CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

FreeBSD•added 2019/08/29 12:0 a.m.•21 views

libgcrypt -- ECDSA timing attack

GnuPG reports: Mitigate an ECDSA timing attack...

6.3CVSS1.5AI score0.0051EPSS

Tenable Nessus•added 2019/07/26 12:0 a.m.•17 views

SUSE SLED15 / SLES15 Security Update : libgcrypt (SUSE-SU-2019:1971-1)

This update for libgcrypt fixes the following issues : Security issue fixed : CVE-2019-12904: Fixed a flush-and-reload side-channel attack in the AES implementation bsc1138939. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisor...

5.9CVSS6.6AI score0.02063EPSS

Exploits0References4

OSV•added 2019/07/25 12:58 p.m.•8 views

SUSE-SU-2019:1971-1 Security update for libgcrypt

This update for libgcrypt fixes the following issues: Security issue fixed: - CVE-2019-12904: Fixed a flush-and-reload side-channel attack in the AES implementation bsc1138939...

5.9CVSS6AI score0.02063EPSS

Exploits0References3

Tenable Nessus•added 2019/07/24 12:0 a.m.•30 views

openSUSE Security Update : libgcrypt (openSUSE-2019-1792)

This update for libgcrypt fixes the following issues : Security issues fixed : - CVE-2019-12904: The C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. The C implementation is used on platforms where an...

5.9CVSS6.5AI score0.02063EPSS

Exploits0References4

OpenVAS•added 2019/07/24 12:0 a.m.•20 views

openSUSE: Security Advisory for libgcrypt (openSUSE-SU-2019:1792-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5.9CVSS6.4AI score0.02063EPSS

Exploits0References2

OSV•added 2019/07/23 11:22 a.m.•7 views

OPENSUSE-SU-2019:1792-1 Security update for libgcrypt

This update for libgcrypt fixes the following issues: Security issues fixed: - CVE-2019-12904: The C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. The C implementation is used on platforms where an...

5.9CVSS8AI score0.02063EPSS

OPENSUSE Linux•added 2019/07/23 12:0 a.m.•92 views

Security update for libgcrypt (moderate)

openSUSE Security Update: Security update for libgcrypt Announcement ID: openSUSE-SU-2019:1792-1 Rating: moderate References: 1097073 1125740 1138939 Cross-References: CVE-2019-12904 Affected Products: openSUSE Leap 15.0 An update that solves one vulnerability and has two fixes is now available...

5.9CVSS6AI score0.02063EPSS

Exploits0References3

Tenable Nessus•added 2019/07/22 12:0 a.m.•28 views

EulerOS 2.0 SP2 : libgcrypt (EulerOS-SA-2019-1750)

According to the versions of the libgcrypt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization,...

6.8CVSS6.9AI score0.03885EPSS

Exploits0References3

Tenable Nessus•added 2019/07/17 12:0 a.m.•26 views

SUSE SLED15 / SLES15 Security Update : libgcrypt (SUSE-SU-2019:1859-1)

This update for libgcrypt fixes the following issues : Security issues fixed : CVE-2019-12904: The C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. The C implementation is used on platforms where an...

5.9CVSS6.5AI score0.02063EPSS

Exploits0References6

RedhatCVE•added 2019/07/16 1:21 p.m.•23 views

CVE-2019-12904

Disputed A vulnerability has been identified in Libgcrypt due to a flaw in its C implementation of AES. This vulnerability enables a remote attacker to perform a flush-and-reload side-channel attack, potentially accessing sensitive information. The vulnerability arises from the availability of...

5.9CVSS6.2AI score0.02063EPSS

Exploits0References6

OSV•added 2019/07/16 11:8 a.m.•6 views

SUSE-SU-2019:1859-1 Security update for libgcrypt

This update for libgcrypt fixes the following issues: Security issues fixed: - CVE-2019-12904: The C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. The C implementation is used on platforms where an...

NVD•added 2019/06/20 12:15 a.m.•15 views

CVE-2019-12904

In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. The C implementation is used on platforms where an assembly-language implementation is unavailable. NOTE: the vendor's position is...

OSV•added 2019/06/20 12:15 a.m.•7 views

CVE-2019-12904

5.9CVSS5.8AI score

OSV•added 2019/06/20 12:15 a.m.•5 views

ALPINE-CVE-2019-12904

5.9CVSS6.5AI score0.02063EPSS

UbuntuCve•added 2019/06/20 12:15 a.m.•38 views

CVE-2019-12904

5.9CVSS6.8AI score0.02063EPSS

Prion•added 2019/06/20 12:15 a.m.•16 views

Design/Logic Flaw

DISPUTED In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a flush-and-reload side-channel attack because physical addresses are available to other processes. The C implementation is used on platforms where an assembly-language implementation is unavailable. NOTE: the vendor's...

4.3CVSS5.6AI score0.02063EPSS

Exploits0References5Affected Software2

Cvelist•added 2019/06/19 11:34 p.m.•24 views

CVE-2019-12904

5.7AI score0.02063EPSS

CVE•added 2019/06/19 11:34 p.m.•324 views

CVE-2019-12904

CVE-2019-12904 affects Libgcrypt 1.8.4’s C AES implementation. The vulnerability arises from a flush-and-reload side-channel when physical addresses are exposed to other processes (used on platforms lacking an assembly AES). IBM’s bulletin lists the CVE and notes the vendor’s position that the is...

Exploits0References5Affected Software1

AlpineLinux•added 2019/06/19 11:34 p.m.•47 views

CVE-2019-12904