Lucene search
K

209 matches found

BDU FSTEC
BDU FSTEC
added 2021/12/07 12:0 a.m.6 views

The vulnerability of the SAE implementation of the wpa_supplicant function for wireless communication devices with WPA certification lies in the fact that it exposes information, allowing attackers to gain access to confidential data.

The vulnerability of the SAE implementation of the wpasupplicant function for wireless communication devices with WPA certification is related to errors in timing and access patterns to the cache. Exploiting this vulnerability allows a remote attacker to gain access to confidential data...

5.9CVSS6.9AI score0.03739EPSS
Exploits0References8Affected Software2
Tenable Nessus
Tenable Nessus
added 2021/11/17 12:0 a.m.34 views

EulerOS Virtualization 2.9.0 : shim (EulerOS-SA-2021-2785)

According to the versions of the shim package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in a...

7.5CVSS7.2AI score0.78675EPSS
Exploits4References11
Tenable Nessus
Tenable Nessus
added 2021/11/17 12:0 a.m.31 views

EulerOS Virtualization 2.9.1 : shim (EulerOS-SA-2021-2758)

According to the versions of the shim package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in a...

7.5CVSS7.2AI score0.78675EPSS
Exploits4References11
OpenVAS
OpenVAS
added 2021/09/28 12:0 a.m.19 views

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2021-2542)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.4AI score0.78675EPSS
Exploits4References2
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.29 views

SUSE: Security Advisory (SUSE-SU-2018:2683-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.8AI score0.49268EPSS
Exploits0References8
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.13 views

SUSE: Security Advisory (SUSE-SU-2018:2928-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.8AI score0.12046EPSS
Exploits0References9
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.20 views

SUSE: Security Advisory (SUSE-SU-2018:2492-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.8AI score0.12046EPSS
Exploits0References4
Amazon
Amazon
added 2020/11/11 12:0 a.m.64 views

Medium: nspr, nss-softokn, nss-util, nss

Issue Overview: When importing a curve25519 private key in PKCS8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services NSS library. This could lead to information disclosure. This vulnerability affects Firefox ESR 60.8, Firefox 68, and...

10CVSS7.8AI score0.03552EPSS
Exploits1
OSV
OSV
added 2020/08/21 2:15 p.m.5 views

DEBIAN-CVE-2020-15309

An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations...

7CVSS7AI score0.0034EPSS
Exploits1References1
OSV
OSV
added 2020/08/21 2:15 p.m.16 views

CVE-2020-15309

An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations...

7CVSS6.5AI score
Exploits0References2
NVD
NVD
added 2020/08/21 2:15 p.m.26 views

CVE-2020-15309

An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations...

7CVSS6.7AI score0.0034EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2020/08/21 2:15 p.m.30 views

CVE-2020-15309

An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations...

7CVSS6.9AI score0.0034EPSS
Exploits1References2
OSV
OSV
added 2020/08/21 2:15 p.m.3 views

UBUNTU-CVE-2020-15309

An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations...

7CVSS5.8AI score0.0034EPSS
Exploits1References3
Snyk
Snyk
added 2020/08/21 2:15 p.m.5 views

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition. An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive...

7CVSS6.7AI score0.0034EPSS
Exploits1References2
Prion
Prion
added 2020/08/21 2:15 p.m.20 views

Code injection

An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations...

6.9CVSS6.6AI score0.0034EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/08/21 1:16 p.m.41 views

CVE-2020-15309

An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations...

6.7AI score0.0034EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2020/08/21 1:16 p.m.12 views

CVE-2020-15309

An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations...

7CVSS6.4AI score0.0034EPSS
Exploits1
CVE
CVE
added 2020/08/21 1:16 p.m.68 views

CVE-2020-15309

CVE-2020-15309 affects wolfSSL versions before 4.5.0. The issue arises when single precision is not used, enabling local attackers to perform a cache-timing attack on public-key operations and potentially glean sensitive material from private-key usage. Remediation: upgrade to wolfSSL 4.5.0 or la...

7CVSS6.7AI score0.0034EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2020/08/21 12:0 a.m.7 views

PT-2020-14347 · Wolfssl · Wolfssl

Name of the Vulnerable Software and Affected Versions: wolfSSL versions prior to 4.5.0 Description: An issue allows local attackers to conduct a cache-timing attack against public key operations. This could potentially expose sensitive information if the affected system has been used for private...

7CVSS6.6AI score0.0034EPSS
Exploits1References8
IBM Security Bulletins
IBM Security Bulletins
added 2020/07/24 10:49 p.m.31 views

Security Bulletin: OpenSSL Vulnerability Affects IBM Sterling Connect:Express for UNIX (CVE-2018-0737)

Summary A security vulnerability has been disclosed on 16th April 2018 by the OpenSSL Project. OpenSSl is used by IBM Sterling Connect:Express for UNIX. IBM Sterling Connect:Express for UNIX has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2018-0737 DESCRIPTION: OpenSSL could...

5.9CVSS0.9AI score0.12046EPSS
Exploits0Affected Software1
Rows per page
Query Builder