CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7439
https://notcve.org/view.php?id=CVE-2016-7439
13 Dec 2016 — The C software implementation of RSA in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences. La implementacion de software C de RSA en wolfSSL (anteriormente CyaSSL) en versiones anteriores a 3.9.10 hace más fácil para usuarios locales descubrir las claves RSA aprovechando las diferencias de acierto de banco del caché. • http://www.securityfocus.com/bid/95050 • CWE-310: Cryptographic Issues •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2016-7440 – Slackware Security Advisory - mariadb Updates
https://notcve.org/view.php?id=CVE-2016-7440
25 Oct 2016 — The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences. La implementación de software C de AES Encryption and Decryption en wolfSSL (anterioremtne CyaSSL) en versiones anteriores a 3.9.10 hace más fácil para usuarios locales descubrir las claves AES aprovechando las diferencias de tiempo de banco del cachè. Multiple security issues were discovered in MySQL and t... • http://www.debian.org/security/2016/dsa-3706 •
CVSS: 5.9EPSS: 1%CPEs: 7EXPL: 2CVE-2015-7744
https://notcve.org/view.php?id=CVE-2015-7744
22 Jan 2016 — wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack. wolfSSL (anteriormente CyaSSL) en versiones anteriores a 3.6.8 no maneja correctamente fallos asociados con el proceso Chinese Remainder Theorem (CRT) cuando permiten el interca... • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00015.html •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2015-6925
https://notcve.org/view.php?id=CVE-2015-6925
22 Jan 2016 — wolfSSL (formerly CyaSSL) before 3.6.8 allows remote attackers to cause a denial of service (resource consumption or traffic amplification) via a crafted DTLS cookie in a ClientHello message. wolfSSL (anteriormente CyaSSL) en versiones anteriores a 3.6.8 permite a atacantes remotos provocar una denegación de servicio (consumo de recurso o amplificación de tráfico) a través de una cookie DTLS manipulada en un mensaje ClientHello. • http://wolfssl.com/wolfSSL/Docs-wolfssl-changelog.html • CWE-399: Resource Management Errors •