Authorization Bypass

firefox/thunderbird is vulnerable to authorization bypass. A remote attacker is able to bypass the CORS preflight protection mechanisms via duplicate cache-key generation or retrieval of a value from an incorrect HTTP Access-Control- response header...

Arbitrary Code Execution

The Network Time Protocol NTP is used to synchronize a computer's time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd's cryptorecv, ctlputdata, and configure functions. A remote attacker could use either of these flaws to send a specially crafted request...

bouncycastle: flaw in the low-level interface to RSA key pair generator

A vulnerability was found in BouncyCastle. The number of iterations of the Miller-Rabin primality test was incorrectly calculated according to FIPS 186-4 C.3. Under some circumstances, this could lead to the generation of weak RSA key pairs...

Design/Logic Flaw

A vulnerability in generatefilestoragekey of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2...

EulerOS Virtualization 2.5.3 : openssl (EulerOS-SA-2019-1164)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result ...

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments: Data Protection for VMware (CVE-2018-0737, CVE-2018-0732)

Summary OpenSSL vulnerabilities were disclosed on April 16, 2018 and June 16, 2018 by the OpenSSL Project. OpenSSL, used by the IBM Spectrum Protect formerly Tivoli Storage Manager Backup-Archive Client and IBM Spectrum Protect for Virtual Environments formerly Tivoli Storage Manager for Virtual...

Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM Spectrum Protect Backup-Archive Client NetApp Services (CVE-2018-0737, CVE-2018-0732, CVE-2018-0734)

Summary OpenSSL vulnerabilities were disclosed on April 16, 2018, June 16, 2018. and October 30, 2018 by the OpenSSL Project. OpenSSL, used by the IBM Spectrum Protect formerly Tivoli Storage Manager Backup-Archive Client for network connections with NetApp services, has addressed the applicable...

Palo Alto Networks PAN-OS 6.1.x <= 6.1.20 / 7.1.x < 7.1.21 / 8.0.x < 8.0.14 / 8.1.x < 8.1.4 Multiple Vulnerabilities (PAN-SA-2018-0015)

The version of Palo Alto Networks PAN-OS running on the remote host is 6.1.x including 6.1.20 or 7.1.x prior to 7.1.21 or 8.0.x prior to 8.0.14 or 8.1.x prior to 8.1.4. It is, therefore, affected by multiple vulnerabilities : - A denial of service DoS vulnerability that exists in OpenSSL due to...

CVE-2019-7167

Zcash, before the Sapling network upgrade 2018-10-28, had a counterfeiting vulnerability. A key-generation process, during evaluation of polynomials related to a to-be-proven statement, produced certain bypass elements. Availability of these elements allowed a cheating prover to bypass a...

Design/Logic Flaw

Zcash, before the Sapling network upgrade 2018-10-28, had a counterfeiting vulnerability. A key-generation process, during evaluation of polynomials related to a to-be-proven statement, produced certain bypass elements. Availability of these elements allowed a cheating prover to bypass a...

CVE-2019-7167

Zcash, before the Sapling network upgrade 2018-10-28, had a counterfeiting vulnerability. A key-generation process, during evaluation of polynomials related to a to-be-proven statement, produced certain bypass elements. Availability of these elements allowed a cheating prover to bypass a...

CVE-2019-7167

CVE-2019-7167 concerns Zcash prior to the Sapling upgrade (2018-10-28), where a flaw in the key-generation process during polynomial evaluation allowed bypass elements to defeat a consistency check. This could enable a cheating prover to transform a proof of one statement into a seemingly valid p...

PT-2019-18447

Name of the Vulnerable Software and Affected Versions Zcash versions before the Sapling network upgrade 2018-10-28 Description The issue concerns a counterfeiting vulnerability in the key-generation process related to polynomial evaluation for a to-be-proven statement. This allowed a cheating...

openssl security update

1.0.2k-16.0.1.el76.1 - Bump release for rebuild. 1.0.2k-16.1 - use SHA-256 in FIPS RSA pairwise key check - fix CVE-2018-5407 - EC signature local timing side-channel key extraction 1.0.2k-16 - fix CVE-2018-0495 - ROHNP - Key Extraction Side Channel on DSA, ECDSA - fix incorrect error message on...

CVE-2018-20187

A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to derive information about the high bits of the secret key, as the function to derive the public point from the secret scalar uses an unblinded...

Design/Logic Flaw

A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to derive information about the high bits of the secret key, as the function to derive the public point from the secret scalar uses an unblinded...

CVE-2018-20187

A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to derive information about the high bits of the secret key, as the function to derive the public point from the secret scalar uses an unblinded...

CVE-2018-20187

A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to derive information about the high bits of the secret key, as the function to derive the public point from the secret scalar uses an unblinded...

ALPINE-CVE-2018-20187

A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to derive information about the high bits of the secret key, as the function to derive the public point from the secret scalar uses an unblinded...

DEBIAN-CVE-2018-20187

A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to derive information about the high bits of the secret key, as the function to derive the public point from the secret scalar uses an unblinded...