Lucene search
K

79 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 10:49 p.m.31 views

Security Bulletin: OpenSSL Vulnerability Affects IBM Sterling Connect:Express for UNIX (CVE-2018-0737)

Summary A security vulnerability has been disclosed on 16th April 2018 by the OpenSSL Project. OpenSSl is used by IBM Sterling Connect:Express for UNIX. IBM Sterling Connect:Express for UNIX has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2018-0737 DESCRIPTION: OpenSSL could...

5.9CVSS0.9AI score0.12046EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2020/03/25 12:0 a.m.5 views

Arm Mbed TLS Information Disclosure Vulnerability

ARM mbed TLS is an SSL library. An information disclosure vulnerability exists in Arm Mbed TLS versions prior to 2.6.15. An attacker can exploit this vulnerability to obtain sensitive information RSA private key by monitoring cache usage during import...

5.9CVSS7.1AI score0.0163EPSS
Exploits0References1
OSV
OSV
added 2020/03/24 8:15 p.m.2 views

DEBIAN-CVE-2020-10941

Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information an RSA private key by measuring cache usage during an import...

5.9CVSS6.2AI score0.0163EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2020/01/23 12:0 a.m.25 views

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-1084)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS7.2AI score0.17699EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2019/11/20 4:22 p.m.4 views

openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys

OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key...

5.9CVSS6.7AI score0.12046EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2019/11/20 4:14 p.m.2 views

openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys

OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key...

5.9CVSS6.7AI score0.12046EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2019/03/29 12:0 a.m.40 views

Palo Alto Networks PAN-OS 6.1.x <= 6.1.20 / 7.1.x < 7.1.21 / 8.0.x < 8.0.14 / 8.1.x < 8.1.4 Multiple Vulnerabilities (PAN-SA-2018-0015)

The version of Palo Alto Networks PAN-OS running on the remote host is 6.1.x including 6.1.20 or 7.1.x prior to 7.1.21 or 8.0.x prior to 8.0.14 or 8.1.x prior to 8.1.4. It is, therefore, affected by multiple vulnerabilities : - A denial of service DoS vulnerability that exists in OpenSSL due to...

7.5CVSS6.3AI score0.49268EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2019/03/08 12:0 a.m.27 views

EulerOS Virtualization 2.5.2 : openssl (EulerOS-SA-2019-1084)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with...

5.9CVSS6.3AI score0.17699EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2019/02/28 5:15 p.m.31 views

Security Bulletin: IBM Security Identity Adapters affected by OpenSSL RSA Key vulnerability (CVE-2018-0737)

Summary The Windows and z/OS Security Identity Adapters are now upgraded to a more current release to correct CVE CVE-2018-0737 "OpenSSL RSA Key generation algorithm information disclosure". Vulnerability Details CVEID: CVE-2018-0737 DESCRIPTION: OpenSSL could allow a local attacker to obtain...

5.9CVSS1.6AI score0.12046EPSS
Exploits0Affected Software1
Ubuntu
Ubuntu
added 2019/02/18 3:43 p.m.92 views

USN-3850-2: NSS vulnerabilities

USN-3850-1 fixed several vulnerabilities in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack...

5.9CVSS6.3AI score0.44398EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/31 2:25 a.m.37 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter and QLogic Virtual Fabric Extension Module for IBM BladeCenter

Summary IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru, QLogic 8Gb Intelligent Pass-thru Module & SAN Switch Module for BladeCenter and QLogic Virtual Fabric Extension Module for IBM BladeCenter have addressed the following vulnerabilities in OpenSSL. Vulnerability Details Summary IBM Fl...

9.8CVSS1.2AI score0.63029EPSS
Exploits3
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/31 2:25 a.m.33 views

Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in OpenSSL

Summary IBM Dynamic System Analysis DSA Preboot has addressed the following vulnerabilities in OpenSSL. Vulnerability Details Summary IBM Dynamic System Analysis DSA Preboot has addressed the following vulnerabilities in OpenSSL. Vulnerability Details CVEID: CVE-2016-2177 Description: OpenSSL is...

9.8CVSS0.8AI score0.95707EPSS
Exploits7
OSV
OSV
added 2019/01/15 10:15 p.m.7 views

MGASA-2019-0038 Updated nss packages fix security vulnerability

Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys CVE-2018-0495...

4.7CVSS6AI score0.00887EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2019/01/10 12:0 a.m.41 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : NSS vulnerabilities (USN-3850-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3850-1 advisory. Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perfo...

5.9CVSS6.3AI score0.44398EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2019/01/10 12:0 a.m.27 views

Ubuntu: Security Advisory (USN-3850-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.3AI score0.44398EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2019/01/09 5:41 p.m.268 views

USN-3850-1: NSS vulnerabilities

Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. CVE-2018-0495 It was discovered that NSS incorrectly handled certain v2-compatible ClientHello messages. A remo...

5.9CVSS6.2AI score0.44398EPSS
Exploits1
OpenVAS
OpenVAS
added 2018/10/26 12:0 a.m.36 views

Ubuntu: Security Advisory (USN-3628-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.9AI score0.12046EPSS
Exploits0References2
OSV
OSV
added 2018/10/18 12:49 p.m.5 views

SUSE-SU-2018:2928-2 Security update for openssl

This update for openssl fixes the following issues: These security issues were fixed: - Prevent One&Done side-channel attack on RSA that allowed physically near attackers to use EM emanations to recover information bsc1104789 - CVE-2018-0737: The RSA Key generation algorithm has been shown to be...

5.9CVSS6.8AI score0.12046EPSS
Exploits0References8
OPENSUSE Linux
OPENSUSE Linux
added 2018/10/05 12:11 p.m.80 views

Security update for openssl-1_0_0 (moderate)

This update for openssl-100 to 1.0.2p fixes the following issues: These security issues were fixed: - Prevent One&Done side-channel attack on RSA that allowed physically near attackers to use EM emanations to recover information bsc1104789 - CVE-2018-0737: The RSA Key generation algorithm has bee...

5CVSS2AI score0.49268EPSS
Exploits0References5
OPENSUSE Linux
OPENSUSE Linux
added 2018/09/30 6:9 p.m.99 views

Security update for openssl (moderate)

This update for openssl fixes the following issues: These security issues were fixed: - Prevent One&Done side-channel attack on RSA that allowed physically near attackers to use EM emanations to recover information bsc1104789 - CVE-2018-0737: The RSA Key generation algorithm has been shown to be...

4.3CVSS4AI score0.12046EPSS
Exploits0References6
Rows per page
Query Builder