Lucene search
K

22 matches found

EUVD
EUVD
added 2026/03/23 6:30 a.m.6 views

EUVD-2026-14380

Versions of the package jsrsasign before 11.1.1 are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsing path in ext/rsa.js and the BigInteger.modPowInt reduction logic in ext/jsbn.js. An attacker can force RSA public-key operations e.g., verify and encryption to collapse to...

5.9CVSS5.8AI score0.001EPSS
Exploits1References5
OSV
OSV
added 2026/03/23 6:30 a.m.5 views

GHSA-464Q-CQXQ-XHGR jsrsasign: Division by Zero Allows Invalid JWK Modulus to Cause Deterministic Zero Output in RSA Operations

Versions of the package jsrsasign before 11.1.1 are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsing path in ext/rsa.js and the BigInteger.modPowInt reduction logic in ext/jsbn.js. An attacker can force RSA public-key operations e.g., verify and encryption to collapse to...

5.9CVSS5.9AI score0.001EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.6 views

jsrsasign 安全漏洞

jsrsasign is a signature verification library developed by Kenji Urushima. Versions of jsrsasign prior to 11.1.1 contained security vulnerabilities. These vulnerabilities stemmed from zero-division errors in the parsing and reduction logic of ext/rsa.js and ext/jsbn.js, which could lead to RSA...

5.9CVSS5.8AI score0.001EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/10/20 10:20 p.m.6 views

CVE-2025-54764

Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtlsmpimodinv or mbedtlsmpigcd. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ea...

6.2CVSS6.1AI score0.00202EPSS
Exploits1References2
NVD
NVD
added 2025/10/20 10:15 p.m.6 views

CVE-2025-54764

Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtlsmpimodinv or mbedtlsmpigcd...

6.2CVSS0.00202EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2020-7306

Malware in sbrugna...

7CVSS6.7AI score0.0034EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2020-15309

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key...

7CVSS7AI score0.0034EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 3:55 p.m.8 views

CVE-2020-15309

An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations...

7CVSS6.5AI score0.0034EPSS
Exploits1
OSV
OSV
added 2025/03/11 1:15 a.m.7 views

CVE-2024-41760

IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations...

3.7CVSS5.8AI score
Exploits0References1
CNNVD
CNNVD
added 2025/03/11 12:0 a.m.6 views

IBM Common Cryptographic Architecture 安全漏洞

IBM Common Cryptographic Architecture is a cryptographic platform from the International Business Machines IBM Corporation. It provides a number of features to protect financial transactions. A security vulnerability exists in IBM Common Cryptographic Architecture versions 7.0.0 through 7.5.51,...

3.7CVSS6.1AI score0.00241EPSS
Exploits0References2
OSV
OSV
added 2024/03/26 2:15 p.m.4 views

CVE-2023-33855

Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture CCA 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack. IBM X-Force ID: 257676...

3.7CVSS5.8AI score0.00452EPSS
Exploits0References2
NVD
NVD
added 2020/08/21 2:15 p.m.18 views

CVE-2020-15309

An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations...

7CVSS6.7AI score0.0034EPSS
Exploits1References2
OSV
OSV
added 2020/08/21 2:15 p.m.4 views

DEBIAN-CVE-2020-15309

An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations...

7CVSS7AI score0.0034EPSS
Exploits1References1
OSV
OSV
added 2020/08/21 2:15 p.m.14 views

CVE-2020-15309

An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations...

7CVSS6.5AI score
Exploits0References2
Prion
Prion
added 2020/08/21 2:15 p.m.19 views

Code injection

An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations...

6.9CVSS6.6AI score0.0034EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2020/08/21 2:15 p.m.4 views

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition. An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive...

7CVSS6.7AI score0.0034EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2020/08/21 2:15 p.m.25 views

CVE-2020-15309

An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations...

7CVSS6.9AI score0.0034EPSS
Exploits1References2
OSV
OSV
added 2020/08/21 2:15 p.m.2 views

UBUNTU-CVE-2020-15309

An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations...

7CVSS5.8AI score0.0034EPSS
Exploits1References3
CVE
CVE
added 2020/08/21 1:16 p.m.67 views

CVE-2020-15309

CVE-2020-15309 affects wolfSSL versions before 4.5.0. The issue arises when single precision is not used, enabling local attackers to perform a cache-timing attack on public-key operations and potentially glean sensitive material from private-key usage. Remediation: upgrade to wolfSSL 4.5.0 or la...

7CVSS6.7AI score0.0034EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2020/08/21 1:16 p.m.11 views

CVE-2020-15309

An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations...

7CVSS6.4AI score0.0034EPSS
Exploits1
Rows per page
Query Builder