1057 matches found
CVE-2020-17478
The CVE-2020-17478 entry affects Crypt::Perl, specifically ECDSA/EC/Point.pm before version 0.33, where timing-attack considerations in the EC point multiplication are not properly handled. The issue is documented across multiple sources (e.g., NVD/NVDB) with the root cause described as inadequat...
CVE-2020-17478
ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly consider timing attacks against the EC point multiplication algorithm...
OPENSUSE-SU-2020:1105-1 Security update for SUSE Manager Client Tools
This update fixes the following issues: dracut-saltboot: - Print a list of available disk devices bsc1170824 - Install wipefs to initrd - Force install crypt modules golang-github-prometheus-prometheus: - Update change log and spec file + Modified spec file: default to golang 1.14 to avoid 'have...
Open-Xchange: Null dereference or redundant null check in `mail_crypt_load_global_private_key` for plugin mail-crypt
In this function, we check once if errorr is not NULL in if enctype == DCRYPTKEYENCRYPTIONTYPEPASSWORD / Fail here if password is not set since openssl will prompt for it otherwise / if keypassword == NULL if errorr != NULL errorr = tstrdupprintf"%s: %s unset, no " "password to decrypt the key",...
CVE-2020-13895
Crypt::Perl::ECDSA in the Crypt::Perl aka p5-Crypt-Perl module before 0.32 for Perl fails to verify correct ECDSA signatures when r and s are small and when s = 1. This happens when using the curve secp256r1 prime256v1. This could conceivably have a security-relevant impact if an attacker wishes ...
CVE-2020-13895
Crypt::Perl::ECDSA in the Crypt::Perl aka p5-Crypt-Perl module before 0.32 for Perl fails to verify correct ECDSA signatures when r and s are small and when s = 1. This happens when using the curve secp256r1 prime256v1. This could conceivably have a security-relevant impact if an attacker wishes ...
Design/Logic Flaw
Crypt::Perl::ECDSA in the Crypt::Perl aka p5-Crypt-Perl module before 0.32 for Perl fails to verify correct ECDSA signatures when r and s are small and when s = 1. This happens when using the curve secp256r1 prime256v1. This could conceivably have a security-relevant impact if an attacker wishes ...
CVE-2020-13895
Crypt::Perl::ECDSA in the Crypt::Perl aka p5-Crypt-Perl module before 0.32 for Perl fails to verify correct ECDSA signatures when r and s are small and when s = 1. This happens when using the curve secp256r1 prime256v1. This could conceivably have a security-relevant impact if an attacker wishes ...
CVE-2020-13895
CVE-2020-13895 affects Crypt::Perl::ECDSA in the Crypt::Perl (p5-Crypt-Perl) distribution for Perl, specifically before version 0.32. The issue is a verification bug where ECDSA signatures may fail to verify correctly when r and s are small and s = 1 on the secp256r1 (prime256v1) curve. The cited...
libu2f-host: Multiple vulnerabilities
Background Yubico Universal 2nd Factor U2F Host C Library. Description Multiple vulnerabilities have been discovered in libu2f-host. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to plug-in a malicious USB device, possibly resulting i...
Brute-force Attack
postgresql is vulnerable to brute-force attacks. The vulnerability exists as a signedness issue was found in the way the crypt function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII...
CVE-2019-5135
An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management WBM web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt function which can be exploited to disclose hashed user credentials. This affec...
CVE-2019-5135
An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management WBM web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt function which can be exploited to disclose hashed user credentials. This affec...
Authentication flaw
An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management WBM web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt function which can be exploited to disclose hashed user credentials. This affec...
CVE-2019-5135
WAGO PFC100/200 Web-Based Management (WBM) authentication timing information disclosure (CVE-2019-5135) is detailed in the TALOS entry. The vulnerability resides in the WBM login routine where the PHP crypt() function is used to generate a password hash for comparison, allowing an attacker to inf...
CVE-2019-5135
An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management WBM web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt function which can be exploited to disclose hashed user credentials. This affec...
WAGO PFC100/200 Web-Based Management (WBM) Authentication Timing Information Disclosure Vulnerability
Summary An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management WBM web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt function which can be exploited to disclose hashed user credentials...
CVE-2013-4412
slim has NULL pointer dereference when using crypt method from glibc 2.17...
DEBIAN-CVE-2013-4412
slim has NULL pointer dereference when using crypt method from glibc 2.17...
CVE-2013-4412
slim has NULL pointer dereference when using crypt method from glibc 2.17...