Lucene search
K

105 matches found

ibm
ibm
added 2024/02/09 7:20 p.m.40 views

Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition

Summary This bulletin covers all applicable Java SE CVEs published by Oracle as part of their January 2024 Critical Patch Update, plus CVE-2023-33850. For more information please refer to Oracle's January 2024 CPU Advisory and the X-Force database entries referenced below. Vulnerability Details...

7.5CVSS6.8AI score0.01026EPSS
Exploits0Affected Software1
vulnrichment
vulnrichment
added 2023/12/18 12:0 a.m.4 views

CVE-2023-50981

ModularSquareRoot in Crypto++ aka cryptopp through 8.9.0 allows attackers to cause a denial of service infinite loop via crafted DER public-key data associated with squared odd numbers, such as the square of 268995137513890432434389773128616504853...

7.2AI score0.00762EPSS
Exploits1References1
cnnvd
cnnvd
added 2023/12/18 12:0 a.m.5 views

Crypto++ Security Vulnerability

Crypto++ is a C++ cryptographic method library A security vulnerability exists in Crypto++ version 8.9.0, which stems from a security issue in the ModularSquareRoot function that results in an infinite loop. An attacker exploiting this vulnerability may be able to create an incorrectly formatted...

7.5CVSS6.6AI score0.00762EPSS
Exploits1References3
nvd
nvd
added 2023/12/04 11:15 p.m.31 views

CVE-2023-40082

In modifyfornextstage of fdt.rs, there is a possible way to render KASLR ineffective due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

9.8CVSS0.00639EPSS
Exploits0References2
prion
prion
added 2023/12/04 11:15 p.m.24 views

Privilege escalation

In the APEX module framework of AOSP, there is a possible malicious update to platform components due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. More details on this c...

4.3CVSS7.3AI score0.00333EPSS
Exploits0References4
redhat
redhat
added 2023/11/28 4:5 p.m.4 views

kernel: use after free in nvmet_tcp_free_crypto in NVMe

A use-after-free vulnerability was found in drivers/nvme/target/tcp.c in nvmettcpfreecrypto due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead t...

8.8CVSS7.3AI score0.09141EPSS
Exploits2References5
nvd
nvd
added 2023/10/30 5:15 p.m.22 views

CVE-2023-21358

In UWB Google, there is a possible way for a malicious app to masquerade as system app com.android.uwb.resources due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7.8AI score0.00079EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2023/08/22 12:0 a.m.3 views

PT-2023-24517 · Ibm +1 · Ibm Gskit-Crypto +2

Name of the Vulnerable Software and Affected Versions: IBM GSKit-Crypto affected versions not specified Description: The issue is caused by a timing-based side channel in the RSA Decryption implementation, allowing a remote attacker to obtain sensitive information by sending an overly large numbe...

7.5CVSS5.9AI score0.01026EPSS
Exploits0References59
osv
osv
added 2023/06/01 12:0 a.m.28 views

ASB-A-258834033

In btmsecencryptchange of btmsec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS8.7AI score0.00105EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2023/03/08 7:40 p.m.38 views

CVE-2023-24532

The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh...

5.3CVSS7.5AI score0.00817EPSS
Exploits0
prion
prion
added 2023/02/28 5:15 p.m.23 views

Privilege escalation

In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

4.3CVSS7.6AI score0.00062EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2023/02/28 12:0 a.m.21 views

CVE-2023-20940

In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

7.9AI score0.00062EPSS
Exploits0References1
cnnvd
cnnvd
added 2022/09/29 12:0 a.m.7 views

Matrix 安全漏洞

Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. A security vulnerability in Matrix matrix-sdk-crypto prior to version 0.5 stems from a vulnerability that allows a malicious home server to insert a room key of questionable validity into the keystore under certai...

8.6CVSS7.3AI score0.00488EPSS
Exploits0References5
ibm
ibm
added 2022/08/20 12:54 a.m.35 views

Security Bulletin: TS3000 code level v7.x affected by Open Source GnuTLS cyrpto issue (CVE-2014-0092)

Summary A security vulnerability has been found that affects certain level of TSSC code. Vulnerability Details lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows...

5.8CVSS6.2AI score0.29958EPSS
Exploits1Affected Software1
github
github
added 2022/05/17 5:25 a.m.26 views

Elixir can leak information due to weak use of crypto

Elixir prior to and including 0.7.1 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database. A patch has been attached to the initial advisory to mitigate this...

4.3CVSS6.1AI score0.01667EPSS
Exploits0References9Affected Software1
osv
osv
added 2022/05/01 12:0 a.m.7 views

PUB-A-217475903

In TBD of TBD, there is a possible way to decrypt local data encrypted by the GSC due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS7AI score0.00075EPSS
Exploits0References1
ibm
ibm
added 2021/05/03 3:17 p.m.31 views

Security Bulletin: GO is is vulnerable to a denial of service on IBM Watson Machine Learning on CP4D

Summary Golang golang.org/x/crypto is vulnerable to a denial of service, caused by an error during signature verification in the golang.org/x/crypto/ssh package on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2020-9283 DESCRIPTION: Golang golang.org/x/crypto is vulnerable ...

7.5CVSS1.9AI score0.21052EPSS
Exploits6Affected Software1
veracode
veracode
added 2020/11/26 5:46 a.m.11 views

Improper Key Verification

xml-crypto is vulnerable to improper key verification. An attacker can inject an HMAC-SHA1 signature that is valid using only knowledge of the RSA public key. This allows bypassing signature validation...

5.3AI score
Exploits0
bdu_fstec
bdu_fstec
added 2020/08/19 12:0 a.m.7 views

The vulnerability of the vhost-crypto module in the libraries and drivers for fast packet processing in dpdk allows a hacker to gain access to confidential data.

The vulnerability of the vhost-crypto module in the libraries and drivers for fast packet processing in dpdk is related to a numerical overflow condition. Exploiting this vulnerability can allow an attacker to gain access to confidential data...

4.6CVSS6.5AI score0.00353EPSS
Exploits0References11Affected Software8
ibm
ibm
added 2020/05/26 3:32 p.m.24 views

Security Bulletin: IBM Spectrum Scale GUI is affected by weak crypto algorithm (CVE-2020-4349)

Summary A security vulnerability has been identified in all levels of IBM Spectrum Scale GUI. A fix for this vulnerability is available. Vulnerability Details CVEID: CVE-2020-4349 DESCRIPTION: IBM Spectrum Scale uses weaker than expected cryptographic algorithms that could allow an attacker to...

7.5CVSS1.2AI score0.00792EPSS
Exploits0Affected Software1
Rows per page
Query Builder