1009 matches found
CVE-2014-3591
Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during...
Design/Logic Flaw
The mpipowm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."...
Code injection
Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during...
CVE-2015-0837
The mpipowm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."...
CVE-2015-0837
CVE-2015-0837 affects Libgcrypt (before 1.6.3) and GnuPG (before 1.4.19). It enables a timing side-channel attack on modular exponentiation using a pre-computed table, related to a Last-Level Cache side-channel attack. The description notes the timing differences that could allow an attacker to o...
CVE-2015-0837
The mpipowm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."...
CVE-2014-3591
CVE-2014-3591 affects Libgcrypt (before 1.6.3) and GnuPG (before 1.4.19), which do not implement ciphertext blinding for ElGamal decryption, enabling physically proximate attackers to potentially extract private keys via crafted ciphertext and EM field fluctuations during multiplication. Related ...
CVE-2014-3591
Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during...
CVE-2014-3591
Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during...
EulerOS 2.0 SP8 : libgcrypt (EulerOS-SA-2019-2107)
According to the versions of the libgcrypt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are...
EulerOS 2.0 SP5 : libgcrypt (EulerOS-SA-2019-2205)
According to the versions of the libgcrypt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization,...
EulerOS 2.0 SP3 : nss-softokn (EulerOS-SA-2019-2246)
According to the versions of the nss-softokn packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through...
EulerOS 2.0 SP5 : nss-softokn (EulerOS-SA-2019-2175)
According to the version of the nss-softokn packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the...
Critical Photon OS Security Update - PHSA-2019-3.0-0036
Updates of 'linux-aws', 'polkit', 'sysstat', 'etcd', 'gdb', 'git', 'oniguruma', 'u-boot', 'linux', 'lua', 'libgcrypt', 'dbus', 'systemd', 'python3', 'sqlite', 'linux-secure', 'linux-esx', 'rsyslog' packages of Photon OS have been released...
Critical Photon OS Security Update - PHSA-2019-0036
Updates of 'sysstat', 'gdb', 'rsyslog', 'polkit', 'sqlite', 'dbus', 'python3', 'etcd', 'lua', 'u-boot', 'libgcrypt', 'git', 'linux-esx', 'systemd', 'linux', 'linux-secure', 'linux-aws', 'oniguruma' packages of Photon OS have been released...
CVE-2019-13627
A timing attack was found in the way ECCDSA was implemented in libgcrypt. A man-in-the-middle attacker could use this attack during signature generation to recover the private key. This attack is only feasible when the attacker is local to the machine where the signature is being generated. Attac...
Fedora 31 : libgcrypt (2019-6c96156c32)
Minor bug and security fix release 1.8.5. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenabl...
Amazon Linux 2 : nss (ALAS-2019-1305)
A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack AKA Bleichenbacher attack and affects all NSS versions prior to NSS 3.41. CVE-2018-12404 Libgcrypt before 1.7.10 and...
SUSE SLED12 / SLES12 Security Update : libgcrypt (SUSE-SU-2019:2510-1)
This update for libgcrypt fixes the following issues : Security issues fixed : CVE-2019-13627: Mitigated ECDSA timing attack. bsc1148987 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automaticall...
SUSE-SU-2019:2510-1 Security update for libgcrypt
This update for libgcrypt fixes the following issues: Security issues fixed: - CVE-2019-13627: Mitigated ECDSA timing attack. bsc1148987...