Lucene search
+L

22 matches found

debian
debian
added 2026/05/22 9:50 p.m.14 views

[SECURITY] [DSA 6294-1] libgcrypt20 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6294-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 22, 2026 https://www.debian.org/security/faq -...

6.7CVSS5.8AI score0.00182EPSS
Exploits0
astralinux
astralinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Firefox

Multiple NSS NIST curves were vulnerable to a side-channel attack known as “Minerva”. This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox versions less than 121...

4.3CVSS6.3AI score0.00714EPSS
Exploits0References2
osv
osv
added 2024/08/06 8:48 p.m.7 views

CLSA-2024-1722977316 nss: Fix of CVE-2023-6135

CVE-2023-6135: fix a vulnerability in NSS involving NIST curves susceptible to the "Minerva" side-channel attack, potentially allowing private key recovery...

4.3CVSS6.4AI score0.00714EPSS
Exploits0References1
openvas
openvas
added 2024/04/12 12:0 a.m.29 views

Ubuntu: Security Advisory (USN-6727-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS7.4AI score0.00816EPSS
Exploits0References3
ubuntu
ubuntu
added 2024/04/11 6:18 p.m.53 views

USN-6727-2: NSS regression

USN-6727-1 fixed vulnerabilities in NSS. The update introduced a regression when trying to load security modules on Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that NSS incorrectly handled...

7.5AI score
Exploits0References1
openvas
openvas
added 2024/04/11 12:0 a.m.30 views

Ubuntu: Security Advisory (USN-6727-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS7.4AI score0.00816EPSS
Exploits0References2
ubuntu
ubuntu
added 2024/04/10 1:40 p.m.423 views

USN-6727-1: NSS vulnerabilities

It was discovered that NSS incorrectly handled padding when checking PKCS1 certificates. A remote attacker could possibly use this issue to perform Bleichenbacher-like attacks and recover private data. This issue only affected Ubuntu 20.04 LTS. CVE-2023-4421 It was discovered that NSS had a timin...

6.5CVSS7.4AI score0.00816EPSS
Exploits0
osv
osv
added 2024/04/10 1:40 p.m.6 views

USN-6727-1 nss vulnerabilities

It was discovered that NSS incorrectly handled padding when checking PKCS1 certificates. A remote attacker could possibly use this issue to perform Bleichenbacher-like attacks and recover private data. This issue only affected Ubuntu 20.04 LTS. CVE-2023-4421 It was discovered that NSS had a timin...

6.5CVSS6.7AI score0.00816EPSS
Exploits0References4
nessus
nessus
added 2024/03/12 12:0 a.m.32 views

Rocky Linux 8 : nss (RLSA-2024:0786)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:0786 advisory. - Multiple NSS NIST curves were susceptible to a side-channel attack known as Minerva. This attack could potentially allow an attacker to recover the private key...

4.3CVSS7.2AI score0.00714EPSS
Exploits0References3
nessus
nessus
added 2024/02/14 12:0 a.m.34 views

AlmaLinux 9 : nss (ALSA-2024:0790)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:0790 advisory. - Multiple NSS NIST curves were susceptible to a side-channel attack known as Minerva. This attack could potentially allow an attacker to recover the private key...

4.3CVSS7.2AI score0.00714EPSS
Exploits0References2
nessus
nessus
added 2024/02/12 12:0 a.m.38 views

RHEL 9 : nss (RHSA-2024:0791)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0791 advisory. Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server...

4.3CVSS7.3AI score0.00714EPSS
Exploits0References5
osv
osv
added 2023/12/19 2:15 p.m.9 views

CVE-2023-6135

Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox 121...

4.3CVSS3.9AI score
Exploits0References3
nvd
nvd
added 2023/12/19 2:15 p.m.19 views

CVE-2023-6135

Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox 121...

4.3CVSS0.00714EPSS
Exploits0References3
cve
cve
added 2023/12/19 1:38 p.m.200 views

CVE-2023-6135

CVE-2023-6135 corresponds to a Minerva side-channel vulnerability affecting NSS and Firefox, potentially enabling private-key recovery. The primary affected component is NSS NIST curves; Firefox versions before 121 are listed as affected. Public documents indicate remediation through updated NSS ...

4.3CVSS4.3AI score0.00714EPSS
Exploits0References3Affected Software1
vulnrichment
vulnrichment
added 2023/12/19 1:38 p.m.23 views

CVE-2023-6135

Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox 121...

6.1AI score0.00714EPSS
Exploits0References3
mozilla
mozilla
added 2023/12/19 12:0 a.m.153 views

Security Vulnerabilities fixed in Firefox 121 — Mozilla

The WebGL DrawElementsInstanced method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. Multiple NSS NIST curves were susceptible to a side-channel attack known as...

8.8CVSS9.1AI score0.20472EPSS
Exploits0References18Affected Software1
filippoio
filippoio
added 2023/10/24 2:56 p.m.28 views

Why We Don’t Generate Elliptic Curves Every Day

With all the talk recently of how the NIST curve parameters were selected, a reasonable observer could wonder why we all use the same curves instead of generating them along with keys, like we do for Diffie-Hellman parameters. You might have memories of waiting around for openssl dhparam to run a...

7.3AI score
Exploits0
filippoio
filippoio
added 2023/01/04 4:10 p.m.32 views

Go 1.20 Cryptography

The first second release candidate of Go 1.20 is out!1 This is the first release I participated in as an independent maintainer, after leaving Google to become a professional Open Source maintainer. By the way, thats going great, and Im going to write more about it here soon! Im pretty happy with...

6.1AI score
Exploits0
filippoio
filippoio
added 2022/09/12 9:37 p.m.39 views

Planning Go 1.20 Cryptography Work

As you might know, I left Google in spring to try and make the concept of a professional Open Source maintainer a thing. Im staying on as a maintainer of the Go cryptography standard library, and I am going to seek funding from companies that rely on it, want to ensure its security and reliabilit...

6.9AI score
Exploits0
filippoio
filippoio
added 2022/08/04 2:52 p.m.33 views

A Wide Reduction Trick

In line with the original spirit of Cryptography Dispatches, this is a quick1 issue to talk about a neat bit of cryptography engineering I encountered. The structure of an ECC implementation Elliptic curve cryptography implementations all roughly share the following structure: theres a base field...

6.7AI score
Exploits0
Rows per page
Query Builder