Lucene search
K

249 matches found

CNNVD
CNNVD
added 2024/05/16 12:0 a.m.2 views

OpenSSL 安全漏洞

OpenSSL is an open source general-purpose cryptographic library capable of implementing the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols from the OpenSSL team. It supports a wide range of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...

5.3CVSS6.9AI score0.01131EPSS
Exploits0References9
IBM Security Bulletins
IBM Security Bulletins
added 2023/12/07 10:45 p.m.20 views

Security Bulletin: Vulnerabilities in OpenSSL affect GCM16 & GCM32 KVM Switch Firmware (CVE-2018-0734, CVE-2018-0737, CVE-2018-0739)

Summary GCM16 & GCM32 KVM Switch Firmware have addressed the following vulnerabilities in OpenSSL. Vulnerability Details CVEID: CVE-2018-0734 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing side channel attack in the DSA signature algorithm. ...

6.5CVSS0.7AI score0.19295EPSS
Exploits0Affected Software3
OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.14 views

Debian: Security Advisory (DLA-262-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS7.6AI score0.02879EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.26 views

K54022413: GnuTLS vulnerability CVE-2015-0294

Security Advisory Description GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. CVE-2015-0294 Impact GnuTLS does not check if all sections of X.509 certificates indicate the same signature algorithm. This flaw, in combination with a different...

7.5CVSS7.5AI score0.01586EPSS
Exploits0Affected Software13
SUSE CVE
SUSE CVE
added 2023/02/15 6:6 a.m.3 views

SUSE CVE-2008-5077

OpenSSL 0.9.8i and earlier does not properly check the return value from the EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys...

5.8CVSS6.9AI score0.05146EPSS
Exploits1References15
SUSE CVE
SUSE CVE
added 2023/02/15 5:10 a.m.3 views

SUSE CVE-2015-9258

In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might for example be able to forge a signature by forcing a misinterpretation of an RSA-PSS key as Ed2551...

7.5CVSS6.9AI score0.01063EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:6 a.m.3 views

SUSE CVE-2016-2178

The dsasignsetup function in crypto/dsa/dsaossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack...

5.5CVSS6.4AI score0.01174EPSS
Exploits1References25
SUSE CVE
SUSE CVE
added 2023/02/15 4:53 a.m.4 views

SUSE CVE-2016-1000341

In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k...

5.9CVSS7.8AI score0.02606EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:53 a.m.4 views

SUSE CVE-2016-1000343

In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size...

7.5CVSS8AI score0.032EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:51 a.m.4 views

SUSE CVE-2017-3732

There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed...

5.9CVSS9AI score0.15934EPSS
Exploits1References37
OSV
OSV
added 2023/02/07 12:0 a.m.1 views

UBUNTU-CVE-2023-0217

An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVPPKEYpubliccheck function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allo...

7.5CVSS6.8AI score0.01846EPSS
Exploits0References4
Snyk
Snyk
added 2022/05/24 10:6 p.m.1 views

Allocation of Resources Without Limits or Throttling

Overview std/crypto/dsa is a Go standard library package std/crypto/dsa Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: via the Verify function. An attacker can cause excessive resource consumption and make affecte...

8.7CVSS6.8AI score0.04335EPSS
Exploits0References3
OSV
OSV
added 2022/05/14 3:28 a.m.15 views

GHSA-785H-HRF7-GQXC Docker Notary Signature Algorithm Not Matched to Key vulnerability

In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might for example be able to forge a signature by forcing a misinterpretation of an RSA-PSS key as Ed2551...

7.5CVSS7.3AI score0.01063EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/14 3:28 a.m.22 views

Docker Notary Signature Algorithm Not Matched to Key vulnerability

In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might for example be able to forge a signature by forcing a misinterpretation of an RSA-PSS key as Ed2551...

7.5CVSS6.8AI score0.01063EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/03/18 2:15 p.m.1 views

UBUNTU-CVE-2022-24773

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signature verification code does not properly check DigestInfo for a proper ASN.1 structure. This can lead to successful verification with signatures that...

5.3CVSS6.8AI score0.00875EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/03/04 12:54 p.m.20 views

CVE-2021-43392

STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE...

6.4AI score0.00162EPSS
Exploits0References2
Snyk
Snyk
added 2022/03/02 2:29 p.m.2 views

Access Restriction Bypass

Overview Affected versions of this package are vulnerable to Access Restriction Bypass during attempted authentication by a TLS 1.3 client to a TLS 1.3 server, certificate validation may be bypassed when the sigalgo field differs between the certificateverify message and the certificate message...

6.5CVSS7.1AI score0.00618EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/02/24 3:15 p.m.2 views

CVE-2022-25638

In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sigalgo field differs between the certificateverify message and the certificate message...

6.5CVSS5.3AI score0.00618EPSS
Exploits0References3
OSV
OSV
added 2022/02/24 3:15 p.m.2 views

DEBIAN-CVE-2022-25638

In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sigalgo field differs between the certificateverify message and the certificate message...

6.5CVSS6.4AI score0.00618EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/02/24 12:0 a.m.4 views

wolfSSL 信任管理问题漏洞

Wolfssl CyaSSL is a small, portable embedded SSL programming library for use by embedded systems developers from Wolfssl, Inc. in the United States. A security vulnerability exists in wolfSSL versions prior to 5.2.0, which stems from an application attempting to authenticate a TLS 1.3 client to a...

6.5CVSS6.5AI score0.00618EPSS
Exploits0References4
Rows per page
Query Builder