Lucene search
K

15 matches found

RedHat Linux
RedHat Linux
added 2025/12/09 12:20 p.m.5 views

kernel: cifs: fix oops during encryption

An out-of-bounds memory access vulnerability exists in the linux kernel, such that A stack-allocated buffer backed by vmalloc was passed into crypto code scatterwalkmapandcopy → memcpy where a cross-page write occurred. This ended up hitting a read-only mapping, causing a page-level fault and...

5.5CVSS7.5AI score0.00096EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/09/27 12:0 a.m.3 views

PT-2024-31298 · Nasa · Nasa Cryptolib

Name of the Vulnerable Software and Affected Versions: NASA CryptoLib version 1.3.0 Description: The issue is related to an Out-of-Bounds read via the TC subsystem. Specifically, the problem is identified in the crypto aos.c file. Recommendations: For NASA CryptoLib version 1.3.0, consider...

7.5CVSS6.8AI score0.00496EPSS
Exploits0References8
OSV
OSV
added 2019/04/02 1:58 p.m.5 views

OPENSUSE-SU-2019:1123-1 Security update for putty

This update for putty fixes the following issues: Update to new upstream release 0.71 boo1129633 CVE-2019-9894: Fixed a remotely triggerable memory overwrite in RSA key exchange, which can occur before host key verification potential recycling of random numbers used in cryptography. CVE-2019-9895...

9.8CVSS8.8AI score0.03937EPSS
Exploits0References7
OSV
OSV
added 2019/04/02 11:3 a.m.5 views

OPENSUSE-SU-2019:1113-1 Security update for putty

This update for putty fixes the following issues: Update to new upstream release 0.71 boo1129633 CVE-2019-9894: Fixed a remotely triggerable memory overwrite in RSA key exchange, which can occur before host key verification potential recycling of random numbers used in cryptography. CVE-2019-9895...

9.8CVSS8.9AI score0.03937EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2019/03/18 12:0 a.m.12 views

FreeBSD : PuTTY -- security fixes in new release (46e1ece5-48bd-11e9-9c40-080027ac955c)

The PuTTY team reports : New in 0.71 : - Security fixes found by an EU-funded bug bounty programme : - + a remotely triggerable memory overwrite in RSA key exchange, which can occur before host key verification - + potential recycling of random numbers used in cryptography - + on Unix, remotely...

5.9AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2016/05/10 6:35 p.m.6 views

ntp: incomplete checks in ntp_crypto.c

It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntpcrypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. A remote attacker could use a specially...

7.5CVSS6.8AI score0.07336EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2015/08/12 4:38 p.m.4 views

OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)

It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons...

5CVSS6.6AI score0.04156EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2015/08/05 12:0 a.m.43 views

RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2015:1544)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:1544 advisory. - IBM JDK: plain text data stored in memory dumps CVE-2015-1931 - OpenJDK: deserialization issue in ObjectInputStream.readSerialData...

10CVSS7.7AI score0.9986EPSS
Exploits1References35
RedHat Linux
RedHat Linux
added 2015/07/30 5:14 p.m.7 views

OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)

It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons...

5CVSS6.6AI score0.04156EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2015/07/23 7:20 p.m.5 views

OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)

It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons...

5CVSS6.6AI score0.04156EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2015/07/17 8:3 a.m.2 views

OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)

It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons...

5CVSS6.6AI score0.04156EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2015/07/15 12:37 p.m.3 views

OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)

It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons...

5CVSS6.6AI score0.04156EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2015/07/15 12:35 p.m.6 views

OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)

It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons...

5CVSS6.6AI score0.04156EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2015/07/15 12:1 p.m.6 views

OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)

It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons...

5CVSS6.6AI score0.04156EPSS
Exploits0References5
ThreatPost
ThreatPost
added 2012/03/23 3:23 p.m.5 views

Mozilla Proposes Change to Handling of Subordinate CA Certificates

Mozilla is considering a change to the way that it handles certificates issued by externally operated sub-CAs in an effort to gain more control of how these CAs issue certificates and what those certificates can do. The proposal would involve some new controls to help verify that certificates are...

0.3AI score
Exploits0References3
Rows per page
Query Builder