CVE-2024-43065 Exposed Dangerous Method or Function in HLOS

Cryptographic issues while generating an asymmetric key pair for RKP use cases...

CVE-2024-43065

CVE-2024-43065 affects Qualcomm chipsets with cryptographic issues in the generation of asymmetric key pairs for RKP use cases. The root cause is a flaw in how key material is generated, leading to potential weaknesses in confidentiality and integrity. The CVSS base metrics indicate a high impact...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from a cryptographic issue when generating asymmetric key pairs...

Incorrect Behavior Order

Overview api-platform/core is a builds a fully-featured hypermedia or GraphQL API in minutes. Affected versions of this package are vulnerable to Incorrect Behavior Order due to the ItemNormalizer::isCacheKeySafe method. An attacker can access sensitive information by exploiting the improper cach...

USN-7340-1 openvpn vulnerabilities

It was discovered that OpenVPN did not perform proper input validation when generating a TLS key under certain configuration, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu...

[SECURITY] Fedora 41 Update: fscrypt-0.3.5-2.fc41

fscrypt is a high-level tool for the management of Linux filesystem encryptio n. This tool manages metadata, key generation, key wrapping, PAM integration, and provides a uniform interface for creating and modifying encrypted directories...

Linux Distros Unpatched Vulnerability : CVE-2023-30590

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The generateKeys API function returned from crypto.createDiffieHellman only generates missing or outdated keys, that is, it only generates a private key if none...

Linux Distros Unpatched Vulnerability : CVE-2018-0737

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cach...

Cross-site Scripting (XSS)

Leantime is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization due to the API key name allowing malicious script injection during API key generation...

CVE-2022-33264

Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message...

CVE-2024-1631

Impact: The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using...

Benchmarking RSA Key Generation

RSA key generation is both conceptually simple, and one of the worst implementation tasks of the field of cryptography engineering. Even benchmarking it is tricky, and involves some math: here’s how we generated a stable but representative “average case” instead of using the ordinary statistical...

CVE-2024-12432

The CVE-2024-12432 entry concerns the WPC Shop as a Customer for WooCommerce WordPress plugin, where the generate_key function produces a insufficiently random key, enabling authenticated attackers with Subscriber+ privileges to login as administrators via ajax_login. Affected versions go up to 1...

PT-2024-17592 · WordPress · Wpc Shop As A Customer For Woocommerce

Name of the Vulnerable Software and Affected Versions: WPC Shop as a Customer for WooCommerce plugin for WordPress versions prior to 1.2.9 Description: The issue affects the WPC Shop as a Customer for WooCommerce plugin for WordPress, allowing account takeover and privilege escalation. This is du...

BIT-NODE-MIN-2022-35255

A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource in SecretKeyGenTraits::DoKeyGen in src/crypto/cryptokeygen.cc. There are two problems with this: 1 It does not check the return value, it assumes EntropySource always succeeds, but it can a...

BIT-NODE-MIN-2023-30590

The generateKeys API function returned from crypto.createDiffieHellman only generates missing or outdated keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey. However, the...

The vulnerability of the openpgpGenerateKeyRsa() function in the personalization utility for smart cards PKCS15-INIT is a flaw in the software and library tools used to work with OpenSC smart cards. This vulnerability allows a perpetrator to circumvent security restrictions and execute arbitrary code.

The vulnerability of the openpgpGenerateKeyRsa function in the personalization utility for smart cards, part of the software and library suite for working with OpenSC smart cards, stems from an operation that occurs outside the buffer in memory during key generation. Exploiting this vulnerability...

CVE-2018-9426

In RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java, an incorrect implementation could cause weak RSA key pairs being generated. This could lead to crypto vulnerability with no additional execution privileges needed. User interaction is not needed for exploitation. Bulletin...

CVE-2018-9426

In RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java, an incorrect implementation could cause weak RSA key pairs being generated. This could lead to crypto vulnerability with no additional execution privileges needed. User interaction is not needed for exploitation. Bulletin...

PT-2024-10687 · Unknown · Rsakeypairgenerator

Name of the Vulnerable Software and Affected Versions: RSAKeyPairGenerator affected versions not specified Description: An incorrect implementation in RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java could cause the generation of weak RSA key pairs. This could lead to a cryp...