CVSS: 2.0EPSS: 0%CPEs: 6EXPL: 0CVE-2015-7511 – Ubuntu Security Notice USN-2896-1
https://notcve.org/view.php?id=CVE-2015-7511
15 Feb 2016 — Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations. Libgcrypt en versiones anteriores a 1.6.5 no lleva a cabo correctamente la multiplicación de curva de puntos elípticos durante el descifrado, lo que facilita a atacantes físicamente próximos extrarer claves ECDH mediante la lectura de las emanaciones electromagnéticas. Daniel Genkin, Lev ... • http://lists.opensuse.org/opensuse-updates/2016-05/msg00027.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.2EPSS: 0%CPEs: 4EXPL: 0CVE-2014-3591 – Debian Security Advisory 3184-1
https://notcve.org/view.php?id=CVE-2014-3591
13 Mar 2015 — Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication. Libgcrypt versiones anteriores a 1.6.3 y GnuPG versiones anteriores a 1.4.19, no implementa un blinding de texto cifrado para el desencriptado de Elgamal, lo que permite a atacantes físicamente próximos... • http://www.cs.tau.ac.il/~tromer/radioexp • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2015-0837 – Debian Security Advisory 3184-1
https://notcve.org/view.php?id=CVE-2015-0837
13 Mar 2015 — The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack." La función mpi_powm en Libgcrypt versiones anteriores a 1.6.3 y GnuPG versiones anteriores a 1.4.19, permite a atacantes obtener información confidencial mediante el aprovechamiento de las diferencias de tiempo al acceder a una tabla prec... • http://www.debian.org/security/2015/dsa-3184 • CWE-203: Observable Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2014-5270 – Debian Security Advisory 3073-1
https://notcve.org/view.php?id=CVE-2014-5270
29 Aug 2014 — Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576. Libgcrypt anterior a 1.5.4, utilizado en GnuPG y otros productos, no realiza debidamente la normalización y aleatorización de texto cifrado, lo que facilita a atacantes f... • http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000352.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 96EXPL: 0CVE-2013-4242 – GnuPG susceptible to Yarom/Falkner flush+reload cache side-channel attack
https://notcve.org/view.php?id=CVE-2013-4242
29 Jul 2013 — GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. GnuPG anterior a 1.4.14, y Libgcrypt anterior a 1.5.3 usado en GnuPG 2.0.x y posiblemente otros productos, permite a usuarios locales obtener las claves RSA privadas a través de un ataque "side-channel" que involucra la caché L3. Aka Flush+Reload. The GNU Privacy Guard is a tool for encrypti... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •