Lucene search
K

60 matches found

Mageia
Mageia
added 2025/11/15 7:11 a.m.43 views

Updated botan2 packages fix security vulnerability

Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 used in Chacha-Poly1305 and x25519. An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS, and GCC on x86-i38...

5.9CVSS6.2AI score0.00542EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2025/10/15 1:23 a.m.4 views

CVE-2018-25117

VestaCP commit a3f0fa1 2018-05-31 up to commit ee03eff 2018-06-13 contain embedded malicious code that resulted in a supply-chain compromise. New installations created from the compromised installer since at least May 2018 were subject to installation of Linux/ChachaDDoS, a multi-stage DDoS bot...

9.3CVSS5.8AI score0.00402EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.20 views

EUVD-2021-1796

Malware in sbrugna...

9.8CVSS9AI score0.01515EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2024/10/25 3:5 a.m.4 views

SUSE CVE-2024-50383

Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 used in Chacha-Poly1305 and x25519. An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS, and GCC on x86-i38...

5.5CVSS6.9AI score0.00542EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2024/10/24 3:57 p.m.20 views

CVE-2024-50383

Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 used in Chacha-Poly1305 and x25519. An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS, and GCC on x86-i38...

5.9CVSS7.2AI score0.00542EPSS
Exploits1References7
OSV
OSV
added 2024/10/23 5:15 p.m.8 views

AZL-51701 CVE-2024-50383 affecting package botan2 2.14.0-2

Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 used in Chacha-Poly1305 and x25519. An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS, and GCC on x86-i38...

5.9CVSS5.8AI score0.00542EPSS
Exploits1References1
NVD
NVD
added 2024/10/23 5:15 p.m.39 views

CVE-2024-50383

Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 used in Chacha-Poly1305 and x25519. An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS, and GCC on x86-i38...

5.9CVSS0.00542EPSS
Exploits1References4
OSV
OSV
added 2024/10/23 5:15 p.m.2 views

UBUNTU-CVE-2024-50383

Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 used in Chacha-Poly1305 and x25519. An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS, and GCC on x86-i38...

5.9CVSS6.3AI score0.00542EPSS
Exploits1References6
Cvelist
Cvelist
added 2024/10/23 12:0 a.m.39 views

CVE-2024-50383

Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 used in Chacha-Poly1305 and x25519. An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS, and GCC on x86-i38...

0.00542EPSS
Exploits1References4
OSV
OSV
added 2024/10/23 12:0 a.m.20 views

CVE-2024-50383

Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 used in Chacha-Poly1305 and x25519. An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS, and GCC on x86-i38...

5.9CVSS6.8AI score0.00542EPSS
Exploits1References6
CVE
CVE
added 2024/10/23 12:0 a.m.84 views

CVE-2024-50383

Botan before 3.6.0 is affected by CVE-2024-50383 due to a compiler-induced secret-dependent operation in donna128.h (donna128) used by ChaCha-Poly1305 and x25519. The issue was observed with GCC 11.3.0 -O2 on MIPS and GCC on x86-32 (only 32-bit processors). Reports in Mageia/openSUSE/Ubutnu advis...

5.9CVSS7AI score0.00542EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/23 12:0 a.m.16 views

CVE-2024-50383

Botan before 3.6.0, when certain GCC versions are used, has a compiler-induced secret-dependent operation in lib/utils/donna128.h in donna128 used in Chacha-Poly1305 and x25519. An addition can be skipped if a carry is not set. This was observed for GCC 11.3.0 with -O2 on MIPS, and GCC on x86-i38...

6.9AI score0.00542EPSS
Exploits1References4
OSV
OSV
added 2024/06/21 11:8 a.m.3 views

OESA-2024-1744 mysql security update

The MySQLTM software delivers a very fast, multi-threaded, multi-user, and robust SQL Structured Query Language database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of Oracle and/or...

6.5CVSS6.6AI score0.02323EPSS
Exploits0References41
OSV
OSV
added 2024/05/10 11:7 a.m.4 views

OESA-2024-1559 mysql security update

The MySQLTM software delivers a very fast, multi-threaded, multi-user, and robust SQL Structured Query Language database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of Oracle and/or...

6.5CVSS6.6AI score0.02323EPSS
Exploits0References40
OSV
OSV
added 2024/01/09 5:15 p.m.6 views

AZL-78582 CVE-2023-6129 affecting package openssl-fips-provider 3.1.2-1

Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC...

6.5CVSS6.8AI score0.02323EPSS
Exploits0References1
OSV
OSV
added 2024/01/09 5:15 p.m.7 views

AZL-35044 CVE-2023-6129 affecting package nodejs for versions less than 20.14.0-1

Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC...

6.5CVSS6.8AI score0.02323EPSS
Exploits0References1
OSV
OSV
added 2024/01/09 5:15 p.m.4 views

AZL-35085 CVE-2023-6129 affecting package openssl for versions less than 3.3.0-1

Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC...

6.5CVSS6.8AI score0.02323EPSS
Exploits0References1
OSV
OSV
added 2024/01/09 5:15 p.m.2 views

DEBIAN-CVE-2023-6129

Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC...

6.5CVSS7.3AI score0.02323EPSS
Exploits0References1
OSV
OSV
added 2023/12/18 4:15 p.m.5 views

AZL-37154 CVE-2023-48795 affecting package python-paramiko 2.12.0-2

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted from the extension negotiation message, and a client and server may consequently end up with a connecti...

5.9CVSS6.9AI score0.93305EPSS
Exploits4References1
OSV
OSV
added 2023/09/08 12:15 p.m.4 views

ALPINE-CVE-2023-4807

Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X8664 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses...

7.8CVSS7.4AI score0.00862EPSS
Exploits0References1
Rows per page
Query Builder