Observable Discrepancy

Overview Affected versions of this package are vulnerable to Observable Discrepancy due to the implementation of the SP Math All RSA when built with specific configuration options. An attacker can decrypt ciphertexts and forge signatures after probing with a large number of test observations...

UBUNTU-CVE-2023-6935

wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSLSTATICRSA" The define “WOLFSSLSTATICRSA” enables static RSA cipher suites, which is n...

wolfSSL 安全漏洞

wolfSSL CyaSSL is the United States wolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. WolfSSL has a security vulnerability that can be exploited by attackers to decrypt ciphertexts and forge signatures after extensive test observations...

CVE-2023-51437

This CVE (CVE-2023-51437) concerns an observable timing discrepancy in the Apache Pulsar SASL Authentication Provider that could allow forging a SASL Role Token passing signature verification. Affected products/components include Pulsar Broker, Proxy, Websocket Proxy, and Function Worker. Root ca...

SUSE CVE-2023-6240

A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key...

PT-2024-15383

Name of the Vulnerable Software and Affected Versions cryptlib affected versions not specified Description A security issue has been identified in the cryptlib cryptographic library when it is compiled with support for RSA key exchange ciphersuites in TLS. This makes it vulnerable to the timing...

UBUNTU-CVE-2023-6240

A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key...

Code injection

A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key...

CVE-2023-6240

CVE-2023-6240 is documented as a Marvin vulnerability side-channel leakage in the Linux kernel RSA decryption operation. The connected Nessus entries confirm this CVE is listed among multiple advisories, referencing the same vulnerability block and associating it with Linux Kernel RSA decryption ...

NewStart CGSL MAIN 6.06 : gnupg2 Vulnerability (NS-SA-2023-0086)

The remote NewStart CGSL host, running version MAIN 6.06, has gnupg2 packages installed that are affected by a vulnerability: - GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints e.g., use of GPGME are me...

CVE-2023-4421

The NSS code used for checking PKCS1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected...

Internet Bug Bounty: OpenSSL vulnerable to the Marvin Attack (CVE-2022-4304)

A timing side channel vulnerability in OpenSSL RSA decryption was discovered that could allow plaintext recovery. By measuring decryption time, an attacker could recover RSA plaintext from captured ciphertexts after a large number of decryption attempts. All RSA padding modes were affected. The...

GHSA-WW7X-3GXH-QM6R Validation of SignedInfo

Validation of an XML Signature requires verification that the hash value of the related XML-document after any optional transformations and/or normalizations matches a specific DigestValue-value, but also that the cryptografic signature on the SignedInfo-tree the one that contains the DigestValue...

Rocky Linux 8 : gnupg2 (RLSA-2022:6463)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:6463 advisory. - GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints e.g., use of...

Rocky Linux 9 : gnupg2 (RLSA-2022:6602)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:6602 advisory. - GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints e.g., use of...

browserify-sign vulnerable via an upper bound check issue in `dsaVerify` that leads to a signature forgery attack

...

Debian DSA-5539-1 : node-browserify-sign - security update

The remote Debian 11 / 12 host has a package installed that is affected by a vulnerability as referenced in the dsa-5539 advisory. - browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. ...

Debian: Security Advisory (DSA-5539-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 5539-1] node-browserify-sign security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5539-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 30, 2023 https://www.debian.org/security/faq -...

[SECURITY] [DLA 3635-1] node-browserify-sign security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3635-1 [email protected] https://www.debian.org/lts/security/ Yadd October 29, 2023 https://wiki.debian.org/LTS - -------------------------------------------------------------------------...