189 matches found
CVE-2024-28960
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory...
CVE-2024-28960
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory...
CVE-2024-28960
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory...
CVE-2024-28960
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory...
CVE-2024-28960
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory...
CVE-2024-28960
CVE-2024-28960 affects Mbed TLS 2.18.0–2.28.x (before 2.28.8) and Mbed TLS 3.x (before 3.6.0), and Mbed Crypto. The PSA Crypto API mishandles shared memory. Reported impact: high confidentiality impact, low integrity impact; exploitation context is not detailed in the provided documents. Public f...
CVE-2024-28960
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory...
CVE-2024-28960
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory...
PT-2024-2509 · Arm +3 · Mbed Crypto +4
Name of the Vulnerable Software and Affected Versions: Mbed TLS versions 2.18.0 through 2.28.x before 2.28.8 Mbed TLS versions 3.x before 3.6.0 Mbed Crypto affected versions not specified Description: The PSA Crypto API in Mbed TLS and Mbed Crypto mishandles shared memory, which can be exploited ...
CVE-2024-26584
A flaw was found in the tls subsystem of the Linux kernel. When setting the CRYPTOTFMREQMAYBACKLOG flag on requests to the crypto API, cryptoaeadencrypt and cryptoaeaddecrypt functions can return -EBUSY instead of -EINPROGRESS in valid situations. This issue could lead to undefined behavior and a...
DEBIAN-CVE-2024-26584
In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we're setting the CRYPTOTFMREQMAYBACKLOG flag on our requests to the crypto API, cryptoaeadencrypt,decrypt can return -EBUSY instead of -EINPROGRESS in valid situations. For...
CVE-2024-26584 net: tls: handle backlogging of crypto requests
In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we're setting the CRYPTOTFMREQMAYBACKLOG flag on our requests to the crypto API, cryptoaeadencrypt,decrypt can return -EBUSY instead of -EINPROGRESS in valid situations. For...
SUSE SLES15 Security Update : kernel RT (Live Patch 15 for SLE 15 SP4) (SUSE-SU-2024:0351-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0351-1 advisory. - A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occur...
Denial Of Service (DoS)
nodejs is vulnerable to Denial Of Service DoS. The vulnerability exists when an invalid public key is used to create an x509 certificate using the crypto.X509Certificate API. A non-expected termination occurs, making it susceptible to Denial of Service DoS attacks. In this scenario, an attacker...
nodejs: process interuption due to invalid Public Key information in x509 certificates
A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as...
nodejs: DiffieHellman do not generate keys after setting a private key
A vulnerability has been identified in the Node.js, where a generateKeys API function returned from crypto.createDiffieHellman only generates missing or outdated keys, that is, it only generates a private key if none has been set yet...
CVE-2023-35339
Windows CryptoAPI Denial of Service Vulnerability...
big-map-archive-api-client (>=0.0.1 <=1.2.0), dash-tools (>=1.6.0 <=1.11.1) +16 more potentially affected by CVE-2023-31543 via pipreqs (>=0.4.10 <=0.4.11)
pipreqs PYPI version =0.4.10, =0.0.1, =1.6.0, =0.0.6, =1.0.3, =1.1.5, =0.3.37, =0.0.5, =0.2.20, =0.0.1, =1.0.0, =1.0.2 and more Source cves: CVE-2023-31543 Source advisory: OSV:PYSEC-2023-99...
PT-2023-4527 · Node.Js +10 · Node.Js +10
Name of the Vulnerable Software and Affected Versions: Node.js affected versions not specified Description: The generateKeys API function returned from crypto.createDiffieHellman only generates missing or outdated keys, that is, it only generates a private key if none has been set yet, but the...
K000133317: Intel software vulnerability CVE-2022-21163
Security Advisory Description Improper access control in the Crypto API Toolkit for IntelR SGX before version 2.0 commit ID 91ee496 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2022-21163 Impact There is no impact; F5 products are not affecte...