CVE-2018-8319

A Security Feature Bypass vulnerability exists in MSR JavaScript Cryptography Library that is caused by incorrect arithmetic computations, aka "MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability." This affects Microsoft Research JavaScript Cryptography Library...

CVE-2018-8319

A Security Feature Bypass vulnerability exists in MSR JavaScript Cryptography Library that is caused by incorrect arithmetic computations, aka "MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability." This affects Microsoft Research JavaScript Cryptography Library...

CVE-2018-8319

CVE-2018-8319 concerns MSR JavaScript Cryptography Library (msrcrypto). Affects the library’s Elliptic Curve Cryptography (ECC) implementation, where multiple bugs in ECC could allow an attacker to glean information about a server’s private ECC key (key leakage) or craft invalid ECDSA signatures ...

PYSEC-2018-89

mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002...

UBUNTU-CVE-2018-13347

mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002...

CVE-2018-13231

The sell function of a smart contract implementation for ENTER ENTR Contract Name: EnterToken, an Ethereum token, has an integer overflow in which "amount sellPrice" can be zero, consequently reducing a seller's assets...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Systems Director Platform Agent

Summary There are multiple vulnerabilities in OpenSSL that is used by IBM Systems DirectorISD Platform Agent. These OpenSSL vulnerabilities were disclosed in September 2016 and October 2016 by the OpenSSL Project. Vulnerability Details CVEID: CVE-2016-2182 DESCRIPTION: OpenSSL is vulnerable to a...

Security Bulletin: Open Source zlib Vulnerabilities in IBM eDiscovery Manager

Summary zlib is vulnerable to a denial of service, caused by an out-of-bounds pointer arithmetic in inftrees.c. By persuading a victim to open a specially crafted document, a remote attacker could exploit this vulnerability to cause a denial of service. Vulnerability Details CVEID: CVE-2016-9840...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Tealeaf Customer Experience

Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Tealeaf Customer Experience. IBM Tealeaf Customer Experience has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-6304 DESCRIPTION: OpenSSL is vulnerable ...

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Image Construction and Composition Tool.

Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Image Construction and Composition Tool. IBM Image Construction and Composition Tool has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-6302 DESCRIPTION...

Out-of-bounds

An exploitable out of bounds write vulnerability exists in the parsing of ELF Section Headers of Hopper Disassembler 3.11.20. A specially crafted ELF file can cause attacker controlled pointer arithmetic resulting in a partially controlled out of bounds write. An attacker can craft an ELF file wi...

CVE-2016-8390

CVE-2016-8390 concerns Hopper Disassembler 3.11.20, where the ELF Section Headers parsing has an out-of-bounds write due to attacker-controlled data in the section header table. Multiple connected sources describe a vulnerability in ELF parsing that can cause memory corruption via a crafted ELF f...

The vulnerability of the ext4_xattr_checkEntries function in the Linux operating system’s kernel allows a hacker to cause a service failure.

The vulnerability of the ext4xattrcheckEntries function fs/ext4/xattr.c in the Linux kernel is related to a pointer arithmetic error. Exploitation of this vulnerability could allow an attacker, operating remotely, to cause service failures by manipulating a specially crafted version of the ext4...

The vulnerability of the Qualcomm GNSS API component in the Android operating system allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Qualcomm GNSS API in the Android operating system is related to errors in pointer arithmetic. Exploiting this vulnerability could allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the Qualcomm operating system Android allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Android operating system is related to an error in pointer arithmetic when establishing SSL connections. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the Qualcomm Qurt API component in the Android operating system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Qualcomm Qurt API in the Android operating system arises due to a mistake in pointer arithmetic for the zero pointer. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the `stub_send_ret_submit` function in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the stubsendretsubmit function in the Linux kernel’s drivers/usb/usbip/stubtx.c file is related to errors in pointer arithmetic. Exploiting this vulnerability could allow a malicious actor to cause service failures using a specially crafted USBIP package...

Design/Logic Flaw

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when processing a clip with large size values, integer arithmetic overflows, and allocated buffer size will be less than intended buffer size. The following buffer operations will...

CVE-2016-10393

CVE-2016-10393 describes an integer-overflow in Android for MSM, Firefox OS for MSM, and QRD Android builds (CAF Linux kernel) when processing oversized clips. This causes the allocated buffer to be smaller than needed, enabling potential buffer overflow during subsequent operations. The vulnerab...

openSUSE Security Update : openssl-steam (openSUSE-2018-168)

This update for openssl-steam fixes the following issues : - Merged changes from upstream openssl Factory rev 137 into this fork for Steam. Updated to openssl 1.0.2k : - CVE-2016-7055: Montgomery multiplication may produce incorrect results boo1009528 - CVE-2016-7056: ECSDA P-256 timing attack ke...