30 matches found
Security Bulletin: Vulerability in IBM Spectrum Symphony with OpenSSL
Summary Vulerability in IBM Spectrum Symphony with OpenSSL Vulnerability Details CVEID:CVE-2024-13176 DESCRIPTION: Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDS...
EUVD-2024-51400
Malicious code in bioql PyPI...
Azure Linux 3.0 Security Update: edk2 / openssl (CVE-2024-13176)
The version of edk2 / openssl installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-13176 advisory. - Issue summary: A timing side-channel which could potentially allow recovering the private key exists...
OESA-2025-1288 compat-openssl11 security update
OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation...
Amazon Linux 2 : openssl11 (ALAS-2025-2781)
The version of openssl11 installed on the remote host is prior to 1.1.1zb-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2781 advisory. Issue summary: A timing side-channel which could potentially allow recoveringthe private key exists in the ECDSA signature...
Medium: openssl
Issue Overview: Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring...
Linux Distros Unpatched Vulnerability : CVE-2024-13176
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timin...
Security Bulletin: z/Transaction Processing Facility is affected by an OpenSSL vulnerability
Summary The z/TPF version of OpenSSL was updated to address the vulnerability described by CVE-2024-13176. Vulnerability Details CVEID:CVE-2024-13176 DESCRIPTION: Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computatio...
CVE-2024-13176
Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would...
AZL-56010 CVE-2024-13176 affecting package openssl for versions less than 1.1.1k-36
Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would...
CVE-2024-13176
Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would...
CVE-2024-13176 Timing side-channel in ECDSA signature computation
Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would...
CVE-2024-13176 Timing side-channel in ECDSA signature computation
Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would...
CVE-2024-13176 Timing side-channel in ECDSA signature computation
Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would...
PT-2025-2037
Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would require either local access to the signing...
TortoiseSVN < 1.14.7 Weak PRNG Vulnerability
TortoiseSVN 1.14.6 contains a vulnerable version of Putty SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
WinSCP < 6.3.3 Key Recovery Attack Vulnerability
The version of WinSCP installed on the remote Windows host is prior to 6.3.3. It is, therefore, affected by a key recovery attack vulnerability. In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in...
[SECURITY] [DLA 3839-1] putty security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3839-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès June 20, 2024 https://wiki.debian.org/LTS -...
Debian dla-3839 : pterm - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3839 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3839-1 [email protected] https://www.debian.org/lts/security/...
Fedora 39 : putty (2024-cba85cc558)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-cba85cc558 advisory. Security fix for CVE-2024-31497. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...