Lucene search
K

12 matches found

Github Security Blog
Github Security Blog
added 2024/06/06 2:26 p.m.11 views

s2n-tls has a potentially observable differences in RSA premaster secret handling

When receiving a message from a client that sent an invalid RSA premaster secret, an issue in s2n-tls results in the server performing additional processing when the premaster secret contains an incorrect client hello version. While no practical attack on s2n-tls has been demonstrated, this cause...

7AI score
Exploits0References4Affected Software1
OSV
OSV
added 2024/05/14 3:8 p.m.21 views

CVE-2024-26306

iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of message...

5.9CVSS6.6AI score
Exploits0References5
Cvelist
Cvelist
added 2024/05/13 12:0 a.m.27 views

CVE-2024-26306

iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of message...

6.5AI score0.01107EPSS
Exploits0References3
NVD
NVD
added 2024/01/31 8:15 a.m.17 views

CVE-2024-23170

An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, a...

5.5CVSS5.5AI score0.00312EPSS
Exploits0References5
OSV
OSV
added 2024/01/31 8:15 a.m.26 views

CVE-2024-23170

An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, a...

5.5CVSS6.5AI score
Exploits0References5
Prion
Prion
added 2024/01/31 8:15 a.m.25 views

Design/Logic Flaw

An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, a...

1.7CVSS6.7AI score0.00312EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2024/01/31 8:15 a.m.27 views

CVE-2024-23170

An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, a...

5.5CVSS6.1AI score0.00312EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2024/01/31 12:0 a.m.44 views

CVE-2024-23170

An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, a...

5.5CVSS5.2AI score0.00312EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2024/01/31 12:0 a.m.40 views

CVE-2024-23170

An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, a...

5.5CVSS5.5AI score0.00312EPSS
Exploits0
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.18 views

Mageia: Security Advisory (MGASA-2020-0438)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.7AI score0.02454EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2016/11/21 12:0 a.m.142 views

CentOS 5 / 6 / 7 : nss / nss-util (CESA-2016:2779)

An update for nss and nss-util is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...

9.3CVSS7.8AI score0.0338EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2016/11/16 5:58 a.m.114 views

Moderate: Red Hat Security Advisory: nss and nss-util security update

An update for nss and nss-util is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...

9.3CVSS7.3AI score0.0338EPSS
Exploits0References4
Rows per page
Query Builder