Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-7028-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7028-1 advisory. It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local...

Ubuntu: Security Advisory (USN-7022-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7022-1 linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - Modular ISDN driver; - MMC subsystem; - SCSI drivers; - F2FS file system; - GFS2 file system; -...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-7022-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7022-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update...

CVE-2024-45678

Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack that requires physical access and expensive equipment in which an electromagnetic side channel is present because of a non-constant-time modular...

CVE-2024-45678

Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack that requires physical access and expensive equipment in which an electromagnetic side channel is present because of a non-constant-time modular...

CVE-2024-1544

Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Meaning k = r mod n. The division used during the reduction estimates a factor qe by dividing the upper two digits a digit having e....

CVE-2024-1544

Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Meaning k = r mod n. The division used during the reduction estimates a factor qe by dividing the upper two digits a digit having e....

UBUNTU-CVE-2024-1544

Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Meaning k = r mod n. The division used during the reduction estimates a factor qe by dividing the upper two digits a digit having e....

CVE-2024-1544

CVE-2024-1544 describes a bias in the ECDSA nonce generation when k is obtained as r mod n, where a control-flow dependent reduction leaks MSB bias in k. The issue can enable lattice-reduction based reconstruction of k for certain curves (e.g., SECP160R1 with about 15 bits of bias). The connected...

CVE-2024-1544 ECDSA nonce bias caused by truncation

Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Meaning k = r mod n. The division used during the reduction estimates a factor qe by dividing the upper two digits a digit having e....

CVE-2024-1544 ECDSA nonce bias caused by truncation

Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Meaning k = r mod n. The division used during the reduction estimates a factor qe by dividing the upper two digits a digit having e....

Diffie-Hellman 安全漏洞

Diffie-Hellman is a key negotiation protocol open-sourced by Diffie-Hellman. This key negotiation protocol allows Alice and Bob to exchange public key values and securely compute the shared key K based on knowledge of these values and their own corresponding private keys, enabling further secure...

CVE-2024-41996

Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers from the client side to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource...

Exploit for Improper Encoding or Escaping of Output in Apache Http_Server

CVE-2024-38473 Nuclei Template !imagehttps://github.com/us...

APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing Lure

A Russia-linked threat actor has been linked to a new campaign that employed a car for sale as a phishing lure to deliver a modular Windows backdoor called HeadLace. "The campaign likely targeted diplomats and began as early as March 2024," Palo Alto Networks Unit 42 said in a report published...

This Week in Spring - July 2nd, 2024

Hi, spring fans! Welcome to another amazing installment of This Week in Spring! In last week's installment of A Bootiful Podcast, recorded a few weeks ago at Spring IO, I talked with Spring Security legend Laur Spilca In last week's installment of Spring Tips, I looked at a number of ways you cou...

Ars0N-Framework - A Modern Framework For Bug Bounty Hunting

Howdy! My name is Harrison Richardson, or rs0n arson when I want to feel cooler than I really am. The code in this repository started as a small collection of scripts to help automate many of the common Bug Bounty hunting processes I found myself repeating. Over time, I built a simple web...

Oracle Linux 8 : python27:2.7 (ELSA-2024-2987)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2987 advisory. - Fix CVE-2021-20095 Resolves: rhbz1955615 - Fix CVE-2019-6446 - Fix CVE-2014-1858, CVE-2014-1859: 1062009, 1062359 - Security fix for CVE-2022-48560...

Fedora: Security Advisory (FEDORA-2024-9df760819c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...