DEBIAN-CVE-2023-6176

A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their...

CVE-2023-35339

Windows CryptoAPI Denial of Service Vulnerability...

CVE-2023-24937

Windows CryptoAPI Denial of Service Vulnerability...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to launch attacks execute attacks that can lead to the following categories of damage: Denial-of-Service DoS. Circumvention of security measure Remote code execution Administrator/Root rights Remote...

CVE-2022-34689

Windows CryptoAPI Spoofing Vulnerability...

PT-2020-1289

Name of the Vulnerable Software and Affected Versions Windows CryptoAPI Crypt32.dll versions prior to the fixed version Description A spoofing vulnerability exists in the way Windows CryptoAPI validates Elliptic Curve Cryptography ECC certificates. An attacker could exploit the vulnerability by...

Unsafe Pseudorandom Number Generation Through The Use Of Insecure Entropy Source

uuid and node-uuid have flaws which lead to the use of an insecure entropy source "Math.random" to generate pseudorandom numbers instead of using a secure Cryptographic API...

the Crypto Undertaker: Tomb

Tomb aims to be a free and open source system for easy encryption and backup of personal files, written in code that is easy to review and links shared GNU/Linux components. At present, Tomb consists of a simple shell script Zsh using standard filesystem tools GNU and the cryptographic API of the...

Apple iOS cryptographic API call validation vulnerability

Apple iOS is an operating system for Apple smart devices. A security vulnerability exists in the Apple iOS cryptographic API that allows an attacker to exploit a vulnerability to bypass secure signature checks and perform unauthorized attacks...

Apple iOS < 10.3 Multiple Vulnerabilities

Binary data 700034.prm...

RHEL 6 : MRG (RHSA-2013:0829)

Updated kernel-rt packages that fix several security issues and multiple bugs are now available for Red Hat Enterprise MRG 2.3. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

PT-2009-4917 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to the fixed version Description: A spoofing issue exists in the CryptoAPI component when handling X.509 certificates. This issue allows man-in-the-middle attackers to impersonate arbitrary SSL servers via a...

PT-2009-4918 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to the fixed version Description: The issue is related to an integer overflow in the CryptoAPI component when parsing X.509 certificates with malformed ASN.1 Object Identifiers. This allows man-in-the-middle...

Design/Logic Flaw

Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control CAPICOM.dll in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability."...

CVE-2007-0940

Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control CAPICOM.dll in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability."...

CVE-2007-0940

CVE-2007-0940 describes a remote code execution vulnerability in the CAPICOM Certificates ActiveX control (CAPICOM.dll) used by Microsoft CAPICOM and BizTalk Server 2004 SP1/SP2. The flaw arises from how CAPICOM.Certificates validates inputs, enabling an attacker who entices a user to visit a cra...

Code injection

Cisco Secure Access Control Server ACS 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the...

CVE-2006-0561

Cisco Secure Access Control Server ACS 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the...

CVE-2006-0561

Cisco Secure Access Control Server ACS 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the...

PT-2002-1876 · Microsoft · Outlook Express For Mac +3

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions 98 through XP Office for Mac affected versions not specified Internet Explorer for Mac affected versions not specified Outlook Express for Mac affected versions not specified Description: The issue concerns the...