Lucene search
K

3242 matches found

CVE
CVE
added 2024/02/05 8:44 p.m.292 views

CVE-2024-0202

CVE-2024-0202 concerns the cryptlib cryptographic library when compiled with RSA key exchange ciphersuites enabled (USE_RSA_SUITES) in TLS. The vulnerability is the timing variant of Bleichenbacher attack, permitting an attacker to decrypt RSA ciphertexts or forge signatures by making a large num...

5.9CVSS6.2AI score0.00311EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/05 12:0 a.m.3 views

PT-2024-15383

Name of the Vulnerable Software and Affected Versions cryptlib affected versions not specified Description A security issue has been identified in the cryptlib cryptographic library when it is compiled with support for RSA key exchange ciphersuites in TLS. This makes it vulnerable to the timing...

5.9CVSS6.2AI score0.00311EPSS
Exploits0References6
OSV
OSV
added 2024/01/31 10:45 a.m.12 views

CLSA-2024-1706697909 java-1.8.0-openjdk: Fix of 8 CVEs

Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u402-b06. That fixes following CVEs: - CVE-2024-20918: Array out-of-bounds access due to missing range check in C1 compiler - CVE-2024-20919: JVM class file verifier flaw allows unverified bytecode execution - CVE-2024-20921: Range check loop...

7.4CVSS6.8AI score0.014EPSS
Exploits0References1
OSV
OSV
added 2024/01/31 5:15 a.m.4 views

AZL-34206 CVE-2024-0914 affecting package opencryptoki 3.17.0-1

A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key...

5.9CVSS5.7AI score0.00878EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/01/30 8:56 p.m.29 views

vantage6 vulnerable to username timing attack

Impact It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks Workarounds No...

3.7CVSS6.8AI score0.00398EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/01/30 8:56 p.m.14 views

GHSA-45GQ-Q4XH-CP53 vantage6 vulnerable to username timing attack

Impact It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks Workarounds No...

3.7CVSS3.9AI score0.00398EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/01/30 3:43 p.m.19 views

CVE-2024-21671 vantage6 username timing attack

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Version 4.2.0 patches this...

3.7CVSS6.6AI score0.00398EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/01/30 3:43 p.m.39 views

CVE-2024-21671 vantage6 username timing attack

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Version 4.2.0 patches this...

3.7CVSS4.9AI score0.00398EPSS
Exploits0References2
OSV
OSV
added 2024/01/22 9:35 p.m.5 views

GHSA-WJ6H-64FC-37MP Minerva timing attack on P-256 in python-ecdsa

python-ecdsa has been found to be subject to a Minerva timing attack on the P-256 curve. Using the ecdsa.SigningKey.signdigest API function and timing signatures an attacker can leak the internal nonce which may allow for private key discovery. Both ECDSA signatures, key generation, and ECDH...

7.4CVSS6.9AI score0.00985EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2024/01/22 9:35 p.m.113 views

Minerva timing attack on P-256 in python-ecdsa

python-ecdsa has been found to be subject to a Minerva timing attack on the P-256 curve. Using the ecdsa.SigningKey.signdigest API function and timing signatures an attacker can leak the internal nonce which may allow for private key discovery. Both ECDSA signatures, key generation, and ECDH...

7.4CVSS6.8AI score0.00985EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/22 12:0 a.m.5 views

PT-2024-19822 · Pypi +1 · Ecdsa +1

Name of the Vulnerable Software and Affected Versions: ecdsa versions 0.18.0 and prior Description: The ecdsa PyPI package, a pure Python implementation of ECC Elliptic Curve Cryptography, is affected by a Minerva timing attack on the P-256 curve. This attack can leak the internal nonce when usin...

7.4CVSS7.2AI score0.00985EPSS
Exploits1References20
OSV
OSV
added 2024/01/17 7:19 p.m.12 views

GO-2024-2469 Kyberslash timing attack possible in github.com/kudelskisecurity/crystals-go

Kyberslash timing attack possible in github.com/kudelskisecurity/crystals-go...

7.1AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/01/17 7:19 p.m.4 views

OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

7.4CVSS7.3AI score0.00911EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/01/17 3:48 p.m.2 views

OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

7.4CVSS7.3AI score0.00911EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/01/17 2:6 p.m.3 views

OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

7.4CVSS7.3AI score0.00911EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/01/17 2:0 p.m.6 views

OpenJDK: RSA padding issue and timing side-channel attack against TLS (8317547)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or...

7.4CVSS7.3AI score0.00911EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2024/01/17 2:45 a.m.1 views

SUSE CVE-2024-0553

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange,...

5.9CVSS6.7AI score0.01614EPSS
Exploits1References7
OSV
OSV
added 2024/01/16 12:15 p.m.0 views

ALPINE-CVE-2024-0553

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange,...

7.5CVSS6.7AI score0.01614EPSS
Exploits1References1
OSV
OSV
added 2024/01/16 12:15 p.m.10 views

AZL-34739 CVE-2024-0553 affecting package gnutls for versions less than 3.8.3-1

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange,...

7.5CVSS6.7AI score0.01614EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2024/01/16 12:15 p.m.41 views

CVE-2024-0553

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange,...

7.5CVSS6.7AI score0.01614EPSS
Exploits1References5
Rows per page
Query Builder