5 matches found
Missing Cryptographic Step
Overview jsrsasign is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be...
Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl
Impact EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password serverSecretKey using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted from limited state/seed information e.g., start time window, substantially...
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2025-1432)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2020-0053 Updated mbedtls packages fix security vulnerabilities
This update from mbedTLS 2.16.2 to mbedTLS 2.16.4 fixes several security vulnerabilities, among which: The deterministic ECDSA calculation reused the scheme's HMAC-DRBG to implement blinding. Because of this for the same key and message the same blinding value was generated. This reduced the...
[Full-Disclosure] Unreal ircd 3.2 clocking subsystem vulnerability
Software name: Unreal ircd Vulnerable versions: 3.2 and probably previous versions Problem nature: Information disclosure Summary: Unreal ircd is a popular irc server. One of the features it provides is called 'ip cloaking'. The purpose of this system is to prevent hostile irc users from getting...