378 matches found
DEBIAN-CVE-2021-30472
A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value...
UBUNTU-CVE-2021-30472
A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value...
PT-2021-18746 · Podofo +2 · Podofo +2
Name of the Vulnerable Software and Affected Versions: PoDoFo version 0.9.7 Description: A flaw was found in the PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp, which allows for a stack-based buffer overflow due to an improper check of the keyLength value. Recommendations: For PoDo...
RSA signature validation vulnerability
Overview Impact Vulnerable versions of jsrsasign will accept RSA signature with improper PKCS1.5 padding. Decoded RSA signature value consists following form: 01ff...8 or more ffs...ff00ASN.1 OF DigestInfo Its byte length shall be the same as RSA key length however such checking was not sufficien...
SUSE: Security Advisory (SUSE-SU-2019:2648-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2021-3955 · Unknown +2 · Mysql Server +3
Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.35.2 Description: An issue was discovered in the Oauth extension for MediaWiki. The problem lies in MWOAuthConsumerSubmitControl.php, which does not ensure that the length of an RSA key will fit in a MySQL blob...
USN-4770-1 glusterfs vulnerabilities
It was discovered that GlusterFS incorrectly handled network requests. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM. CVE-2014-3619 It was discovered that GlusterFS incorrectly handled user permissions. An authenticated attacker...
CVE-2020-11269
Possible memory corruption while processing EAPOL frames due to lack of validation of key length before using it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,...
CVE-2020-11269
CVE-2020-11269 is a memory corruption issue described as occurring while processing EAPOL frames due to insufficient validation of key length in Qualcomm Snapdragon families (Auto, Compute, Connectivity, and related Snapdragon components). The initial entry lists a high severity (CVSS v3.1 base 8...
Qualcomm Qualcomm Wlan Firmware Buffer Error Vulnerability
Qualcomm Wlan Firmware is a Bluetooth support firmware from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm WLAN Firmware that originates from an out-of-bounds read if the EAPOL key length is less than expected when processing NAN shared key descriptor attributes. The...
CVE-2020-26550
An issue was discovered in Aviatrix Controller before R5.3.1151. An encrypted file containing credentials to unrelated systems is protected by a three-character key...
CVE-2020-5938
On BIG-IP 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when negotiating IPSec tunnels with configured, authenticated peers, the peer may negotiate a different key length than the BIG-IP configuration would otherwise allow...
CVE-2020-5938
On BIG-IP 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when negotiating IPSec tunnels with configured, authenticated peers, the peer may negotiate a different key length than the BIG-IP configuration would otherwise allow...
CVE-2020-11488
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which software does not validate the RSA 1024 public key used to verify the firmware signature, which may lead t...
F5 Networks BIG-IP : F5 IPsec vulnerability (K76610106)
The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.0. It is, therefore, affected by a vulnerability as referenced in the K76610106 advisory. When negotiating IPsec tunnels with configured, authenticated peers, the peer may negotiate a different key length than the...
Code injection
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2 and BIG-IQ versions 5.2.0-7.0.0, the host OpenSSH servers utilize keys of less than 2048 bits which are no longer considered secure...
FreeBSD Buffer Overflow Vulnerability (CNVD-2020-32360)
FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. A buffer overflow vulnerability exists in the cryptodev module in FreeBSD versions prior to 12.1-STABLE r356911 and prior to 12.1-RELEASE p5, which stems from a program that fails to adequately validate the length of a...
FreeBSD : FreeBSD -- Insufficient cryptodev MAC key length check (0bfcae0b-947f-11ea-92ab-00163e433440)
Requests to create cryptography sessions using a MAC did not validate the user-supplied MAC key length. The cryptodev module allocates a buffer whose size is this user-suppled length. Impact : An unprivileged process can trigger a kernel panic. C Tenable Network Security, Inc. The descriptive tex...
CVE-2019-18863
A key length vulnerability in the implementation of the SRTP 128-bit key on Mitel 6800 and 6900 SIP series phones, versions 5.1.0.2051 SP2 and earlier, could allow an attacker to launch a man-in-the-middle attack when SRTP is used in a call. A successful exploit may allow the attacker to intercep...
CVE-2019-18863
A key length vulnerability in the implementation of the SRTP 128-bit key on Mitel 6800 and 6900 SIP series phones, versions 5.1.0.2051 SP2 and earlier, could allow an attacker to launch a man-in-the-middle attack when SRTP is used in a call. A successful exploit may allow the attacker to intercep...