EUVD-2004-2672

Malware in sbrugna...

CVE-2004-2682

PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which allows context-dependent attackers to obtain the server's private key by determining factors using timing differences on 1 the number of extra reductions during Montgomery reduction, and 2 the use of different integer...

OpenSSL 0.9.6 < 0.9.6j Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 0.9.6j. It is, therefore, affected by multiple vulnerabilities as referenced in the 0.9.6j advisory. - The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA...

OpenSSL 0.9.7 < 0.9.7b Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 0.9.7b. It is, therefore, affected by multiple vulnerabilities as referenced in the 0.9.7b advisory. - The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA...

CVE-2023-45287

Summary of CVE-2023-45287 (Go): Before Go 1.20, RSA-based TLS key exchanges used math/big (not constant time). RSA blinding was applied but may not fully prevent timing leaks after removal of PKCS#1 padding, potentially enabling recovery of session key bits. Go 1.20+ switched crypto/tls to a full...

PT-2023-36151 · Openssl +1 · Openssl +1

Name of the Vulnerable Software and Affected Versions: openssl-ibmca versions prior to 2.4.0 Description: The issue concerns adjustments and fixes for OpenSSL versions 3.1 and 3.2, including support for RSA blinding, constant-time fixes for RSA PKCS1 v1.5 and OAEP padding, and support for 'implic...

GO-2021-0160 Incorrect calculation affecting RSA computations in math/big

Int.Exp Montgomery mishandled carry propagation and produced an incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors. This issue can affect RSA computations in crypto/rsa, which is used by crypto/tls. TLS servers on 32-bit systems could plausibl...

gnutls security, bug fix, and enhancement update

3.6.8-8 - Use fallback random function for RSA blinding in FIPS selftests 3.6.8-7 - Fix deterministic signature creation in selftests 3.6.8-6 - Treat login error more gracefully when enumerating PKCS11 tokens 1705478 - Use deterministic ECDSA/DSA in FIPS selftests 1716560 - Add...

syncthing: information leakage

This issue can affect RSA computations in crypto/rsa, which is used by crypto/tls. TLS servers on 32-bit systems could plausibly leak their RSA private key due to this issue. Other protocol implementations that create many RSA signatures could also be impacted in the same way. Specifically,...

RHEL 5 / 6 : Red Hat Satellite IBM Java Runtime (RHSA-2015:0264)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:0264 advisory. This update corrects several security vulnerabilities in the IBM Java Runtime Environment shipped as part of Red Hat Satellite 5.6. In a...

Scientific Linux Security Update : openssl on SL6.x, SL7.x i386/x86_64 (20150121) (FREAK)

A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash. CVE-2014-3571 A memory leak flaw was found in the way the dtls1bufferrecord function of OpenSSL parsed...

OpenJDK: RSA blinding issues (Security, 8031346)

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security...

OpenJDK: RSA blinding issues (Security, 8031346)

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security...

Oracle JRockit R27 < R27.8.3.9 / R28 < R28.3.3.10 Multiple Vulnerabilities (July 2014 CPU)

The remote host has a version of Oracle JRockit that is affected by multiple vulnerabilities that could allow a remote user to affect the confidentiality of the system via : - A design flaw in the RSA 'blinding' security component of the 'RASCore' class. By performing operations requiring the use...

OpenJDK: RSA blinding issues (Security, 8031346)

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security...

Fedora 19 : gnupg-1.4.16-2.fc19 (2013-23615)

What's New =========== - Fixed the RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis attack as described by Genkin, Shamir, and Tromer. See .CVE-2013-45 76 - Put only the major version number by default into armored output. - Do not create a trustdb file if --trust-model=always is used....

Slackware Advisory SSA:2003-141-05 mod_ssl RSA blinding fixes

The remote host is missing an update as announced via advisory SSA:2003-141-05. OpenVAS Vulnerability Test $Id: esoftslkssa200314105.nasl 6598 2017-07-07 09:36:44Z cfischer $ Description: Auto-generated from the corresponding slackware advisory Authors: Thomas Reinke Copyright: Copyright c 2012...

Slackware: Security Advisory (SSA:2003-141-05)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2004-2682

Affected software: PeerSec MatrixSSL prior to 1.1. Vulnerability: does not implement RSA blinding, enabling context-dependent attackers to deduce the server’s private key via timing differences in Montgomery reductions and in the use of different multiplication algorithms (Karatsuba vs normal). T...

CVE-2004-2682

PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which allows context-dependent attackers to obtain the server's private key by determining factors using timing differences on 1 the number of extra reductions during Montgomery reduction, and 2 the use of different integer...