Lucene search
K

192 matches found

Positive Technologies
Positive Technologies
added 2023/06/20 12:0 a.m.5 views

PT-2023-4527 · Node.Js +10 · Node.Js +10

Name of the Vulnerable Software and Affected Versions: Node.js affected versions not specified Description: The generateKeys API function returned from crypto.createDiffieHellman only generates missing or outdated keys, that is, it only generates a private key if none has been set yet, but the...

9.8CVSS6.5AI score0.87211EPSS
Exploits5References195
F5 Networks
F5 Networks
added 2023/04/03 6:46 a.m.31 views

K000133317: Intel software vulnerability CVE-2022-21163

Security Advisory Description Improper access control in the Crypto API Toolkit for IntelR SGX before version 2.0 commit ID 91ee496 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2022-21163 Impact There is no impact; F5 products are not affecte...

8.4CVSS7.6AI score0.00248EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:1 p.m.48 views

K16819: Linux kernel vulnerability CVE-2015-3331

Security Advisory Description The driverrfc4106decrypt function in arch/x86/crypto/aesni-intelglue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service buffer overflow an...

9.3CVSS7.5AI score0.10108EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 6:35 p.m.44 views

K16427: Linux kernel vulnerability CVE-2013-7421

Security Advisory Description The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AFALG socket with a module name in the salgname field, a different vulnerability than CVE-2014-9644. CVE-2013-7421 Impact There is no...

2.1CVSS6.5AI score0.00716EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 6:12 p.m.33 views

K17121: Linux network subsystem vulnerabilities CVE-2014-8160, CVE-2014-8172, CVE-2014-8173, CVE-2014-9428, CVE-2014-9644, CVE-2015-0274, and CVE-2015-2041

Security Advisory Description CVE-2014-8160 net/netfilter/nfconntrackprotogeneric.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended...

7.8CVSS7.2AI score0.05489EPSS
Exploits0
NVD
NVD
added 2023/02/16 9:15 p.m.31 views

CVE-2022-21163

Improper access control in the Crypto API Toolkit for IntelR SGX before version 2.0 commit ID 91ee496 may allow an authenticated user to potentially enable escalation of privilege via local access...

8.4CVSS8.5AI score0.00248EPSS
Exploits0References1
Prion
Prion
added 2023/02/16 9:15 p.m.17 views

Improper access control

Improper access control in the Crypto API Toolkit for IntelR SGX before version 2.0 commit ID 91ee496 may allow an authenticated user to potentially enable escalation of privilege via local access...

4.3CVSS7.8AI score0.00248EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/16 8:0 p.m.8 views

CVE-2022-21163

Improper access control in the Crypto API Toolkit for IntelR SGX before version 2.0 commit ID 91ee496 may allow an authenticated user to potentially enable escalation of privilege via local access...

8.4CVSS8.5AI score0.00248EPSS
Exploits0References1
CVE
CVE
added 2023/02/16 8:0 p.m.62 views

CVE-2022-21163

CVE-2022-21163 concerns a vulnerability in the Crypto API Toolkit for Intel(R) SGX. Affected: toolkit versions before 2.0, specifically before commit ID 91ee496. Root cause: improper access control in the toolkit’s Crypto API, enabling an authenticated user to potentially escalate privileges via ...

8.4CVSS7.8AI score0.00248EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/02/16 8:0 p.m.42 views

CVE-2022-21163

Improper access control in the Crypto API Toolkit for IntelR SGX before version 2.0 commit ID 91ee496 may allow an authenticated user to potentially enable escalation of privilege via local access...

8.4CVSS8.7AI score0.00248EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/02/16 12:0 a.m.3 views

Intel SGX SDK 安全漏洞

The Intel SGX SDK is a set of software development kits based on SGX Intel Software Security Extensions technology from Intel Corporation. A security vulnerability exists in Intel® SGX versions prior to 2.0 91ee496, which stems from the inclusion of improper access control in this Crypto API...

8.4CVSS7.3AI score0.00248EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/02/16 12:0 a.m.6 views

PT-2023-12663 · Intel · Crypto Api Toolkit For Intel Sgx

Name of the Vulnerable Software and Affected Versions: Crypto API Toolkit for IntelR SGX versions prior to 2.0 commit ID 91ee496 Description: The issue is related to improper access control, which may allow an authenticated user to potentially enable escalation of privilege via local access...

8.4CVSS7.6AI score0.00248EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:33 a.m.5 views

SUSE CVE-2013-7421

The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AFALG socket with a module name in the salgname field, a different vulnerability than CVE-2014-9644...

2.1CVSS6.2AI score0.00716EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:24 a.m.5 views

SUSE CVE-2014-9644

The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AFALG socket with a parenthesized module template expression in the salgname field, as demonstrated by the vfataes expression, a different vulnerability than...

2.1CVSS6.2AI score0.00552EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:19 a.m.4 views

SUSE CVE-2015-3331

The driverrfc4106decrypt function in arch/x86/crypto/aesni-intelglue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service buffer overflow and system crash or possibly...

9.3CVSS7.7AI score0.10108EPSS
Exploits0References14
Intel
Intel
added 2023/02/14 12:0 a.m.41 views

Crypto API Toolkit for Intel® SGX Advisory

Summary: A potential security vulnerability in the Crypto API Toolkit for Intel® SGX Software Guard Extensions may allow escalation of privilege. Intel is releasing toolkit updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2022-21163 Description: Improper acce...

8.4CVSS8.1AI score0.00248EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2022/11/25 12:0 a.m.7 views

The vulnerability of the programming interface of Windows CryptoAPI on Windows operating systems, which allows attackers to perform spoofing attacks

The vulnerability of the Windows CryptoAPI programming interface in Windows operating systems relates to the ability to bypass authentication through spoofing. Exploiting this vulnerability allows a remote attacker to perform spoofing attacks...

7.8CVSS7.6AI score0.37926EPSS
Exploits0References3
OSV
OSV
added 2022/05/24 12:47 p.m.35 views

GHSA-H8V5-P258-PQF4 Use of a Broken or Risky Cryptographic Algorithm in XWiki Crypto API

Impact XWiki Crypto API will generate X509 certificates signed by default using SHA1 with RSA, which is not considered safe anymore for use in certificate signatures, due to the risk of collisions with SHA1. Note that this API is never used in XWiki Standard but it might be used in some extension...

5.4CVSS7.2AI score0.00385EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/24 12:47 p.m.71 views

Use of a Broken or Risky Cryptographic Algorithm in XWiki Crypto API

Impact XWiki Crypto API will generate X509 certificates signed by default using SHA1 with RSA, which is not considered safe anymore for use in certificate signatures, due to the risk of collisions with SHA1. Note that this API is never used in XWiki Standard but it might be used in some extension...

9.8CVSS8.8AI score0.00385EPSS
Exploits0References5Affected Software1
OpenVAS
OpenVAS
added 2022/05/10 12:0 a.m.18 views

XWiki Crypto API Vulnerability (GHSA-h8v5-p258-pqf4)

XWiki is prone to a vulnerability in the Crypto API. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki"; ifdescription...

9.8CVSS8.9AI score0.00385EPSS
Exploits0References1
Rows per page
Query Builder