CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9526 – Ubuntu Security Notice USN-3347-1
https://notcve.org/view.php?id=CVE-2017-9526
11 Jun 2017 — In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point operations are used in the MPI library. En Libgcrypt, anterior a versión 1.7.7, un atacante que aprende la clave de sesión EdDSA (de la observación del canal lateral durante el proceso de firma) puede fácilmente recup... • http://www.debian.org/security/2017/dsa-3880 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 1%CPEs: 15EXPL: 0CVE-2016-6313 – libgcrypt: PRNG output is predictable
https://notcve.org/view.php?id=CVE-2016-6313
18 Aug 2016 — The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits. Las funciones de mezcla en el generador de números aleatorios en Libgcrypt en versiones anteriores a 1.5.6, 1.6.x en versiones anteriores a 1.6.6 y 1.7.x en versiones anteriores a 1.7.3 y GnuPG en versiones anteriores a 1.4.21 hacen más fácil para ataca... • http://rhn.redhat.com/errata/RHSA-2016-2674.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0CVE-2016-4574 – Ubuntu Security Notice USN-2982-1
https://notcve.org/view.php?id=CVE-2016-4574
17 May 2016 — Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-4356. El error off-by-one en la función append_utf8_value en el decodificador DN (dn.c) en Libksba en versiones anteriores a 1.3.4 permite a atacantes remotos provocar una caída de servicio (lectura fuera de rango) a través de una c... • http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=6be61daac047d8e6aa941eb103f8e71a1d4e3c75 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2016-4579 – Gentoo Linux Security Advisory 201706-22
https://notcve.org/view.php?id=CVE-2016-4579
17 May 2016 — Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl." Libksba en versiones anteriores a 1.3.4 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de rango y caída) a través de vectores no especificados, relacionado "longitud devuelta del objeto de _ksba_ber_parse_tl". Hanno Boeck discovered that Libksba incorrectly handled decoding cer... • http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=a7eed17a0b2a1c09ef986f3b4b323cd31cea2b64 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-4353 – Ubuntu Security Notice USN-2982-1
https://notcve.org/view.php?id=CVE-2016-4353
17 May 2016 — ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service (abort) via crafted BER data. ber-decoder.c en Libksba en versiones anteriores a 1.3.3 no maneja correctamente el decodificador de desbordamiento de pila, lo que permite a atacantes remotos provocar una denegación de servicio (abortado) a través de una información BER manipulada. Hanno Boeck discovered that Libksba incorrectly handled decoding certain BER data. A... • http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=07116a314f4dcd4d96990bbd74db95a03a9f650a • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-4354 – Ubuntu Security Notice USN-2982-1
https://notcve.org/view.php?id=CVE-2016-4354
17 May 2016 — ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow. ber-decoder.c en Libksba en versiones anteriores a 1.3.3 usa un tipo de información integrada incorrecta, lo que permite a atacantes remotos provocar una denegación de servicio (caída) a través de una información BER manipulada, lo que conduce a un desbordamiento del buffer. Hanno Boeck discovered that Libksba in... • http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=aea7b6032865740478ca4b706850a5217f1c3887 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-4355 – Ubuntu Security Notice USN-2982-1
https://notcve.org/view.php?id=CVE-2016-4355
17 May 2016 — Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 allow remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow. Múltiples desbordamientos de enteros en ber-decoder.c en Libksba en versiones anteriores a 1.3.3 permiten a atacantes remotos provocar una caída del servicio (caída) a través de una información BER manipulada, lo que conduce a un desbordamiento del buffer. Hanno Boeck discovered that Libksba incorrectly handled decoding certai... • http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=aea7b6032865740478ca4b706850a5217f1c3887 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2016-4356 – Ubuntu Security Notice USN-2982-1
https://notcve.org/view.php?id=CVE-2016-4356
17 May 2016 — The append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.3 allows remote attackers to cause a denial of service (out-of-bounds read) by clearing the high bit of the byte after invalid utf-8 encoded data. La función append_utf8_value en el decodificador DN (dn.c) en Libksba en versiones anteriores a 1.3.3 permite a atacantes remotos provocar una caída de servicio (lectura fuera de rango) borrando el bit del byte después de datos codificados UTF-8 no válidos. Hanno Boeck discovered that L... • http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git%3Ba=commit%3Bh=243d12fdec66a4360fbb3e307a046b39b5b4ffc3 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 2.0EPSS: 0%CPEs: 6EXPL: 0CVE-2015-7511 – Ubuntu Security Notice USN-2896-1
https://notcve.org/view.php?id=CVE-2015-7511
15 Feb 2016 — Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring electromagnetic emanations. Libgcrypt en versiones anteriores a 1.6.5 no lleva a cabo correctamente la multiplicación de curva de puntos elípticos durante el descifrado, lo que facilita a atacantes físicamente próximos extrarer claves ECDH mediante la lectura de las emanaciones electromagnéticas. Daniel Genkin, Lev ... • http://lists.opensuse.org/opensuse-updates/2016-05/msg00027.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2015-1607 – Ubuntu Security Notice USN-2554-1
https://notcve.org/view.php?id=CVE-2015-1607
01 Apr 2015 — kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges." El archivo kbx/keybox-search.c en GnuPG versiones anteriores a 1.4.19, versiones 2.0.x anteriores a 2.0.27 y versiones 2.1.x anteriores a 2.1.2, no maneja apropiadamente los cambios a la izquierda bit ... • http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git%3Ba=commit%3Bh=2183683bd633818dd031b090b5530951de76f392 • CWE-20: Improper Input Validation •