105 matches found
Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition
Summary This bulletin covers all applicable Java SE CVEs published by Oracle as part of their January 2024 Critical Patch Update, plus CVE-2023-33850. For more information please refer to Oracle's January 2024 CPU Advisory and the X-Force database entries referenced below. Vulnerability Details...
CVE-2023-50981
ModularSquareRoot in Crypto++ aka cryptopp through 8.9.0 allows attackers to cause a denial of service infinite loop via crafted DER public-key data associated with squared odd numbers, such as the square of 268995137513890432434389773128616504853...
Crypto++ Security Vulnerability
Crypto++ is a C++ cryptographic method library A security vulnerability exists in Crypto++ version 8.9.0, which stems from a security issue in the ModularSquareRoot function that results in an infinite loop. An attacker exploiting this vulnerability may be able to create an incorrectly formatted...
CVE-2023-40082
In modifyfornextstage of fdt.rs, there is a possible way to render KASLR ineffective due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
Privilege escalation
In the APEX module framework of AOSP, there is a possible malicious update to platform components due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. More details on this c...
kernel: use after free in nvmet_tcp_free_crypto in NVMe
A use-after-free vulnerability was found in drivers/nvme/target/tcp.c in nvmettcpfreecrypto due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead t...
CVE-2023-21358
In UWB Google, there is a possible way for a malicious app to masquerade as system app com.android.uwb.resources due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2023-24517 · Ibm +1 · Ibm Gskit-Crypto +2
Name of the Vulnerable Software and Affected Versions: IBM GSKit-Crypto affected versions not specified Description: The issue is caused by a timing-based side channel in the RSA Decryption implementation, allowing a remote attacker to obtain sensitive information by sending an overly large numbe...
ASB-A-258834033
In btmsecencryptchange of btmsec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-24532
The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh...
Privilege escalation
In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2023-20940
In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
Matrix 安全漏洞
Matrix is an ambitious new ecosystem for open federated instant messaging and VoIP. A security vulnerability in Matrix matrix-sdk-crypto prior to version 0.5 stems from a vulnerability that allows a malicious home server to insert a room key of questionable validity into the keystore under certai...
Security Bulletin: TS3000 code level v7.x affected by Open Source GnuTLS cyrpto issue (CVE-2014-0092)
Summary A security vulnerability has been found that affects certain level of TSSC code. Vulnerability Details lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows...
Elixir can leak information due to weak use of crypto
Elixir prior to and including 0.7.1 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database. A patch has been attached to the initial advisory to mitigate this...
PUB-A-217475903
In TBD of TBD, there is a possible way to decrypt local data encrypted by the GSC due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
Security Bulletin: GO is is vulnerable to a denial of service on IBM Watson Machine Learning on CP4D
Summary Golang golang.org/x/crypto is vulnerable to a denial of service, caused by an error during signature verification in the golang.org/x/crypto/ssh package on IBM Watson Machine Learning on CP4D Vulnerability Details CVEID: CVE-2020-9283 DESCRIPTION: Golang golang.org/x/crypto is vulnerable ...
Improper Key Verification
xml-crypto is vulnerable to improper key verification. An attacker can inject an HMAC-SHA1 signature that is valid using only knowledge of the RSA public key. This allows bypassing signature validation...
The vulnerability of the vhost-crypto module in the libraries and drivers for fast packet processing in dpdk allows a hacker to gain access to confidential data.
The vulnerability of the vhost-crypto module in the libraries and drivers for fast packet processing in dpdk is related to a numerical overflow condition. Exploiting this vulnerability can allow an attacker to gain access to confidential data...
Security Bulletin: IBM Spectrum Scale GUI is affected by weak crypto algorithm (CVE-2020-4349)
Summary A security vulnerability has been identified in all levels of IBM Spectrum Scale GUI. A fix for this vulnerability is available. Vulnerability Details CVEID: CVE-2020-4349 DESCRIPTION: IBM Spectrum Scale uses weaker than expected cryptographic algorithms that could allow an attacker to...