985 matches found
ALPINE-CVE-2020-12400
When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox 80 and Firefox for Android 80...
DEBIAN-CVE-2020-12400
When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox 80 and Firefox for Android 80...
Design/Logic Flaw
When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox 80 and Firefox for Android 80...
CVE-2020-12400
When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox 80 and Firefox for Android 80...
VEF
This is a Vulnerability Exploitation Framework VEF repository, which is a collection of tools and scripts for exploiting vulnerabilities in various systems and applications. The framework is written in Python and utilizes various APIs from different vulnerability databases, including Censys, Fofa...
nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function
A side-channel flaw was found in NSS, in the way P-384 and P-521 curves are used in the generation of EDSA signatures, leaking partial information about the ECDSA nonce. Given a small number of ECDSA signatures, this information can be used to steal the private key. The highest threat from this...
Fedora: Security Advisory for pandoc (FEDORA-2020-c39d7a562c)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SIMATIC S7-300 has a Denial of Service Vulnerability
The S7-300 is a modular compact PLC system. A denial of service vulnerability exists in SIMATIC S7-300, which can be exploited by an attacker to cause a denial of service to the server...
Fedora: Security Advisory for knot-resolver (FEDORA-2020-52e28feab6)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 31 Update: knot-resolver-5.1.3-1.fc31
The Knot Resolver is a DNSSEC-enabled caching full resolver implementation written in C and LuaJIT, including both a resolver library and a daemon. Modular architecture of the library keeps the core tiny and efficient, and provides a state-machine like API for extensions. The package is...
Spyre - Simple YARA-based IOC Scanner
...a simple, self-contained modular host-based IOC scanner Spyre is a simple host-based IOC scanner built around the YARA pattern matching engine and other scan modules. The main goal of this project is easy operationalization of YARA rules and other indicators of compromise. Users need to bring...
Hardcodes - Find Hardcoded Strings From Source Code
hardcodes is a utility for searching strings hardcoded by developers in programs. It uses a modular tokenizer that can handle comments, any number of backslashes & nearly any syntax you throw at it. Yes, it is designed to process any syntax and following languages are officially supported: ada,...
[SECURITY] Fedora 32 Update: eclipse-ecf-3.14.8-4.fc32
ECF is a set of frameworks for building communications into applications and services. It provides a lightweight, modular, transport-independent, fully compliant implementation of the OSGi Remote Services standard...
The vulnerability of the modular inversion function of the NSS libraries allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the modular inversion function in Network Security Services libraries is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...
UBUNTU-CVE-2020-12400
When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox 80 and Firefox for Android 80...
Mistica - An Open Source Swiss Army Knife For Arbitrary Communication Over Application Protocols
Mística is a tool that allows to embed data into application layer protocol fields, with the goal of establishing a bi-directional channel for arbitrary communications. Currently, encapsulation into HTTP, DNS and ICMP protocols has been implemented, but more protocols are expected to be introduce...
Moderate: Red Hat Security Advisory: grub2 security and bug fix update
An update for grub2, shim, shim-signed, and fwupdate is now available for Red Hat Enterprise Linux 7.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
Moderate: Red Hat Security Advisory: grub2 security and bug fix update
An update for grub2, shim, and shim-signed is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco Extended Update Support, and Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions. Red Hat Product Security has rated this update as...
Moderate: Red Hat Security Advisory: grub2 security and bug fix update
An update for grub2, shim, shim-signed, and fwupdate is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this...
PT-2021-6718
Name of the Vulnerable Software and Affected Versions Arm Mbed TLS versions prior to 2.23.0 Description The issue is related to a side channel in modular exponentiation, which could disclose an RSA private key used in a secure enclave. This is due to a dependency of the instruction timing on the...