25 matches found
EUVD-2018-4410
Malware in sbrugna...
EUVD-2018-4406
Malware in sbrugna...
Oracle Linux 7 : nss, / nss-softokn, / nss-util, / and / nspr (ELSA-2019-2237)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2237 advisory. nspr 4.21.0-1 - Rebase to NSPR 4.21 nss 3.44.0-4 - Fix certutil man page - Fix extracting a public key from a private key for dh, ec, and dsa 3.44.0-3 ...
SUSE: Security Advisory (SUSE-SU-2018:4235-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 3.0.6.0 : nss-softokn (EulerOS-SA-2020-1754)
According to the versions of the nss-softokn packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. Thi...
EulerOS Virtualization for ARM 64 3.0.2.0 : nss-softokn (EulerOS-SA-2020-1252)
According to the versions of the nss-softokn packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted...
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2019-1546)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP5 : nss-softokn (EulerOS-SA-2019-2175)
According to the version of the nss-softokn packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the...
NewStart CGSL CORE 5.04 / MAIN 5.04 : nss Multiple Vulnerabilities (NS-SA-2019-0193)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has nss packages installed that are affected by multiple vulnerabilities: - Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of...
ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the gcryeccecdsasign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. T...
openSUSE: Security Advisory for mozilla-nspr (openSUSE-SU-2018:4283-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for mozilla-nspr and mozilla-nss (moderate)
This update for mozilla-nss and mozilla-nspr fixes the following issues: Issues fixed in mozilla-nss: - Update to NSS 3.40.1 bsc1119105 - CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack bsc1119069 - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded...
Amazon Linux AMI : openssl (ALAS-2018-1102)
Libgcrypt allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the gcryeccecdsasign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker...
CVE-2018-12438
The Elliptic Curve Cryptography library aka sunec or libsunec allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the...
CVE-2018-12433
cryptlib through 3.4.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. NOTE: the vendor...
Memory corruption
LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host...
UBUNTU-CVE-2018-12437
LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host...
CVE-2018-12438
The Elliptic Curve Cryptography library aka sunec or libsunec allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the...
CVE-2018-12439
MatrixSSL through 3.9.5 Open allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host...
CVE-2018-12438
The Elliptic Curve Cryptography library aka sunec or libsunec allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the...