Lucene search
+L

10 matches found

SUSE Linux
SUSE Linux
added 2025/06/20 10:38 a.m.2 views

Security update for openssl-3

This update for openssl-3 fixes the following issues: CVE-2025-27587: timing side-channel vulnerability in the P-384 implementation when used with ECDSA bsc1243459. CVE-2024-12797: Fixed that RFC7250 handshakes with unauthenticated servers don't abort as expected. bsc1236599 CVE-2024-13176: Fixed...

8.8CVSS7.5AI score0.02439EPSS
Exploits0References12
OSV
OSV
added 2025/06/20 10:38 a.m.2 views

SUSE-SU-2025:02042-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2025-27587: timing side-channel vulnerability in the P-384 implementation when used with ECDSA bsc1243459. - CVE-2024-12797: Fixed that RFC7250 handshakes with unauthenticated servers don't abort as expected. bsc1236599 - CVE-2024-13176:...

6.3CVSS6.7AI score0.02439EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 3:59 a.m.3 views

SUSE CVE-2020-12401

During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox 80 and Firefox for Android 80...

4.7CVSS8.3AI score0.00323EPSS
Exploits0References20
SUSE CVE
SUSE CVE
added 2023/02/15 3:27 a.m.2 views

SUSE CVE-2022-26387

When installing an add-on, Firefox verified the signature before prompting the user; but while the user was confirming the prompt, the underlying add-on file could have been modified and Firefox would not have noticed. This vulnerability affects Firefox 98, Firefox ESR 91.7, and Thunderbird 91.7...

7.5CVSS6.9AI score0.00657EPSS
Exploits1References11
OSV
OSV
added 2020/07/09 3:15 p.m.1 views

DEBIAN-CVE-2020-12399

NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird 68.9.0, Firefox 77, and Firefox ESR 68.9...

4.4CVSS8AI score0.00651EPSS
Exploits0References1
OSV
OSV
added 2020/05/28 12:7 p.m.4 views

USN-4376-1 openssl vulnerabilities

Cesar Pereida García, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL incorrectly handled ECDSA signatures. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys...

5.3CVSS7.2AI score0.14298EPSS
Exploits0References5
OSV
OSV
added 2018/10/30 12:29 p.m.1 views

ALPINE-CVE-2018-0734

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a Affected 1.1.1. Fixed in OpenSSL 1.1.0j Affected 1.1.0-1.1.0i. Fixed in OpenSSL 1.0.2q...

5.9CVSS6.8AI score0.12154EPSS
Exploits0References1
OSV
OSV
added 2018/06/04 1:29 p.m.5 views

DEBIAN-CVE-2016-1000341

In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k...

5.9CVSS6.8AI score0.02606EPSS
Exploits0References1
OSV
OSV
added 2018/06/04 12:0 a.m.1 views

UBUNTU-CVE-2016-1000341

In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k...

5.9CVSS6.8AI score0.02606EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2017/07/20 4:16 p.m.6 views

OpenJDK: DSA implementation timing attack (JCE, 8175106)

A covert timing channel flaw was found in the DSA implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application generate DSA signatures on demand could possibly use this flaw to extract certain information about the used key via a timing side channel...

7.5CVSS7.3AI score0.02737EPSS
Exploits0References4
Rows per page
Query Builder