UBUNTU-CVE-2021-24119

In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level administrator attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single...

UBUNTU-CVE-2021-24116

In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level administrator attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped,...

Code injection

In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level administrator attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single...

CVE-2021-24117

CVE-2021-24117 affects Apache Teaclave Rust SGX SDK 1.1.3 and is caused by a side-channel vulnerability in base64 PEM file decoding that can be exploited in isolated environments running on Intel SGX. This allows system-level attackers to glean information about secret RSA keys via a controlled-c...

CVE-2021-24116

In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level administrator attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped,...

CVE-2021-24116

CVE-2021-24116 affects wolfSSL up to version 4.6.0, where a side-channel vulnerability in the base64 PEM file decoding path may allow system-level (administrator) attackers to glean information about secret RSA keys. The issue is described as a controlled-channel/side-channel attack that can oper...

CVE-2021-24116

In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level administrator attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped,...

Trusted Firmware M 安全漏洞

ARM Trusted Firmware M TFM is an open source software from ARM UK. It provides a set of highly configurable software components to create a trusted execution environment. A security vulnerability exists in Trusted Firmware Mbed TLS that stems from a side-channel vulnerability in base64 PEM file...

Baidu Rust SGX SDK 安全漏洞

Baidu Rust SGX SDK is a Rust language development kit for Intel SGX Trusted Computing Platform from Baidu, China. Baidu Rust SGX SDK suffers from a security vulnerability, which originates from a side-channel vulnerability in base64 PEM file decoding in Rust SGX 1.1.3. An attacker can exploit the...

wolfSSL 安全漏洞

Wolfssl CyaSSL is a small, portable embedded SSL programming library for use by embedded systems developers from Wolfssl, Inc. in the United States. A security vulnerability exists in wolfSSL due to an observable timing difference in base64 PEM decoding. A local user could gain access to sensitiv...

Updated botan2 packages fix security vulnerability

Updated botan2 packages fix security vulnerability: In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations base32, base58, base64, and hex CVE-2021-24115...

SUSE-SU-2021:2180-1 Security update for libsolv

This update for libsolv fixes the following issues: Security issues fixed: - CVE-2019-20387: Fixed heap-buffer-overflow in repodataschema2id bsc1161510 - CVE-2021-3200: testcaseread: error out if repos are added or the system is changed too late bsc1186229 Other issues fixed: - backport support f...

SUSE-SU-2021:2145-1 Security update for libsolv

This update for libsolv fixes the following issues: Security issues fixed: - CVE-2019-20387: Fixed heap-buffer-overflow in repodataschema2id bsc1161510 - CVE-2021-3200: testcaseread: error out if repos are added or the system is changed too late bsc1186229 Other issues fixed: - backport support f...

openvswitch: use-after-free in decode_NXAST_RAW_ENCAP during the decoding of a RAW_ENCAP action

Open vSwitch aka openvswitch has a use-after-free in decodeNXASTRAWENCAP called from ofpactdecode and ofpactsdecode during the decoding of a RAWENCAP action...

SUSE SLES15 Security Update : spice (SUSE-SU-2021:1956-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:1956-1 advisory. - Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before...

SUSE-SU-2021:1956-1 Security update for spice

This update for spice fixes the following issues: - CVE-2021-20201: client initiated renegotiation causing denial of service bsc1181686 - CVE-2020-14355: Fixed multiple buffer overflow vulnerabilities in QUIC decoding code bsc1177158...

GHSA-GWCR-J4WH-J3CQ Jetty Utility Servlets ConcatServlet Double Decoding Information Disclosure Vulnerability

Requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory. For example a request to the ConcatServlet with a URI of /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the...

Jetty Utility Servlets ConcatServlet Double Decoding Information Disclosure Vulnerability

Requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory. For example a request to the ConcatServlet with a URI of /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the...

SUSE-SU-2021:1940-1 Security update for python-Pillow

This update for python-Pillow fixes the following issues: - CVE-2021-25290: Fixed a negative-offset memcpy with an invalid size in TiffDecode.c bsc1183105. - CVE-2021-27922,CVE-2021-27923: Fixed improper reported size of a contained image bsc1183108,bsc1183107 - CVE-2020-35653: Fixed buffer...

SUSE-SU-2021:1928-1 Security update for spice-gtk

This update for spice-gtk fixes the following issues: - CVE-2020-14355: Fixed multiple buffer overflow vulnerabilities in QUIC decoding code bsc1177158...