Lucene search
+L

200 matches found

F5 Networks
F5 Networks
added 2023/02/21 8:1 p.m.43 views

K45616155: Nettle vulnerability CVE-2018-16869

Security Advisory Description A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extrac...

5.7CVSS4.8AI score0.01495EPSS
Exploits0Affected Software13
F5 Networks
F5 Networks
added 2023/02/21 8:1 p.m.47 views

K10281096: TLS in Mozilla NSS vulnerability CVE-2018-12404

Security Advisory Description A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack AKA Bleichenbacher attack and affects all NSS versions prior to NSS 3.41. CVE-2018-1240...

5.9CVSS6.3AI score0.44398EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:23 a.m.4 views

SUSE CVE-2018-16868

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade...

5.3CVSS6.5AI score0.00573EPSS
Exploits0References28
Oracle linux
Oracle linux
added 2022/08/30 12:0 a.m.208 views

openssl security and bug fix update

3.0.1-41.0.1 - Replace upstream references Orabug: 34340177 1:3.0.1-41 - Zeroize public keys as required by FIPS 140-3 Resolves: rhbz2115861 - Add FIPS indicator for HKDF Resolves: rhbz2118388 1:3.0.1-40 - Deal with DH keys in FIPS mode according FIPS-140-3 requirements Related: rhbz2115856 - Dea...

10CVSS0.3AI score0.96275EPSS
Exploits6
The Hacker News
The Hacker News
added 2022/03/10 7:18 a.m.27 views

Emotet Botnet's Latest Resurgence Spreads to Over 100,000 Computers

The insidious Emotet botnet, which staged a return in November 2021 after a 10-month-long hiatus, is once again exhibiting signs of steady growth, amassing a swarm of over 100,000 infected hosts for perpetrating its malicious activities. "While Emotet has not yet attained the same scale it once...

2.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2022/01/17 1:33 p.m.27 views

The Chaos Ransomware Can Be Ravaging

The Qualys Research Team has observed a new version of Chaos ransomware in development. This blog reviews the malware’s updated functionality as well as its ongoing evolution. A ransomware builder called Chaos is still actively under development. The fourth version has recently been observed bein...

7.7AI score
Exploits0
ThreatPost
ThreatPost
added 2021/12/15 7:34 p.m.25 views

Malicious Exchange Server Module Hoovers Up Outlook Credentials

Researchers have uncovered a previously unknown malicious IIS module, dubbed Owowa, that steals credentials when users log into Microsoft Outlook Web Access OWA. Internet Information Services IIS, Microsoft’s web server/web-hosting software suite, can be extended via various add-ons that are know...

8.5AI score
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2021/06/08 9:52 p.m.46 views

Security Bulletin: Potential side-channel cryptographic vulnerabilities in IBM DataPower Gateway

Summary IBM DataPower Gateway is potentially vulnerable to two side-channel attacks CVE-2018-0495, CVE-2018-12404 Vulnerability Details CVEID: CVE-2018-0495 DESCRIPTION: Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be...

5.9CVSS2.2AI score0.44398EPSS
Exploits1Affected Software1
Prion
Prion
added 2021/01/20 4:15 p.m.18 views

Information disclosure

Bleichenbacher's attack on PKCS 1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube UM1924. The vulnerability can allow one to use Bleichenbacher's oracle attack to decrypt an encrypted ciphertext by making successive queries to the server using the...

4.3CVSS5.6AI score0.00919EPSS
Exploits0References5Affected Software1
Kitploit
Kitploit
added 2020/12/07 8:30 p.m.89 views

Baphomet - Basic Concept Of How A Ransomware Works

This is a proof of concept of how a ransomware works, and some techniques that we usually use to hijack our files. This project is written in C using the net-core application framework 3.1.The main idea of the code is to make it as readable as possible so that people have an idea of how this type...

7.1AI score
Exploits0References1
OSV
OSV
added 2020/11/02 10:15 p.m.11 views

CVE-2020-26939

In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext tha...

5.3CVSS5AI score0.00914EPSS
Exploits0References2
Prion
Prion
added 2020/11/02 10:15 p.m.19 views

Design/Logic Flaw

In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext tha...

5CVSS5.1AI score0.00914EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2020/11/02 10:0 p.m.24 views

CVE-2020-26939

In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext tha...

5.3AI score0.00914EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/10/21 12:0 a.m.38 views

EulerOS Virtualization 3.0.2.2 : nss (EulerOS-SA-2020-2205)

According to the version of the nss packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a...

5.9CVSS6.6AI score0.44398EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/10/21 12:0 a.m.27 views

Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2020-2205)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.2AI score0.44398EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/09/29 12:0 a.m.21 views

Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2020-2100)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.1AI score0.44398EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/09/28 12:0 a.m.33 views

EulerOS 2.0 SP3 : nss (EulerOS-SA-2020-2100)

According to the versions of the nss packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the...

7.5CVSS7.6AI score0.44398EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2020/07/03 12:0 a.m.22 views

Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2020-1718)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.4AI score0.44398EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/07/03 12:0 a.m.58 views

Huawei EulerOS: Security Advisory for nss-softokn (EulerOS-SA-2020-1754)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.3AI score0.44398EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/07/01 12:0 a.m.31 views

EulerOS Virtualization 3.0.6.0 : nss (EulerOS-SA-2020-1718)

According to the version of the nss packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a...

5.9CVSS6.6AI score0.44398EPSS
Exploits0References2
Rows per page
Query Builder