CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2025/08/25 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2016-7438

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The C software implementation of ECC in wolfSSL formerly CyaSSL before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit...

5.5CVSS5.6AI score0.00368EPSS

Veracode•added 2017/01/26 8:1 a.m.•37 views

Side Channel Attack On Modular Exponentiation

OpenSSL is vulnerable to side channel attacks. The vulnerability exploits cache-bank conflicts on the Intel Sandy-Bridge microarchitecture, exposing RSA keys. However, an attacker can only exploit this only if he has control of code in a thread running on the same hyper-threaded core as the victi...

5.1CVSS7.4AI score0.0191EPSS

Exploits1References50Affected Software3

RedHat Linux•added 2016/12/15 10:11 p.m.•3 views

OpenSSL: Side channel attack on modular exponentiation

A side-channel attack was found that makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. An attacker who has the ability to control code in a thread running on the same hyper-threaded core as the victim's thread that is performing decryption, could use this flaw to...

5.1CVSS6.8AI score0.0191EPSS

Exploits1References6

NVD•added 2016/12/13 4:59 p.m.•17 views

CVE-2016-7439

The C software implementation of RSA in wolfSSL formerly CyaSSL before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences...

OSV•added 2016/12/13 4:59 p.m.•4 views

DEBIAN-CVE-2016-7439

The C software implementation of RSA in wolfSSL formerly CyaSSL before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences...

5.5CVSS5.1AI score0.00368EPSS

Exploits0References1

OSV•added 2016/12/13 4:59 p.m.•10 views

CVE-2016-7439

The C software implementation of RSA in wolfSSL formerly CyaSSL before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences...

5.5CVSS6.5AI score

NVD•added 2016/12/13 4:59 p.m.•13 views

CVE-2016-7438

The C software implementation of ECC in wolfSSL formerly CyaSSL before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences...

UbuntuCve•added 2016/12/13 4:59 p.m.•28 views

CVE-2016-7439

The C software implementation of RSA in wolfSSL formerly CyaSSL before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences...

5.5CVSS6.1AI score0.00368EPSS

Prion•added 2016/12/13 4:59 p.m.•30 views

Design/Logic Flaw

The C software implementation of AES Encryption and Decryption in wolfSSL formerly CyaSSL before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences...

2.1CVSS6.5AI score0.00304EPSS

Exploits0References6Affected Software4

UbuntuCve•added 2016/12/13 4:59 p.m.•24 views

CVE-2016-7438

The C software implementation of ECC in wolfSSL formerly CyaSSL before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences...

5.5CVSS6.1AI score0.00368EPSS

OSV•added 2016/12/13 4:59 p.m.•3 views

UBUNTU-CVE-2016-7438

The C software implementation of ECC in wolfSSL formerly CyaSSL before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences...

5.5CVSS5.8AI score0.00368EPSS

Exploits0References3

Prion•added 2016/12/13 4:59 p.m.•14 views

Design/Logic Flaw

The C software implementation of ECC in wolfSSL formerly CyaSSL before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences...

2.1CVSS6.7AI score0.00368EPSS

OSV•added 2016/12/13 4:59 p.m.•3 views

UBUNTU-CVE-2016-7439

The C software implementation of RSA in wolfSSL formerly CyaSSL before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences...

5.5CVSS6AI score0.00368EPSS

Exploits0References3

Prion•added 2016/12/13 4:59 p.m.•17 views

Information disclosure

The C software implementation of RSA in wolfSSL formerly CyaSSL before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences...

2.1CVSS6.7AI score0.00368EPSS

Cvelist•added 2016/12/13 4:0 p.m.•18 views

CVE-2016-7438

The C software implementation of ECC in wolfSSL formerly CyaSSL before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences...

5.3AI score0.00368EPSS

CVE•added 2016/12/13 4:0 p.m.•40 views

CVE-2016-7439

CVE-2016-7439 affects the C RSA implementation in wolfSSL (formerly CyaSSL) prior to 3.9.10. The vulnerability allows a local attacker to obtain RSA keys by exploiting cache-bank hit differences, i.e., an information-disclosure issue. Affected products/versions are wolfSSL before 3.9.10; impact i...

Cvelist•added 2016/12/13 4:0 p.m.•31 views

CVE-2016-7440

5.5AI score0.00304EPSS

Exploits0References6

CVE•added 2016/12/13 4:0 p.m.•41 views

CVE-2016-7438

The CVE-2016-7438 entry concerns wolfSSL (formerly CyaSSL) and its C software implementation of ECC. Affected is wolfSSL versions before 3.9.10, where the ECC code enables local attackers to more easily discover RSA keys by exploiting cache-bank hit differences. The impact is local, with partial ...