CVE-2024-45056 `fold (xor (shl 1, x), -1) -> (rotl ~1, x)` misoptimization in zksolc

zksolc is a Solidity compiler for ZKsync. All LLVM versions since 2015 fold xor shl 1, x, -1 to rotl 1, x if run with optimizations enabled. Here 1 is generated as an unsigned 64 bits number 2^64-1. This number is zero-extended to 256 bits on EraVM target while it should have been sign-extended...

Insecure TLS Configuration

seamonkey uses an insecure TLS configuration. It was found that the SSL DHE Diffie-Hellman Ephemeral mode implementation for key exchanges in SeaMonkey accepted DHE keys that were 256 bits in length. This update removes support for 256 bit DHE keys, as such keys are easily broken using modern...

openssl: Carry propagating bug in Montgomery multiplication

There is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that attacks against RSA, DSA and DH private keys are impossible. This is...

sysPass >= 2.0 risky cryptographic algorithm usage Vulnerability

Exploit for php platform in category web applications CVE-2017-5999 - sysPass risky cryptographic algorithm usage Credit: Guenaelle De Julis & Quentin Olagne CVE: CVE-2017-5999 Dates: 14/02/2017 Vendor: sysPass Product: sysPass Versions Affected: = 2.0 Risk / Severity Rating: 4.4 CVSSv2 SysPass...