CVE-2024-50382

Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in GHASH in AES-GCM. There is a branch instead of an XOR with carry. This was observed for Clang in LLVM 15 on RISC-V...

CVE-2024-50383

Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 used in Chacha-Poly1305 and x25519. An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS, and GCC on x86-i38...

AZL-51681 CVE-2024-50383 affecting package botan2 2.14.0-2

Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 used in Chacha-Poly1305 and x25519. An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS, and GCC on x86-i38...

CVE-2024-50383

Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 used in Chacha-Poly1305 and x25519. An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS, and GCC on x86-i38...

CVE-2024-50382

Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in GHASH in AES-GCM. There is a branch instead of an XOR with carry. This was observed for Clang in LLVM 15 on RISC-V...

DEBIAN-CVE-2024-50382

Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in GHASH in AES-GCM. There is a branch instead of an XOR with carry. This was observed for Clang in LLVM 15 on RISC-V...

UBUNTU-CVE-2024-50383

Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 used in Chacha-Poly1305 and x25519. An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS, and GCC on x86-i38...

CVE-2024-50383

Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 used in Chacha-Poly1305 and x25519. An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS, and GCC on x86-i38...

CVE-2024-50382

Botan before 3.6.0, when certain LLVM versions are used, has compiler-induced secret-dependent control flow in lib/utils/ghash/ghash.cpp in GHASH in AES-GCM. There is a branch instead of an XOR with carry. This was observed for Clang in LLVM 15 on RISC-V...

Botan 安全漏洞

Botan is a C++ cryptographic library by the individual developer Jack Lloyd. A security vulnerability exists in versions of Botan prior to 3.6.0, which stems from a compiler-caused secret dependency operation when compiling with some versions of GCC. An addition operation could be skipped if the...

CVE-2024-50383

Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 used in Chacha-Poly1305 and x25519. An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS, and GCC on x86-i38...

CVE-2024-47716

CVE-2024-47716 affects the Linux kernel on ARM where vfp: Use asm volatile in fmrx/fmxr macros fixes floating-point instructions from userspace that could crash arm kernels. The issue is demonstrated by a minimal userspace reproducer on a Raspberry Pi Zero W and is triggered when the kernel is bu...

CVE-2024-47716 ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros

In the Linux kernel, the following vulnerability has been resolved: ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP instruction in kernel mode FPEXC == 0xc0000780 Internal...

CVE-2024-47716 ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros

In the Linux kernel, the following vulnerability has been resolved: ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP instruction in kernel mode FPEXC == 0xc0000780 Internal...

MAL-2024-9532 Malicious code in bundled-angular-compiler (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in bundled-angular-compiler (npm)

--- -= Per source details. Do not edit below this line.=-...

Oracle Java SE Security Update (Oct24-2) - Windows

Oracle Java SE is prone to an unspecified vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ROS-20241015-17

A vulnerability in the Networking component of Oracle GraalVM Enterprise Edition virtual machines, Oracle GraalVM for JDK and Oracle Java SE software platform is related to incorrect authorization. Exploitation of the vulnerability could allow an attacker acting remotely to impact data integrity ...

PT-2024-11039 · WordPress · Wordpress Mega Menu

Name of the Vulnerable Software and Affected Versions: WordPress Mega Menu plugin versions up to, and including, 2.0.6 Description: The WordPress Mega Menu plugin is vulnerable to Arbitrary File Creation, allowing unauthenticated attackers to create arbitrary PHP files that can be used to execute...

VulnCheck KEV: CVE-2021-4443

The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compilersave AJAX action. This makes it possible for unauthenticated attackers to create arbitrary PHP files that can be used to execute malicious code...