Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1009 matches found

Ubuntu
Ubuntuadded 2017/07/03 6:40 p.m.64 views

USN-3347-1: Libgcrypt vulnerabilities

Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and Yuval Yarom discovered that Libgcrypt was susceptible to an attack via side channels. A local attacker could use this attack to recover RSA private keys...

6.8CVSS6.6AI score0.03885EPSS
Exploits0
OSV
OSVadded 2017/07/03 6:40 p.m.0 views

USN-3347-1 libgcrypt11, libgcrypt20 vulnerabilities

Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal, and Yuval Yarom discovered that Libgcrypt was susceptible to an attack via side channels. A local attacker could use this attack to recover RSA private keys...

6.8CVSS6.5AI score0.03885EPSS
Exploits0References3
CNVD
CNVDadded 2017/07/03 12:0 a.m.1 views

Libgcrypt Information Disclosure Vulnerability (CNVD-2017-21505)

Libgcrypt is a general-purpose cryptographic library developed by the GNU Project based on the GnuPG code. The library implements a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, public key algorithms, and more. An information disclosure vulnerability exists...

6.8CVSS6.2AI score0.03885EPSS
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2017/07/03 12:0 a.m.39 views

FreeBSD : libgcrypt -- side-channel attack on RSA secret keys (ed3bf433-5d92-11e7-aa14-e8e0b747a45a)

GnuPG reports : Mitigate a flush+reload side-channel attack on RSA secret keys dubbed 'Sliding right into disaster'. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018...

6.8CVSS6.5AI score0.03885EPSS
Exploits0References3
ArchLinux
ArchLinuxadded 2017/07/03 12:0 a.m.37 views

[ASA-201707-1] libgcrypt: private key recovery

Arch Linux Security Advisory ASA-201707-1 ========================================= Severity: High Date : 2017-07-03 CVE-ID : CVE-2017-7526 Package : libgcrypt Type : private key recovery Remote : No Link : https://security.archlinux.org/AVG-338 Summary ======= The package libgcrypt before versio...

6.8CVSS0.8AI score0.03885EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusadded 2017/06/30 12:0 a.m.23 views

openSUSE Security Update : libgcrypt (openSUSE-2017-743)

This update for libgcrypt fixes the following issues : - CVE-2017-9526: Store the session key in secure memory to ensure that constant time point operations are used in the MPI library. bsc1042326 - Don't require secure memory for the fips selftests, this prevents the 'Oops, secure memory pool...

5.9CVSS6.5AI score0.02318EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2017/06/30 12:0 a.m.23 views

Slackware 14.2 / current : libgcrypt (SSA:2017-180-04)

New libgcrypt packages are available for Slackware 14.2 and -current to fix a security issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2017-180-04. The text itself is copyright C...

6.8CVSS6.5AI score0.03885EPSS
Exploits0References2
Slackware Linux
Slackware Linuxadded 2017/06/29 9:35 p.m.36 views

[slackware-security] libgcrypt

New libgcrypt packages are available for Slackware 14.2 and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/libgcrypt-1.7.8-i586-1slack14.2.txz: Upgraded. Mitigate a local flush+reload side-channel attack on RSA secret keys dubbed "Slidin...

6.8CVSS6.9AI score0.03885EPSS
Exploits0
RedhatCVE
RedhatCVEadded 2017/06/29 11:48 a.m.28 views

CVE-2017-7526

libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This...

6.8CVSS4.3AI score0.03885EPSS
Exploits0References2
UbuntuCve
UbuntuCveadded 2017/06/29 12:0 a.m.22 views

CVE-2017-7526

libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This...

6.8CVSS7AI score0.03885EPSS
Exploits0References6
FreeBSD
FreeBSDadded 2017/06/29 12:0 a.m.30 views

libgcrypt -- side-channel attack on RSA secret keys

GnuPG reports: Mitigate a flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster"...

6.8CVSS2.4AI score0.03885EPSS
Exploits0References1
OSV
OSVadded 2017/06/29 12:0 a.m.0 views

UBUNTU-CVE-2017-7526

libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This...

6.8CVSS6.8AI score0.03885EPSS
Exploits0References7
Tenable Nessus
Tenable Nessusadded 2017/06/20 12:0 a.m.24 views

SUSE SLED12 / SLES12 Security Update : libgcrypt (SUSE-SU-2017:1608-1)

This update for libgcrypt fixes the following issues : - CVE-2017-9526: Store the session key in secure memory to ensure that constant time point operations are used in the MPI library. bsc1042326 - Don't require secure memory for the fips selftests, this prevents the 'Oops, secure memory pool...

5.9CVSS6.5AI score0.02318EPSS
Exploits0References5
OSV
OSVadded 2017/06/19 12:57 p.m.8 views

SUSE-SU-2017:1608-1 Security update for libgcrypt

This update for libgcrypt fixes the following issues: - CVE-2017-9526: Store the session key in secure memory to ensure that constant time point operations are used in the MPI library. bsc1042326 - Don't require secure memory for the fips selftests, this prevents the 'Oops, secure memory pool...

5.9CVSS5.6AI score0.02318EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2017/06/13 3:48 p.m.22 views

CVE-2017-9526

In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key from side-channel observation during the signing process can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point...

5.9CVSS2.6AI score0.02318EPSS
Exploits0References1
CNVD
CNVDadded 2017/06/13 12:0 a.m.2 views

Libgcrypt 'cipher/ecc-eddsa.c' Information Disclosure Vulnerability

Libgcrypt is a general-purpose cryptographic library developed by the GNU Project based on the GnuPG code. The library implements a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, public key algorithms, and more. An information disclosure vulnerability exists...

5.9CVSS6.3AI score0.02318EPSS
Exploits0References1
OSV
OSVadded 2017/06/11 2:29 a.m.17 views

CVE-2017-9526

In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key from side-channel observation during the signing process can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point...

5.9CVSS6.5AI score
Exploits0References7
Prion
Prionadded 2017/06/11 2:29 a.m.20 views

Code injection

In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key from side-channel observation during the signing process can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point...

4.3CVSS6.7AI score0.02318EPSS
Exploits0References7Affected Software1
NVD
NVDadded 2017/06/11 2:29 a.m.19 views

CVE-2017-9526

In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key from side-channel observation during the signing process can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point...

5.9CVSS5.6AI score0.02318EPSS
Exploits0References7
OSV
OSVadded 2017/06/11 2:29 a.m.3 views

DEBIAN-CVE-2017-9526

In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key from side-channel observation during the signing process can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point...

5.9CVSS6AI score0.02318EPSS
Exploits0References1
Rows per page
Query Builder