Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: s390/zcrypt: Fixed a memory leak when CCA cards are used as accelerators. Tests revealed that a memory leak occurs when CCA cards are used as accelerators for clear-key RSA requests ME and CRT. With the recent modifications to...

Astra Linux - уязвимость в mbedtls

A issue was discovered in Arm Mbed TLS prior to version 2.23.0. Due to a side channel in modular exponentiation, an RSA private key used in a secure enclave could be disclosed...

JLSEC-2025-204 An issue was discovered in Arm Mbed TLS before 2.23.0

An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a side channel in modular exponentiation, an RSA private key used in a secure enclave could be disclosed...

EUVD-2016-7770

Malware in sbrugna...

EUVD-2016-9510

Malware in sbrugna...

EUVD-2020-23949

Malware in sbrugna...

EUVD-2016-0737

Malware in sbrugna...

EUVD-2016-7772

Malware in sbrugna...

EUVD-2023-1438

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-36421

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a side channel in modular exponentiation, an RSA private key used in a secure enclave could be...

CVE-2020-36421

An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a side channel in modular exponentiation, an RSA private key used in a secure enclave could be disclosed...

F5 Networks BIG-IP : Diffie-Hellman key exchange protocol vulnerability (K000148343)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000148343 advisory. Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is...

Diffie-Hellman 安全漏洞

Diffie-Hellman is a key negotiation protocol open-sourced by Diffie-Hellman. This key negotiation protocol allows Alice and Bob to exchange public key values and securely compute the shared key K based on knowledge of these values and their own corresponding private keys, enabling further secure...

CVE-2024-41996

Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers from the client side to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource...

Siemens SCALANCE W1750D Uncontrolled Resource Consumption (CVE-2002-20001)

The Diffie-Hellman Key Agreement Protocol allows remote attackers from the client side to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular- exponentiation calculations, aka a DHEater attack. The client needs very little CPU resources and...

IO FinNet tss-lib vulnerable to timing attack from non-constant time scalar arithmetic

io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. bnb-chain/tss-lib and...

CVE-2023-26557

io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. bnb-chain/tss-lib and...

CVE-2023-26557

io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. bnb-chain/tss-lib and...

SUSE CVE-2015-0837

The mpipowm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."...

SUSE CVE-2016-0702

The MODEXPCTIMECOPYFROMPREBUF function in crypto/bn/bnexp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the...