openSUSE Security Update : Botan (openSUSE-2021-765)

This update for Botan fixes the following issues : - CVE-2021-24115 In Botan before 2.17.3, or this backport, constant-time computations are not used for certain decoding and encoding operations boo1182670 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package check...

Security update for Botan (important)

openSUSE Security Update: Security update for Botan Announcement ID: openSUSE-SU-2021:0794-1 Rating: important References: 1182670 Cross-References: CVE-2021-24115 CVSS scores: CVE-2021-24115 NVD : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-24115 SUSE: 9.8...

CVE-2021-24115

In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations base32, base58, base64, and hex...

CVE-2021-24115

In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations base32, base58, base64, and hex...

CVE-2021-24115

In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations base32, base58, base64, and hex...

CVE-2021-24115

CVE-2021-24115 affects Botan prior to 2.17.3, where constant-time computations are not applied to certain decoding/encoding operations (base32, base58, base64, and hex). The vulnerability is in the crypto/encoding paths of Botan; impact is shown as high to critical in CVSS data (NVD: 7.5/3.1 v3.1...

Security Vulnerabilities fixed in Firefox 85.0.1 and Firefox ESR 78.7.1 — Mozilla

In the Angle graphics library, depth pitch computations did not take into account the block size and simply multiplied the row pitch with the pixel height. This caused the load functions to use a very high depth pitch, reading past the end of the user-supplied buffer.Note: This issue only affecte...

hw: Information disclosure issue in Intel SGX via RAPL interface

A vulnerability was found in Intel's implementation of RAPL Running Average Power Limit. An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem...

hw: Information disclosure issue in Intel SGX via RAPL interface

A vulnerability was found in Intel's implementation of RAPL Running Average Power Limit. An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem...

hw: Information disclosure issue in Intel SGX via RAPL interface

A vulnerability was found in Intel's implementation of RAPL Running Average Power Limit. An attacker with a local account could query the power management functionality to intelligently infer SGX enclave computation values by measuring power usage in the RAPL subsystem...

CVE-2020-7212

The encodeinvalidchars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for Python allows a denial of service CPU consumption because of an inefficient algorithm. The percentencodings array contains all matches of percent encodings. It is not deduplicated. For a URL of length ...

CVE-2019-17063

In Snowtide PDFxStream before 3.7.1 for Java, a crafted PDF file can trigger an extremely long running computation because of page-tree mishandling...

CVE-2018-12361

An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent graphics computations when their inputs are not sanitized which results in a potentially exploitable crash. This vulnerability affects Thunderbird 60, Firefox ESR 60.1...

CVE-2018-12361

An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent graphics computations when their inputs are not sanitized which results in a potentially exploitable crash. This vulnerability affects Thunderbird 60, Firefox ESR 60.1...

Integer overflow

An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent graphics computations when their inputs are not sanitized which results in a potentially exploitable crash. This vulnerability affects Thunderbird 60, Firefox ESR 60.1...

CVE-2018-12361

CVE-2018-12361 is an integer overflow in the SwizzleData code during buffer-size calculation that can lead to a potentially exploitable crash when inputs aren’t sanitized. Affected products include Mozilla Thunderbird before 60 and Firefox family before 61 (Firefox ESR before 60.1). Public remedi...

CVE-2018-12361

An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent graphics computations when their inputs are not sanitized which results in a potentially exploitable crash. This vulnerability affects Thunderbird 60, Firefox ESR 60.1...

CVE-2018-12361

An integer overflow can occur in the SwizzleData code while calculating buffer sizes. The overflowed value is used for subsequent graphics computations when their inputs are not sanitized which results in a potentially exploitable crash. This vulnerability affects Thunderbird 60, Firefox ESR 60.1...

CVE-2018-8319

A Security Feature Bypass vulnerability exists in MSR JavaScript Cryptography Library that is caused by incorrect arithmetic computations, aka "MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability." This affects Microsoft Research JavaScript Cryptography Library...

CVE-2018-8319

A Security Feature Bypass vulnerability exists in MSR JavaScript Cryptography Library that is caused by incorrect arithmetic computations, aka "MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability." This affects Microsoft Research JavaScript Cryptography Library...