Search
Search Results (108 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-10844 | 5 Canonical, Debian, Fedoraproject and 2 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2024-11-21 | 5.9 Medium |
| It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets. | ||||
| CVE-2018-1000119 | 2 Redhat, Sinatrarb | 4 Enterprise Linux, Satellite, Satellite Capsule and 1 more | 2024-11-21 | N/A |
| Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to have been fixed in 1.5.5 and 2.0.0. | ||||
| CVE-2018-0737 | 3 Canonical, Openssl, Redhat | 4 Ubuntu Linux, Openssl, Enterprise Linux and 1 more | 2024-11-21 | N/A |
| The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o). | ||||
| CVE-2018-0735 | 7 Canonical, Debian, Netapp and 4 more | 24 Ubuntu Linux, Debian Linux, Cloud Backup and 21 more | 2024-11-21 | 5.9 Medium |
| The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1). | ||||
| CVE-2018-0734 | 7 Canonical, Debian, Netapp and 4 more | 23 Ubuntu Linux, Debian Linux, Cloud Backup and 20 more | 2024-11-21 | 5.9 Medium |
| The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). | ||||
| CVE-2017-2585 | 1 Redhat | 5 Enterprise Linux Server, Jboss Single Sign On, Keycloak and 2 more | 2024-11-21 | N/A |
| Red Hat Keycloak before version 2.5.1 has an implementation of HMAC verification for JWS tokens that uses a method that runs in non-constant time, potentially leaving the application vulnerable to timing attacks. | ||||
| CVE-2016-7056 | 4 Canonical, Debian, Openssl and 1 more | 6 Ubuntu Linux, Debian Linux, Openssl and 3 more | 2024-11-21 | N/A |
| A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys. | ||||
| CVE-2016-1000236 | 2 Cookie-signature Project, Debian | 2 Cookie-signature, Debian Linux | 2024-11-21 | 4.4 Medium |
| Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used. | ||||