EulerOS Virtualization 2.10.1 : openssl (EulerOS-SA-2024-1366)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very...

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1392)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

BIT-NODE-2023-30590

The generateKeys API function returned from crypto.createDiffieHellman only generates missing or outdated keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey. However, the...

openSUSE: Security Advisory for nodejs12 (SUSE-SU-2023:3455-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Saflok - Key Derication Function Exploit

// Exploit Title: Saflok KDF // Exploit Author: a51199deefa2c2520cea24f746d899ce // Vendor Homepage: https://www.dormakaba.com/ // Version: System 6000 // Tested on: Dormakaba Saflok cards // CVE: N/A include include define MAGICTABLESIZE 192 define KEYLENGTH 6 define UIDLENGTH 4 int mainint argc...

Insufficiently Random Values

dfinity/auth-client and dfinity/identity are vulnerable to insecure key generation. The vulnerability is due to the Ed25519KeyIdentity.generate function as it uses an insecure seed for key pair generation when no seed value is provided. This flaw breaks the guarantee of secure randomness and can...

CVE-2024-1631

Impact: The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using...

GHSA-C9VV-FHGV-CJC3 agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate`

Impact The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using...

agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate`

Impact The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using...

CVE-2024-1631 agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate`

Impact: The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using...

PT-2024-18179

Name of the Vulnerable Software and Affected Versions @dfinity/identity versions prior to 1.0.1 Description The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret...

EulerOS 2.0 SP5 : shim-signed (EulerOS-SA-2024-1165)

According to the versions of the shim-signed package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact...

EulerOS 2.0 SP11 : openssl (EulerOS-SA-2024-1109)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact...

GHSA-WJ6H-64FC-37MP Minerva timing attack on P-256 in python-ecdsa

python-ecdsa has been found to be subject to a Minerva timing attack on the P-256 curve. Using the ecdsa.SigningKey.signdigest API function and timing signatures an attacker can leak the internal nonce which may allow for private key discovery. Both ECDSA signatures, key generation, and ECDH...

Minerva timing attack on P-256 in python-ecdsa

python-ecdsa has been found to be subject to a Minerva timing attack on the P-256 curve. Using the ecdsa.SigningKey.signdigest API function and timing signatures an attacker can leak the internal nonce which may allow for private key discovery. Both ECDSA signatures, key generation, and ECDH...

EulerOS 2.0 SP10 : shim (EulerOS-SA-2024-1074)

According to the versions of the shim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary...

OpenSC: multiple memory issues with pkcs15-init (enrollment tool)

Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a...

Oracle Linux 8 : opensc (ELSA-2023-7876)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-7876 advisory. - Fix CVE-2023-40660: Potential PIN bypass - Fix CVE-2023-40661: Dynamic analyzers reports in pkcs15init Tenable has extracted the preceding descriptio...

Medium: openssl

Issue Overview: Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHgeneratekey to generate an X9.42 DH key may experience long delays. Likewise, applications that...

Insufficient Entropy

pubnub is vulnerable to Insufficient Entropy. The vulnerability is caused by the getKey function in web.js which uses an inefficient key derivation method for AES-256-CBC encryption, resulting in a reduced key space due to hex encoding and trimming. This leaves half of the bits in the encryption...