Lucene search
K

223 matches found

Tenable Nessus
Tenable Nessus
added 2024/06/07 12:0 a.m.30 views

OpenSSL 0.9.7 < 0.9.7b Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 0.9.7b. It is, therefore, affected by multiple vulnerabilities as referenced in the 0.9.7b advisory. - The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA...

7.5CVSS8.2AI score0.06393EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/06/07 12:0 a.m.32 views

OpenSSL 0.9.6 < 0.9.6j Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 0.9.6j. It is, therefore, affected by multiple vulnerabilities as referenced in the 0.9.6j advisory. - The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA...

7.5CVSS8.2AI score0.06393EPSS
Exploits0References6
Snyk
Snyk
added 2024/06/06 2:26 p.m.4 views

Observable Timing Discrepancy

Overview Affected versions of this package are vulnerable to Observable Timing Discrepancy due to the handling of RSA premaster secrets when an invalid secret is received. An attacker can potentially observe timing differences by exploiting the additional processing performed when the premaster...

3.7CVSS6.9AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.25 views

RHEL 5 : gnupg (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - GnuPG: Unenforced configuration allows for apparently valid certifications actually signed by signing...

7.5CVSS7.1AI score0.08654EPSS
Exploits0References8
OSV
OSV
added 2024/02/27 7:4 p.m.8 views

UBUNTU-CVE-2021-46974

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix masking negation logic upon negative dst register The negation logic for the case where the offreg is sitting in the dst register is not correct given then we cannot just invert the add to a sub or vice versa. As a fix,...

5.5CVSS6.1AI score0.00238EPSS
Exploits0References10
Oracle linux
Oracle linux
added 2024/01/10 12:0 a.m.34 views

nss security update

3.90.0-4 - CVE-2023-5388 nss: timing attack against RSA decryption. Make the final blinding multmod constant time...

6.9AI score0.00816EPSS
Exploits0
CVE
CVE
added 2023/12/05 4:18 p.m.413 views

CVE-2023-45287

Summary of CVE-2023-45287 (Go): Before Go 1.20, RSA-based TLS key exchanges used math/big (not constant time). RSA blinding was applied but may not fully prevent timing leaks after removal of PKCS#1 padding, potentially enabling recovery of session key bits. Go 1.20+ switched crypto/tls to a full...

7.5CVSS7.6AI score0.0125EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2023/11/02 5:10 p.m.8 views

CLSA-2023-1698945053 libgcrypt: Fix of 4 CVEs

CVE-2013-4576: Normalize the MPIs to prevent possible side-channel attacks - CVE-2014-3591: Use ciphertext blinding for Elgamal to prevent possible side-channel attacks - CVE-2021-33560: Use of smaller K for ephemeral key in ElGamal prevent generation of weak keys - CVE-2021-40528: Add exponent...

7.5CVSS6.7AI score0.02342EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2023/07/31 12:0 a.m.6 views

The vulnerability of the Blinding Functionality component of the Oracle Health Sciences Data Management Workbench allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Blinding Functionality component of the Oracle Health Sciences Data Management Workbench is related to errors in processing input data. Exploiting this vulnerability may allow an attacker operating remotely to gain unauthorized access to protected information...

6.8CVSS6.9AI score0.0048EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/07/18 9:15 p.m.3 views

CVE-2023-22022

Vulnerability in the Oracle Health Sciences Sciences Data Management Workbench product of Oracle Health Sciences Applications component: Blinding Functionality. Supported versions that are affected are 3.1.0.2, 3.1.1.3 and 3.2.0.0. Easily exploitable vulnerability allows low privileged attacker...

6.5CVSS7.3AI score0.0048EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/07/18 12:0 a.m.4 views

PT-2023-3969 · Oracle · Oracle Health Sciences Data Management Workbench

Name of the Vulnerable Software and Affected Versions: Oracle Health Sciences Sciences Data Management Workbench versions 3.1.0.2, 3.1.1.3, 3.2.0.0 Description: The issue is related to the Blinding Functionality component of the Oracle Health Sciences Sciences Data Management Workbench product. I...

6.8CVSS6.6AI score0.0048EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/07/18 12:0 a.m.4 views

Oracle Health Sciences Applications 安全漏洞

Oracle Health Sciences Applications is a suite of clinical development solutions for the healthcare industry from Oracle Corporation. A security vulnerability in Oracle Health Sciences Applications' Oracle Health Sciences Sciences Data Management Workbench product, which originates in the Blindin...

6.5CVSS7.1AI score0.0048EPSS
Exploits0References3
OSV
OSV
added 2023/05/24 3:32 p.m.34 views

GO-2023-1765 Leaked shared secret and weak blinding in github.com/cloudflare/circl

When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read returns an error. In rare deployment cases error thrown by the Read function, this could lead to a predictable shared secret. The tkn20 and blindrsa components did not...

8.2CVSS6.2AI score0.00386EPSS
Exploits0References2
Prion
Prion
added 2023/05/10 12:15 p.m.37 views

Design/Logic Flaw

When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read returns an error. In rare deployment cases error thrown by the Read function, this could lead to a predictable shared secret. The tkn20 and blindrsa components did not...

6.4CVSS8AI score0.00386EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/05/10 11:41 a.m.30 views

CVE-2023-1732 Improper random reading in CIRCL

When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read returns an error. In rare deployment cases error thrown by the Read function, this could lead to a predictable shared secret. The tkn20 and blindrsa components did not...

5.3CVSS6.6AI score0.00386EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/05/10 11:41 a.m.55 views

CVE-2023-1732 Improper random reading in CIRCL

When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read returns an error. In rare deployment cases error thrown by the Read function, this could lead to a predictable shared secret. The tkn20 and blindrsa components did not...

5.3CVSS8.3AI score0.00386EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/05/09 10:4 a.m.2 views

kernel: bpf: Fix combination of jit blinding and pointers to bpf subprogs.

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix combination of jit blinding and pointers to bpf subprogs. The combination of jit blinding and pointers to bpf subprogs causes: 36.989548 BUG: unable to handle page fault for address: 0000000100000001 36.990342 PF:...

5.5CVSS6.3AI score0.00245EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/04/26 12:0 a.m.9 views

PT-2023-36151 · Openssl +1 · Openssl +1

Name of the Vulnerable Software and Affected Versions: openssl-ibmca versions prior to 2.4.0 Description: The issue concerns adjustments and fixes for OpenSSL versions 3.1 and 3.2, including support for RSA blinding, constant-time fixes for RSA PKCS1 v1.5 and OAEP padding, and support for 'implic...

7.2AI score
Exploits0References4
F5 Networks
F5 Networks
added 2023/02/21 8:0 p.m.43 views

K20001553: Libgcrypt vulnerability CVE-2018-0495

Security Advisory Description Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the gcryeccecdsasign function in cipher/ecc-ecdsa.c, aka the Return Of the...

4.7CVSS5.6AI score0.00887EPSS
Exploits1Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 5:28 a.m.2 views

SUSE CVE-2014-3591

Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during...

4.2CVSS6.9AI score0.00576EPSS
Exploits0References22
Rows per page
Query Builder