Lucene search
K

223 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:52 a.m.3 views

SUSE CVE-2017-3000

Adobe Flash Player versions 24.0.0.221 and earlier have a vulnerability in the random number generator used for constant blinding. Successful exploitation could lead to information disclosure...

6.5CVSS8.2AI score0.0836EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:34 a.m.4 views

SUSE CVE-2018-0495

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the gcryeccecdsasign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. T...

5.1CVSS9AI score0.00887EPSS
Exploits1References35
SUSE CVE
SUSE CVE
added 2023/02/15 3:50 a.m.3 views

SUSE CVE-2020-36424

An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can recover a private key for RSA or static Diffie-Hellman via a side-channel attack against generation of base blinding/unblinding values...

4.7CVSS5AI score0.00342EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:40 a.m.4 views

SUSE CVE-2021-33560

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpipowm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP...

7.5CVSS7.7AI score0.02342EPSS
Exploits0References86
OSV
OSV
added 2022/06/28 6:24 p.m.11 views

GSD-2022-1002865 bpf: Fix combination of jit blinding and pointers to bpf subprogs.

bpf: Fix combination of jit blinding and pointers to bpf subprogs. This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.2 by commit...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/05/13 12:0 a.m.13 views

PT-2025-8485

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A bug in the Linux kernel has been identified, related to the combination of JIT blinding and pointers to BPF subprogs. This issue causes a page fault when the kernel attempts to access ...

5.5CVSS6.3AI score0.00245EPSS
Exploits0
OSV
OSV
added 2022/01/05 3:31 p.m.44 views

GO-2021-0160 Incorrect calculation affecting RSA computations in math/big

Int.Exp Montgomery mishandled carry propagation and produced an incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors. This issue can affect RSA computations in crypto/rsa, which is used by crypto/tls. TLS servers on 32-bit systems could plausibl...

7.5CVSS7.2AI score0.02627EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2021/11/09 6:23 p.m.5 views

libgcrypt: mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm

A side-channel attack flaw was found in the way libgcrypt implemented Elgamal encryption. This flaw allows an attacker to decrypt parts of ciphertext encrypted using Elgamal, for example, when using OpenPGP. The highest threat from this vulnerability is to confidentiality...

7.5CVSS6.8AI score0.02342EPSS
Exploits0References5
OSV
OSV
added 2021/11/09 9:18 a.m.37 views

RLSA-2021:4409 Moderate: libgcrypt security and bug fix update

The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. Security Fixes: libgcrypt: mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpipowm CVE-2021-33560 For more details about the security issue...

7.5CVSS6.9AI score0.02342EPSS
Exploits0References3
NVD
NVD
added 2021/07/19 5:15 p.m.11 views

CVE-2020-36424

An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can recover a private key for RSA or static Diffie-Hellman via a side-channel attack against generation of base blinding/unblinding values...

4.7CVSS0.00342EPSS
Exploits0References6
OSV
OSV
added 2021/07/19 5:15 p.m.1 views

DEBIAN-CVE-2020-36424

An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can recover a private key for RSA or static Diffie-Hellman via a side-channel attack against generation of base blinding/unblinding values...

4.7CVSS5.4AI score0.00342EPSS
Exploits0References1
OSV
OSV
added 2021/07/19 5:15 p.m.1 views

UBUNTU-CVE-2020-36424

An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can recover a private key for RSA or static Diffie-Hellman via a side-channel attack against generation of base blinding/unblinding values...

4.7CVSS7.1AI score0.00342EPSS
Exploits0References7
OSV
OSV
added 2021/07/11 9:21 a.m.13 views

OPENSUSE-SU-2021:2157-1 Security update for libgcrypt

This update for libgcrypt fixes the following issues: - CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding bsc1187212...

7.5CVSS7.6AI score0.02342EPSS
Exploits0References3
OSV
OSV
added 2021/06/24 1:40 p.m.8 views

SUSE-SU-2021:2157-1 Security update for libgcrypt

This update for libgcrypt fixes the following issues: - CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding bsc1187212...

7.5CVSS7.6AI score0.02342EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2021/06/16 7:0 a.m.4 views

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm and the window size is not chosen appropriately. This for example affects use of ElGamal in OpenPGP.

...

7.5CVSS9.3AI score0.02342EPSS
Exploits0
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.10 views

SUSE: Security Advisory (SUSE-SU-2018:2041-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8AI score0.49268EPSS
Exploits0References2
OSV
OSV
added 2021/06/08 11:15 a.m.3 views

DEBIAN-CVE-2021-33560

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpipowm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP...

7.5CVSS6.8AI score0.02342EPSS
Exploits0References1
OSV
OSV
added 2021/06/08 11:15 a.m.4 views

ALPINE-CVE-2021-33560

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpipowm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP...

7.5CVSS6.9AI score0.02342EPSS
Exploits0References1
OSV
OSV
added 2021/06/08 11:15 a.m.4 views

UBUNTU-CVE-2021-33560

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpipowm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP...

7.5CVSS6.9AI score0.02342EPSS
Exploits0References5
CVE
CVE
added 2021/06/08 12:0 a.m.456 views

CVE-2021-33560

CVE-2021-33560 affects Libgcrypt 1.8.x (before 1.8.8) and 1.9.x (before 1.9.3). The issue is a mishandling of ElGamal due to lack of exponent blinding in mpi_powm and improper window size, enabling side-channel leakage in OpenPGP scenarios. Affected products include environments using libgcrypt w...

7.5CVSS7.5AI score0.02342EPSS
Exploits0References12Affected Software1
Rows per page
Query Builder