15 matches found
kernel: cifs: fix oops during encryption
An out-of-bounds memory access vulnerability exists in the linux kernel, such that A stack-allocated buffer backed by vmalloc was passed into crypto code scatterwalkmapandcopy → memcpy where a cross-page write occurred. This ended up hitting a read-only mapping, causing a page-level fault and...
PT-2024-31298 · Nasa · Nasa Cryptolib
Name of the Vulnerable Software and Affected Versions: NASA CryptoLib version 1.3.0 Description: The issue is related to an Out-of-Bounds read via the TC subsystem. Specifically, the problem is identified in the crypto aos.c file. Recommendations: For NASA CryptoLib version 1.3.0, consider...
OPENSUSE-SU-2019:1123-1 Security update for putty
This update for putty fixes the following issues: Update to new upstream release 0.71 boo1129633 CVE-2019-9894: Fixed a remotely triggerable memory overwrite in RSA key exchange, which can occur before host key verification potential recycling of random numbers used in cryptography. CVE-2019-9895...
OPENSUSE-SU-2019:1113-1 Security update for putty
This update for putty fixes the following issues: Update to new upstream release 0.71 boo1129633 CVE-2019-9894: Fixed a remotely triggerable memory overwrite in RSA key exchange, which can occur before host key verification potential recycling of random numbers used in cryptography. CVE-2019-9895...
FreeBSD : PuTTY -- security fixes in new release (46e1ece5-48bd-11e9-9c40-080027ac955c)
The PuTTY team reports : New in 0.71 : - Security fixes found by an EU-funded bug bounty programme : - + a remotely triggerable memory overwrite in RSA key exchange, which can occur before host key verification - + potential recycling of random numbers used in cryptography - + on Unix, remotely...
ntp: incomplete checks in ntp_crypto.c
It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntpcrypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. A remote attacker could use a specially...
OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)
It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons...
RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2015:1544)
The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1544 advisory. - IBM JDK: plain text data stored in memory dumps CVE-2015-1931 - OpenJDK: deserialization issue in ObjectInputStream.readSerialData...
OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)
It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons...
OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)
It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons...
OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)
It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons...
OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)
It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons...
OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)
It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons...
OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)
It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons...
Mozilla Proposes Change to Handling of Subordinate CA Certificates
Mozilla is considering a change to the way that it handles certificates issued by externally operated sub-CAs in an effort to gain more control of how these CAs issue certificates and what those certificates can do. The proposal would involve some new controls to help verify that certificates are...