Lucene search
+L

937 matches found

OSV
OSV
added 2020/01/29 4:15 p.m.22 views

CVE-2020-2102

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant time comparison function when validating an HMAC...

5.3CVSS6.6AI score
Exploits0References6
Prion
Prion
added 2020/01/29 4:15 p.m.21 views

Design/Logic Flaw

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant time comparison function when validating an HMAC...

3.5CVSS5.5AI score0.01397EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2020/01/29 3:15 p.m.27 views

CVE-2020-2102

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant time comparison function when validating an HMAC...

5.7AI score0.01397EPSS
Exploits0References6
OSV
OSV
added 2020/01/06 6:44 p.m.2 views

GHSA-92VM-WFM5-MXVV cookie-signature Timing Attack

Affected versions of cookie-signature are vulnerable to timing attacks as a result of using a fail-early comparison instead of a constant-time comparison. Timing attacks remove the exponential increase in entropy gained from increased secret length, by providing per-character feedback on the...

4.4CVSS5.9AI score0.00896EPSS
Exploits0References12
Broadcom
Broadcom
added 2019/12/19 12:0 a.m.6 views

BSA-2020-893

Security Advisory ID : BSA-2020-893 Component : OpenSSL Revision : 2.0: Final There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and...

5.3CVSS7AI score0.14298EPSS
Exploits0
OSV
OSV
added 2019/12/06 6:15 p.m.1 views

DEBIAN-CVE-2019-1551

There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are...

5.3CVSS6.3AI score0.14298EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/12/06 12:0 a.m.11 views

PT-2019-4482

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.1.1 through 1.1.1d OpenSSL versions 1.0.2 through 1.0.2t Description The issue is related to an overflow bug in the x64 64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are...

10CVSS8.6AI score0.99999EPSS
Exploits190References242
Oracle linux
Oracle linux
added 2019/11/20 12:0 a.m.40 views

openssl security update

1.1.1c-2 - do not try to use EC groups disallowed in FIPS mode in TLS - fix Valgrind regression with constant-time code 1.1.1c-1 - update to the 1.1.1c release 1.1.1b-6 - adjust the default cert pbe algorithm for pkcs12 -export in the FIPS mode 1.1.1b-5 - Fix small regressions related to the reba...

1.1AI score
Exploits0
FreeBSD
FreeBSD
added 2019/10/25 12:0 a.m.28 views

Mbed TLS -- Side channel attack on ECDSA

Janos Follath reports: Our bignum implementation is not constant time/constant trace, so side channel attacks can retrieve the blinded value, factor it as it is smaller than RSA keys and not guaranteed to have only large prime factors, and then, by brute force, recover the key...

4.7CVSS3.1AI score0.0034EPSS
Exploits0References1
OSV
OSV
added 2019/10/14 12:0 p.m.22 views

RUSTSEC-2019-0027 Flaw in Scalar::check_overflow allows side-channel timing attack

Versions of libsecp256k1 prior to 0.3.1 did not execute Scalar::checkoverflow in constant time. This allows an attacker to potentially leak information via a timing attack. The flaw was corrected by modifying Scalar::checkoverflow to execute in constant time...

7.5CVSS7.3AI score0.01415EPSS
Exploits0References2
RustSec
RustSec
added 2019/10/14 12:0 p.m.18 views

Flaw in Scalar::check_overflow allows side-channel timing attack

Versions of libsecp256k1 prior to 0.3.1 did not execute Scalar::checkoverflow in constant time. This allows an attacker to potentially leak information via a timing attack. The flaw was corrected by modifying Scalar::checkoverflow to execute in constant time...

7.5CVSS6.6AI score0.01415EPSS
Exploits0Affected Software1
OSV
OSV
added 2019/09/26 9:30 p.m.7 views

GHSA-FGMR-VX7C-5WJ6 Timing attack on HMAC signature comparison in Apache Tapestry

The code which checks HMAC in form submissions used String.equals for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code execution if an attacker is able to determine the correct signature for their payload. The comparison...

9.8CVSS7.7AI score0.08752EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2019/09/26 9:30 p.m.36 views

Timing attack on HMAC signature comparison in Apache Tapestry

The code which checks HMAC in form submissions used String.equals for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code execution if an attacker is able to determine the correct signature for their payload. The comparison...

9.8CVSS2.1AI score0.08752EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2019/09/16 6:15 p.m.30 views

CVE-2019-10071

The code which checks HMAC in form submissions used String.equals for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code execution if an attacker is able to determine the correct signature for their payload. The comparison...

9.8CVSS7.6AI score
Exploits0References5
Cvelist
Cvelist
added 2019/09/16 5:46 p.m.21 views

CVE-2019-10071

The code which checks HMAC in form submissions used String.equals for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code execution if an attacker is able to determine the correct signature for their payload. The comparison...

9.7AI score0.08752EPSS
Exploits1References5
OSV
OSV
added 2019/07/30 5:15 p.m.7 views

UBUNTU-CVE-2019-14318

Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because scalar multiplication in ecp.cpp...

5.9CVSS5.8AI score0.03245EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2019/07/24 12:0 a.m.261 views

Amazon Linux 2 : java-11-amazon-corretto (ALAS-2019-1246)

OpenJDK: Insufficient restriction of privileges in AccessController Security, 8216381 CVE-2019-2786 OpenJDK: Unbounded memory allocation during deserialization in Collections Utilities, 8213432 CVE-2019-2769 libpng: pngimagefree in png.c in libpng has a use-after-free because pngimagefreefunction...

5.8CVSS7.3AI score0.09393EPSS
Exploits3References10
Tenable Nessus
Tenable Nessus
added 2019/07/23 12:0 a.m.37 views

RHEL 7 : java-11-openjdk (RHSA-2019:1810)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1810 advisory. The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fixe...

5.8CVSS6.8AI score0.04351EPSS
Exploits0References17
RedHat Linux
RedHat Linux
added 2019/07/22 12:58 p.m.9 views

OpenJDK: Non-constant time comparison in ChaCha20Cipher (Security, 8221344)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

3.1CVSS7.4AI score0.01636EPSS
Exploits0References4
Into the symmetry
Into the symmetry
added 2019/07/22 12:20 p.m.111 views

SIAM Conference on Applied Algebraic Geometry 2019 - Isogenies mini-symposium

So here we are in the nice city of Bern, in the Teutonic Switzerland, for SIAM Conference on Applied Algebraic Geometry 2019 that this year counts more than 750 attendees! The weather is warm enough but the isogenies topic has never been so hot! So for this occurrence of the conference Tanja Lang...

7.3AI score
Exploits0
Rows per page
Query Builder