Astra Linux – Vulnerability in nss

During RSA key generation, bignum implementations used a variant of the Binary Extended Euclidean Algorithm, which involved significant input-dependent processes. This allowed attackers to perform electromagnetic-based side-channel attacks to capture traces that could lead to the recovery of secr...

MiracleLinux 4 : ntp-4.2.6p5-5.0.1.AXS4 (AXSA:2015-327:04)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2015-327:04 advisory. The Network Time Protocol NTP is used to synchronize a computer's time with another reference time source. This package includes ntpd a daemon which...

CVE-2021-41117

keypair is a a RSA PEM key generator written in javascript. keypair implements a lot of cryptographic primitives on its own or by borrowing from other libraries where possible, including node-forge. An issue was discovered where this library was generating identical RSA keys used in SSH. This wou...

JLSEC-2025-232 Side channel in RSA key generation and operations (SSBleed, M-Step)

Vulnerability Mbed TLS's modular inversion routine and GCD routine are vulnerable to local timing attacks in a number of settings discussed below. These functions are used in RSA, making the following operations vulnerable in all configurations: - RSA key generation with any API mbedtlsrsagenkey...

EUVD-2020-5407

Malware in sbrugna...

EUVD-2021-2147

Malware in sbrugna...

EUVD-2020-4714

Malware in sbrugna...

EUVD-1999-1425

Malware in sbrugna...

EUVD-2000-1236

Malware in sbrugna...

EUVD-2022-43603

Malicious code in bioql PyPI...

EUVD-2022-37695

Malicious code in bioql PyPI...

EUVD-2022-3990

Malicious code in bioql PyPI...

CVE-2022-40306

The login form /Login in ECi Printanista Hub formerly FMAudit Printscout before 5.5.2 July 2023 performs expensive RSA key-generation operations, which allows attackers to cause a denial of service DoS by requesting that form repeatedly...

CVE-2022-34746

An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring...

CVE-2013-2228

SaltStack RSA Key Generation allows remote users to decrypt communications...

CVE-2018-9426

In RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java, an incorrect implementation could cause weak RSA key pairs being generated. This could lead to crypto vulnerability with no additional execution privileges needed. User interaction is not needed for exploitation. Bulletin...

Benchmarking RSA Key Generation

RSA key generation is both conceptually simple, and one of the worst implementation tasks of the field of cryptography engineering. Even benchmarking it is tricky, and involves some math: here’s how we generated a stable but representative “average case” instead of using the ordinary statistical...

libssh security update

0.9.6-14 - Fix CVE-2023-48795 Prefix truncation attack on Binary Packet Protocol BPP - Fix CVE-2023-6918 Missing checks for return values for digests - Fix CVE-2023-6004 ProxyCommand/ProxyJump features allow injection of malicious code through hostname - Note: version is bumped from 12 to 14...

Security Bulletin: Vulnerabilities in OpenSSL affect GCM16 & GCM32 KVM Switch Firmware (CVE-2018-0734, CVE-2018-0737, CVE-2018-0739)

Summary GCM16 & GCM32 KVM Switch Firmware have addressed the following vulnerabilities in OpenSSL. Vulnerability Details CVEID: CVE-2018-0734 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing side channel attack in the DSA signature algorithm. ...

Rocky Linux 8 : nss and nspr (RLSA-2020:3280)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:3280 advisory. - Improper refcounting of soft token session objects could cause a use-after-free and crash likely limited to a denial of service. This vulnerability...