EUVD-2020-27973

Malware in sbrugna...

NewStart CGSL MAIN 6.02 : nss Multiple Vulnerabilities (NS-SA-2021-0121)

The remote NewStart CGSL host, running version MAIN 6.02, has nss packages installed that are affected by multiple vulnerabilities: - When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel...

Amazon Linux AMI : nspr, nss-softokn, nss-util (ALAS-2021-1522)

The version of nspr installed on the remote host is prior to 4.25.0-2.45. The version of nss-softokn installed on the remote host is prior to 3.53.1-6.46. The version of nss-util installed on the remote host is prior to 3.53.1-1.58. It is, therefore, affected by multiple vulnerabilities as...

Oracle Linux 8 : nss (ELSA-2021-0538)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-0538 advisory. - CVE-2020-12403 chacha-poly issues - CVE-2020-12400 constant time ECC. - CVE-2020-6829 constant time ECC. Tenable has extracted the preceding...

CVE-2020-6829

When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This...

Design/Logic Flaw

When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This...

CVE-2020-6829

When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This...

CVE-2020-6829

CVE-2020-6829 is a vulnerability in NSS (Network Security Services) libraries (nss, nss-util, nss-softokn, nspr) where the wNAF scalar point multiplication during ECDSA signature generation leaks partial nonce information. This side-channel can enable an attacker with electromagnetic traces from ...

CVE-2020-6829

When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This...

KLA11942 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, cause denial of service, execute arbitrary code, gain privileges, spoof user interface. Below is a complete list of...

CVE-2020-6829

When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This...