Division by zero

Overview jsrsasign is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsing path in ext/rsa.js and the BigInteger.modPowInt reduction logic in ext/jsbn.js. An attacker can force RSA public-key...

Division by zero

Overview org.webjars.npm:jsrsasign is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsing path in ext/rsa.js and the BigInteger.modPowInt reduction logic in ext/jsbn.js. An attacker can force RS...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the BigDecimal and BigInteger handling in the MessageSerializer class. An attacker can execute arbitrary code or manipulate application behavior by providing crafted serialized objects. Details...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the BigDecimal and BigInteger handling in the MessageSerializer class. An attacker can execute arbitrary code or manipulate application behavior by providing crafted serialized objects. Details...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the BigDecimal and BigInteger handling in the MessageSerializer class. An attacker can execute arbitrary code or manipulate application behavior by providing crafted serialized objects. Details...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the BigDecimal and BigInteger handling in the MessageSerializer class. An attacker can execute arbitrary code or manipulate application behavior by providing crafted serialized objects. Details...

SUSE CVE-2007-5197

Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods...

RSA PKCS#1 decryption vulnerability with prepending zeros in jsrsasign

Impact Jsrsasign supports RSA PKCS1 v1.5 i.e. RSAES-PKCS1-v15 and RSA-OAEP encryption and decryption. Its encrypted message is represented as BigInteger. When there is a valid encrypted message, a crafted message with prepending zeros can be decrypted by this vulnerability. - If you don't use RSA...

RSA-PSS signature validation vulnerability by prepending zeros in jsrsasign

Impact Jsrsasign can verify RSA-PSS signature which value can expressed as BigInteger. When there is a valid RSA-PSS signature value, this vulnerability is also accept value with prepending zeros as a valid signature. - If you are not use RSA-PSS signature validation, this vulnerability is not...

Denial Of Service (DoS)

crypto/dsa in github.com/golang/go is vulnerable to denial of service DoS attacks. These attacks are possible due to a flaw in the Verify function in crypto/dsa/dsa.go. It doesn't properly check parameters passed to the big integer library. This flaw can be exploited through a a public key given ...

Ubuntu Update for mono vulnerability USN-553-1

Ubuntu Update for Linux kernel vulnerabilities USN-553-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN5531.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for mono vulnerability USN-553-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

Gentoo Security Advisory GLSA 200711-10 (mono)

The remote host is missing updates announced in advisory GLSA 200711-10. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200711-10 (mono)

The remote host is missing updates announced in advisory GLSA 200711-10. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 1397-1 (mono)

The remote host is missing an update to mono announced via advisory DSA 1397-1. OpenVAS Vulnerability Test $Id: deb13971.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1397-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian: Security Advisory (DSA-1397-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SuSE 10 Security Update : Mono (ZYPP Patch Number 4453)

This update fixes a buffer overflow in Mono's BigInteger implementation. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid29389; scriptversion"1.17";...

Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : mono vulnerability (USN-553-1)

It was discovered that Mono did not correctly bounds check certain BigInteger actions. Remote attackers could exploit this to crash a Mono application or possibly execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly...

USN-553-1: Mono vulnerability

It was discovered that Mono did not correctly bounds check certain BigInteger actions. Remote attackers could exploit this to crash a Mono application or possibly execute arbitrary code with user privileges...

Fedora 7 : mono-1.2.3-5.fc7 (2007-3130)

A buffer overflow in the Mono.Math.BigInteger class in Mono allows attackers to execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much a...

Mono System.Math BigInteger整数溢出漏洞

BUGTRAQ ID: 26279 CVECAN ID: CVE-2007-5197 Mono是基于.NET框架的开源开发平台，允许开发人员构建Linux和跨平台的应用。 Mono的Mono.Math.BigInteger类在实现BigInteger数据类型时存在整数溢出漏洞，允许本地攻击者执行任意指令。 Mono Mono 2.0 Mono Mono 1.x 厂商补丁： Debian ------ Debian已经为此发布了一个安全公告（DSA-1397-1）以及相应补丁: DSA-1397-1：New mono packages fix integer overflow...