CVE-2018-12438

The Elliptic Curve Cryptography library aka sunec or libsunec allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the...

CVE-2018-12434

LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical ho...

CVE-2018-12439

MatrixSSL through 3.9.5 Open allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host...

EUVD-2018-4407

Malware in sbrugna...

EUVD-2018-4409

Malware in sbrugna...

EUVD-2012-1219

Malware in sbrugna...

EUVD-2018-4411

Malware in sbrugna...

EUVD-2020-7177

Malicious code in bioql PyPI...

CVE-2018-12433

cryptlib through 3.4.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. NOTE: the vendor...

CVE-2018-12436

wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physic...

Linux Distros Unpatched Vulnerability : CVE-2015-0837

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mpipowm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when...

USN-7317-1 wpa vulnerabilities

George Chatzisofroniou and Panayiotis Kotzanikolaou discovered that wpasupplicant and hostapd reused encryption elements in the PKEX protocol. An attacker could possibly use this issue to impersonate a wireless access point, and obtain sensitive information. CVE-2022-37660 Daniel De Almeida Braga...

Last-Level Cache Attack

AMD ID: AMD-SB-7032 Potential Impact: N/A Severity: N/A Summary Researchers from Wuhan University have provided AMD with a paper titled “ZenLeak: Practical Last-Level Cache Side-Channel Attacks on AMD Zen Processors” in which they discuss prime and probe attacks targeting the Last-Level Cache LLC...

CVE-2024-27185 [20240802] - Core - Cache Poisoning in Pagination

The pagination class includes arbitrary parameters in links, leading to cache poisoning attack vectors...

Amazon Linux AMI : nss, nss-softokn, nss-util, nspr (ALAS-2020-1355)

The version of nspr installed on the remote host is prior to 4.21.0-1.43. The version of nss installed on the remote host is prior to 3.44.0-7.84. The version of nss-softokn installed on the remote host is prior to 3.44.0-8.44. The version of nss-util installed on the remote host is prior to...

FreeBSD : Mbed TLS -- Cache attack against RSA key import in SGX (056ea107-5729-11ea-a2f3-001cc0382b2f)

Janos Follath reports : If Mbed TLS is running in an SGX enclave and the adversary has control of the main operating system, they can launch a side channel attack to recover the RSA private key when it is being imported. The attack only requires access to fine grained measurements to cache usage...

CVE-2019-9495

A flaw was found in wpasupplicant. Side channel attacks were recently discovered in the SAE implementations used by both hostapd and wpasupplicant. EAP-pwd uses a similar design for deriving PWE from the password and while a specific attack against EAP-pwd is not yet known to be tested, there is ...

Medium: nss

Issue Overview: A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack AKA Bleichenbacher attack and affects all NSS versions prior to NSS 3.41. CVE-2018-12404 Libgcrypt...

Intel CPUs Vulnerable to Sensitive Data Leakage in NetCAT Attack

Researchers have identified a new side-channel attack impacting all modern Intel server processors made since 2012. The vulnerability could allow bad actors to sniff out encrypted passwords as they are being typed into a secure shell session SSH; but, luckily, such an attack would be difficult to...

FreeBSD : FreeBSD -- EAP-pwd side-channel attack (60129efe-656d-11e9-8e67-206a8a720317)

Potential side channel attacks in the SAE implementations used by both hostapd and wpasupplicant see CVE-2019-9494 and VU871675. EAP-pwd uses a similar design for deriving PWE from the password and while a specific attack against EAP-pwd is not yet known to be tested, there is no reason to believ...