Lucene search
K

15 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-13628

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wolfSSL and wolfCrypt 4.0.0 and earlier when configured without --enable-fpecc, --enable-sp, or --enable- sp-math contain a timing side channel in ECDSA signatu...

4.7CVSS5.1AI score0.00362EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 7:33 a.m.10 views

CVE-2024-22473

TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault VSE devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0...

7.5CVSS6.9AI score0.00396EPSS
Exploits0References1
Amazon
Amazon
added 2025/03/06 12:0 a.m.4 views

Medium: openssl-snapsafe

Issue Overview: Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring...

4.1CVSS6.2AI score0.00601EPSS
Exploits0
Veracode
Veracode
added 2025/02/17 8:30 a.m.8 views

Information Disclosure

Elliptic is vulnerable to Information Disclosure. The vulnerability is due to inadequate input validation in the ECDSA signing process. Specifically, the system accepts malformed inputs like strings or numbers without proper checks, which allows an attacker to craft input that can lead to the...

7AI score
Exploits0
SUSE CVE
SUSE CVE
added 2025/01/21 4:6 a.m.3 views

SUSE CVE-2024-13176

Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would...

5.9CVSS6AI score0.00601EPSS
Exploits0References19
OSV
OSV
added 2024/02/21 7:15 p.m.10 views

CVE-2024-22473

TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault VSE devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0...

7.5CVSS6.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/21 12:0 a.m.6 views

PT-2024-19442 · Gecko Sdk · Gecko Sdk

Name of the Vulnerable Software and Affected Versions: Gecko SDK versions through 4.4.0 Description: The issue arises from the use of a True Random Number Generator TRNG before its initialization by the ECDSA signing driver when exiting low-power modes EM2/EM3 on Virtual Secure Vault VSE devices...

7.5CVSS6.8AI score0.00396EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:34 a.m.4 views

SUSE CVE-2018-0495

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the gcryeccecdsasign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. T...

5.1CVSS9AI score0.00887EPSS
Exploits1References35
RedHat Linux
RedHat Linux
added 2020/09/29 10:31 p.m.5 views

nss: Side channel attack on ECDSA signature generation

A flaw was found in nss. Using the EM side-channel, it is possible to extract the position of zero and non-zero wNAF digits while nss-certutil tool performs scalar multiplication during the ECDSA signature generation, leaking partial information about the ECDSA nonce. Given a small number of ECDS...

5.3CVSS7AI score0.01449EPSS
Exploits0References5
Gitee
Gitee
added 2020/09/26 9:20 p.m.3 views

jsrsasign

This is an open-source JavaScript library called jsrsasign, which provides cryptographic functions for RSA/RSAPSS/ECDSA/DSA signing and validation, ASN.1, PKCS1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, and CAdES. The library is available on Node.js and...

7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2020/04/01 8:39 a.m.3 views

ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the gcryeccecdsasign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. T...

4.7CVSS6.8AI score0.00887EPSS
Exploits1References5
OSV
OSV
added 2019/10/03 2:15 p.m.2 views

UBUNTU-CVE-2019-13628

wolfSSL and wolfCrypt 4.0.0 and earlier when configured without --enable-fpecc, --enable-sp, or --enable-sp-math contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to precisely measure the duration of signature operations, to infer information about th...

4.7CVSS5.7AI score0.00362EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/12/07 12:0 a.m.78 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : OpenSSL vulnerabilities (USN-3840-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3840-1 advisory. Samuel Weiser discovered that OpenSSL incorrectly handled DSA signing. An attacker could possibly use this issue to perform a...

5.9CVSS7.1AI score0.12154EPSS
Exploits4References4
OpenVAS
OpenVAS
added 2018/12/07 12:0 a.m.45 views

Ubuntu: Security Advisory (USN-3840-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.6AI score0.12154EPSS
Exploits4References2
OSV
OSV
added 2018/12/06 5:43 p.m.3 views

USN-3840-1 openssl, openssl1.0 vulnerabilities

Samuel Weiser discovered that OpenSSL incorrectly handled DSA signing. An attacker could possibly use this issue to perform a timing side-channel attack and recover private DSA keys. CVE-2018-0734 Samuel Weiser discovered that OpenSSL incorrectly handled ECDSA signing. An attacker could possibly...

5.9CVSS6.7AI score0.12154EPSS
Exploits4References4
Rows per page
Query Builder