the bit size of t...
SUSE CVE-2025-27587
OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVPDigestSign API, and then using the private key to extract the K value nonce from the signatures. Next, based on the bit size of t...
Linux Distros Unpatched Vulnerability : CVE-2023-6135
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple NSS NIST curves were susceptible to a side-channel attack known as Minerva. This attack could potentially allow an attacker to recover the private key...
Astra Linux - уязвимость в gnutls28
A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLSPRIVKEYFLAGREPRODUCIBLE flag, it can result in a noticeable step in nonce...
RHEL 8 : Satellite 6.15.5 Async Update (Moderate) (RHSA-2024:10806)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:10806 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity t...