10 matches found
EUVD-2019-6640
Malware in sbrugna...
CVE-2019-15703
An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual...
Security Bulletin: A Security Vulnerability was discovered in IBM Security Verify Access (CVE-2024-45678)
Summary A Security Vulnerability was addressed in IBM Security Verify Access regarding Yubico Yubikey 5 Series. Vulnerability Details CVEID:CVE-2024-45678 DESCRIPTION: Yubico YubiKey 5 Series, Security Key Series and YubiHSM 2 could allow a physical attacker to obtain sensitive information, cause...
CVE-2024-45678
Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack that requires physical access and expensive equipment in which an electromagnetic side channel is present because of a non-constant-time modular...
CVE-2024-45678
Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack that requires physical access and expensive equipment in which an electromagnetic side channel is present because of a non-constant-time modular...
CVE-2019-15703
Fortinet FortiOS is affected by CVE-2019-15703 where insufficient entropy in the PRNG (DRBG) can theoretically allow recovery of a long-term ECDSA secret in a TLS client with RSA handshake and mutual ECDSA authentication, via flush+reload side-channel attacks in FortiGate VM models only. The vuln...
Security Bulletin: A vulnerability in Open Source Botan affects IBM Netezza Platform Software clients (CVE-2016-2849).
Summary Open Source Botan is used by IBM Netezza Platform Software . IBM Netezza Platform Software has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2016-2849 DESCRIPTION: Botan could allow a remote attacker to obtain sensitive information, caused by the failure to use a...
Updated botan packages fix security vulnerabilities
Updated botan packages fix security vulnerabilities: During RSA decryption, how long decoding of PKCS 1 v1.5 padding took was input dependent. If these differences could be measured by an attacker, it could be used to mount a Bleichenbacher million-message attack CVE-2015-7827. ECDSA and DSA...
CVE-2016-2849
Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack...
CVE-2016-2849
Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack...