Duplicate Advisory: EVE Doesn't Measure Config Partition From 2 Fronts

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-phcg-h58r-gmcq. This link is maintained to preserve external references. Original Description PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was implemented in comm...

PT-2023-28891

Name of the Vulnerable Software and Affected Versions EVE OS affected versions not specified Description The measured boot solution in EVE OS uses a PCR locking mechanism to protect the "vault" directory, which is the most sensitive point in the system. However, the key used to encrypt/decrypt th...

Access Restriction Bypass

Overview Affected versions of this package are vulnerable to Access Restriction Bypass during attempted authentication by a TLS 1.3 client to a TLS 1.3 server, certificate validation may be bypassed when the sigalgo field differs between the certificateverify message and the certificate message...

DEBIAN-CVE-2022-25638

In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sigalgo field differs between the certificateverify message and the certificate message...

wolfSSL 信任管理问题漏洞

Wolfssl CyaSSL is a small, portable embedded SSL programming library for use by embedded systems developers from Wolfssl, Inc. in the United States. A security vulnerability exists in wolfSSL versions prior to 5.2.0, which stems from an application attempting to authenticate a TLS 1.3 client to a...

GHSA-P9CM-R7JG-8Q3G Incorrect signature verification in SimpleSAMLphp

Background An incorrect check of return values in the signature validation utilities allows an attacker to get invalid signatures accepted as valid by forcing an error during validation. Description The SimpleSAMLXMLValidator class allows the verification of the XML digital signature of a SAML 1...

UBUNTU-CVE-2015-9258

In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might for example be able to forge a signature by forcing a misinterpretation of an RSA-PSS key as Ed2551...

USN-3189-1 linux, linux-raspi2, linux-snapdragon vulnerabilities

Mikulas Patocka discovered that the asynchronous multibuffer cryptographic daemon mcryptd in the Linux kernel did not properly handle being invoked with incompatible algorithms. A local attacker could use this to cause a denial of service system crash. CVE-2016-10147 Qidan He discovered that the...

UBUNTU-CVE-2016-10147

crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users to cause a denial of service NULL pointer dereference and system crash by using an AFALG socket with an incompatible algorithm, as demonstrated by mcryptdmd5...

MGASA-2015-0322 Updated gnutls packages fix security vulnerabilities

It was reported that GnuTLS does not check whether the two signature algorithms match on certificate import CVE-2015-0294. Kurt Roeckx discovered that decoding a specific certificate with very long DistinguishedName DN entries leads to double free. A remote attacker can take advantage of this fla...

CVE-2013-0176

The CVE-2013-0176 issue affects libssh prior to 0.5.4, where the publickey_from_privatekey function can trigger a NULL pointer dereference and crash when no algorithm is matched during Diffie-Hellman negotiation, allowing a remote denial of service. Several connected advisories confirm the vulner...