Integer overflow

In the function csrupdatefilsparamsrso, insufficient validation on a key length can result in an integer underflow leading to a buffer overflow in all Android releases from CAF Android for MSM, Firefox OS for MSM, QRD Android using the Linux Kernel...

CVE-2016-1000346

In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are...

Type confusion

In PyJWT 1.5.0 and below the invalidstrings check in HMACAlgorithm.preparekey does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string -----BEGIN RSA PUBLIC KEY----- which is not accounted for. This enable...

USN-3301-1 strongswan vulnerabilities

It was discovered that the strongSwan gmp plugin incorrectly validated RSA public keys. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service. CVE-2017-9022 It was discovered that strongSwan incorrectly parsed ASN.1 CHOICE types. A remote attacker...

UBUNTU-CVE-2017-9022

The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpzpowmsec, which allows remote peers to cause a denial of service floating point exception and process crash via a crafted certificate...

go-jose encryption issue vulnerability

go-jose is a standard method for implementing JavaScript object signing and encryption . A cryptographic issue vulnerability exists in go-jose that stems from the program failing to validate the cryptographic public key. An attacker can exploit this vulnerability to break the curve encryption...

CVE-2016-4927

Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle MITM type of attacks while a Space device is communicating with managed devices...

Partial Key Validation

bouncycastle is vulnerable to partial key validation. The library doesn't fully validate the other parties' Diffie-Hellman key, meaning that invalid keys can reveal information about the other parties' private key when static Diffie-Hellman is used...

Juniper Junos Space Man-in-the-Middle Attack Vulnerability

Juniper Junos Space is a network management solution from Juniper Networks. The solution supports automated configuration, monitoring and troubleshooting of devices and services throughout their lifecycle. A security vulnerability exists in Juniper Junos Space versions prior to 15.2R2, which aris...

Cisco Application Policy Infrastructure Controller Elevation of Privilege Vulnerability

Cisco Application Policy Infrastructure Controller devices are an application-centric infrastructure ACI controller product. Cisco Application Policy Infrastructure Controller devices do not properly validate SSH keys added to accounts by local users, allowing a local attacker to exploit the...

OpenJDK: insufficient Diffie-Hellman public key validation (Security, 8037162)

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to "Diffie-Hellman key agreement."...

UBUNTU-CVE-2015-1432

The messageoptions function in includes/ucp/ucppmoptions.php in phpBB before 3.0.13 does not properly validate the form key, which allows remote attackers to conduct CSRF attacks and change the full folder setting via unspecified vectors...

OpenJDK: insufficient Diffie-Hellman public key validation (Security, 8037162)

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to "Diffie-Hellman key agreement."...

OpenJDK: insufficient Diffie-Hellman public key validation (Security, 8037162)

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to "Diffie-Hellman key agreement."...

OpenJDK: insufficient Diffie-Hellman public key validation (Security, 8037162)

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to "Diffie-Hellman key agreement."...

OpenJDK: insufficient Diffie-Hellman public key validation (Security, 8037162)

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to "Diffie-Hellman key agreement."...

SeaMonkey Multiple Vulnerabilities-01 (Mar 2014) - Mac OS X

SeaMonkey is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:seamonkey"; ifdescription...

Mozilla Firefox Multiple Vulnerabilities-01 (Mar 2014) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

CVE-2014-1498

The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service application crash via vectors that trigger generation of a key that supports the Elliptic Curve...

CVE-2014-1498

CVE-2014-1498 : The vulnerability affects Mozilla Firefox before 28.0 and SeaMonkey before 2.25, where crypto.generateCRMFRequest fails to validate a specific key type. This can cause remote crashes/DoS via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algo...