CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Schneier on Security•added 2023/01/03 5:38 p.m.•37 views

Breaking RSA with a Quantum Computer

A group of Chinese researchers have just published a paper claiming that they can--although they have not yet done so--break 2048-bit RSA. This is something to take seriously. It might not be correct, but its not obviously wrong. We have long known from Shors algorithm that factoring with a quant...

6.6AI score

NVD•added 2021/11/16 12:15 p.m.•17 views

CVE-2021-42114

Modern DRAM devices PC-DDR4, LPDDR4X are affected by a vulnerability in their internal Target Row Refresh TRR mitigation against Rowhammer attacks. Novel non-uniform Rowhammer access patterns, consisting of aggressors with different frequencies, phases, and amplitudes allow triggering bit flips o...

9CVSS0.0084EPSS

Exploits1References3

Prion•added 2021/11/16 12:15 p.m.•25 views

Privilege escalation

7.9CVSS8.4AI score0.0084EPSS

Exploits1References3

Tenable Nessus•added 2020/03/13 12:0 a.m.•34 views

EulerOS Virtualization for ARM 64 3.0.2.0 : libgcrypt (EulerOS-SA-2020-1189)

According to the versions of the libgcrypt package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and...

OpenVAS•added 2020/01/23 12:0 a.m.•19 views

Huawei EulerOS: Security Advisory for libgcrypt (EulerOS-SA-2019-2006)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS7.1AI score0.02765EPSS

Exploits0References2

Tenable Nessus•added 2019/11/08 12:0 a.m.•30 views

EulerOS 2.0 SP5 : libgcrypt (EulerOS-SA-2019-2205)

According to the versions of the libgcrypt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization,...

Tenable Nessus•added 2019/09/24 12:0 a.m.•30 views

EulerOS 2.0 SP3 : libgcrypt (EulerOS-SA-2019-2006)

Tenable Nessus•added 2019/07/22 12:0 a.m.•27 views

EulerOS 2.0 SP2 : libgcrypt (EulerOS-SA-2019-1750)

ThreatPost•added 2019/01/14 5:6 p.m.•18 views

Ryuk Hauls in $3.7M in 'Earnings,' Adds TrickBot to the Attack Mix

The Ryuk ransomware has raked in $3.7 million in bitcoin payments since it first appeared last August, researchers say – and has emerged as the calling card for a crime organization called Grim Spider a.k.a. MixMaster. It turns out that Grim Spider could share a link with other crime syndicates,...

0.9AI score

Exploits0References7

OSV•added 2018/07/26 1:29 p.m.•25 views

CVE-2017-7526

libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This...

6.8CVSS6.8AI score0.02765EPSS

Exploits0References12

CVE•added 2018/07/26 1:0 p.m.•194 views

CVE-2017-7526

GnuPG/libgcrypt: CVE-2017-7526 affects libgcrypt before 1.7.8, allowing a cache-side-channel attack that can fully recover RSA-1024 private keys (and likely RSA-2048 with more effort) when the attacker can run code on the same hardware. Connected sources confirm the vulnerability exists in libgcr...

6.8CVSS6.4AI score0.02765EPSS

Exploits0References12Affected Software1

Debian CVE•added 2018/07/26 1:0 p.m.•41 views

CVE-2017-7526

ThreatPost•added 2017/07/14 12:37 p.m.•26 views

NemucodAES Ransomware, Kovter Click-Fraud Malware Spreading in Same Campaigns

Two malware families, NemucodAES and Kovter, are being packaged together in .zip attachments and delivered via active spam campaigns. Researcher Brad Duncan said, “together these two pieces of malware could deliver a nasty punch.” Duncan, a handler at the SANS Institute Internet Storm Center, sai...

0.1AI score

Exploits0References6

ThreatPost•added 2017/07/05 1:48 p.m.•26 views

Libgcrypt Attack Allowed Recovery of RSA-1024 Keys

The cryptographic library Libgcrypt is vulnerable to a local side-channel attack; something researchers warn could allow full key recovery for RSA-1024. The vulnerability CVE-2017-7526 is tied to the fact that Libgcrypt, which is based on code from GnuPG, uses left to right sliding windows...

4.3CVSS0.8AI score0.02765EPSS

Exploits0References6

UbuntuCve•added 2017/06/29 12:0 a.m.•22 views

CVE-2017-7526

6.8CVSS7AI score0.02765EPSS

Exploits0References6

The Hacker News•added 2017/06/19 8:43 a.m.•12 views

Web Hosting Company Pays $1 Million to Ransomware Hackers to Get Files Back

South Korean web hosting provider has agreed to pay $1 million in bitcoins to hackers after a Linux ransomware infected its 153 servers, encrypting 3,400 business websites and their data, hosted on them. According to a blog post published by NAYANA, the web hosting company, this unfortunate event...

6.4AI score