11 matches found
CVE-2026-12205
A flaw was found in Crypt::DSA, a Perl module for Digital Signature Algorithm DSA cryptography. This vulnerability occurs because the software reuses a unique random number, known as a nonce, for multiple digital signatures generated with the same cryptographic key. An attacker could exploit this...
RHEL 8 : openssl (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openssl: Read buffer overruns processing ASN.1 strings CVE-2021-3712 - Simultaneous Multi-threading SMT i...
K73422160: OpenSSL vulnerability CVE-2019-1547
Security Advisory Description Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters instead of using a named curve. In those cases it is possible th...
EulerOS Virtualization 3.0.2.2 : openssl (EulerOS-SA-2020-1274)
According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker,...
EulerOS Virtualization for ARM 64 3.0.2.0 : openssl (EulerOS-SA-2020-1221)
According to the versions of the openssl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In situations where an attacker receives automated notification of the success or failure of a decryption attempt an...
Updated mbedtls packages fix security vulnerabilities
Updated mbedtls packages fix security vulnerabilities: If Mbed TLS is running in an SGX enclave and the adversary has control of the main operating system, they can launch a side channel attack to recover the RSA private key when it is being imported. Found by Alejandro Cabrera Aldaya and Billy...
EulerOS 2.0 SP5 : openssl110h (EulerOS-SA-2019-2218)
According to the versions of the openssl110h packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in th...
EulerOS 2.0 SP3 : openssl1.1.0f (EulerOS-SA-2019-2254)
According to the versions of the openssl1.1.0f packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some...
CVE-2019-1547
Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters instead of using a named curve. In those cases it is possible that such a group does not have...
CVE-2019-1547
Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters instead of using a named curve. In those cases it is possible that such a group does not have...
botan2 -- ECDSA side channel
botan2 developers report: A side channel in the ECDSA signature operation could allow a local attacker to recover the secret key. Found by Keegan Ryan of NCC Group. Bug introduced in 2.5.0, fixed in 2.7.0. The 1.10 branch is not affected...