EUVD-2017-7315

Malware in sbrugna...

uTLS ServerHellos are accepted without checking TLS 1.3 downgrade canaries

Description Before version 1.7.0, utls did not implement the TLS 1.3 downgrade protection mechanism specified in RFC 8446 Section 4.1.3 when using a utls ClientHello spec. This allowed an active network adversary to downgrade TLS 1.3 connections initiated by a utls client to a lower TLS version...

Side Channel Attack

libmbedtls.so is vulnerable to Side Channel Attack. The vulnerability is due to a miscalculation in a countermeasure to the Lucky 13 attack, allowing an active network attacker to partially recover plaintext of messages under specific conditions by exploiting timing measurements...

MGASA-2020-0293 Updated mbedtls packages fix security vulnerability

Updated mbedtls packages fix security vulnerabilities Fix a side channel vulnerability in modular exponentiation that could reveal an RSA private key used in a secure enclave. Fix side channel in mbedtlsecpcheckpubpriv and mbedtlspkparsekey / mbedtlspkparsekeyfile when loading a private key that...

McAfee Security Scan Plus - Remote Command Execution

Vulnerability Summary The following advisory describes a Remote Code Execution found in McAfee Security Scan Plus. An active network attacker could launch a man-in-the-middle attack on a plaintext-HTTP response to a client to run any residing executables with privileges of a logged in user. McAfe...