Lucene search
K

104 matches found

Prion
Prion
added 2022/03/14 6:15 p.m.21 views

Format string

The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm formerly Fuji Xerox devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's factorization...

6.4CVSS9AI score0.00862EPSS
Exploits0References4Affected Software92
Cvelist
Cvelist
added 2022/03/14 5:28 p.m.33 views

CVE-2022-26320

The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm formerly Fuji Xerox devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's factorization...

9.4AI score0.00862EPSS
Exploits0References5
CVE
CVE
added 2022/03/14 5:28 p.m.284 views

CVE-2022-26320

The issue affects Rambus SafeZone Basic Crypto Module versions prior to 10.4.0, incorporated in certain Fujifilm (formerly Fuji Xerox) devices and Canon imagePROGRAF/imageRUNNER devices. The root cause is insecure RSA key generation in the CLS PK KeyGenMT() routine, due to insufficient randomness...

9.1CVSS9.1AI score0.00862EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2022/03/14 12:0 a.m.3 views

PT-2022-7665 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the crypto component of the Linux kernel, specifically the qcom-rng module. The generate function in struct rng alg expects the destination buffer to be...

7.8CVSS6.8AI score0.08555EPSS
Exploits7References1099
Positive Technologies
Positive Technologies
added 2022/02/28 12:0 a.m.5 views

PT-2022-3152 · Rambus · Rambus Safezone Basic Crypto Module

Name of the Vulnerable Software and Affected Versions: Rambus SafeZone Basic Crypto Module versions prior to 10.4.0 Description: The issue is related to the generation of RSA keys that can be broken with Fermat's factorization method, allowing efficient calculation of private RSA keys from the...

9.4CVSS7.2AI score0.00862EPSS
Exploits0References12
OSV
OSV
added 2021/12/20 12:12 p.m.11 views

CLSA-2021-1640002354 Fix of CVE: CVE-2021-43527

CVE-2021-43527: Fix memory corruption in decodeECorDsaSignature with DSA signatures and RSA-PSS - Update to CKBI 2.50 from NSS 3.67 - Removing: - Certificate "Verisign Class 3 Public Primary Certification Authority - G3" - Certificate "AddTrust Low-Value Services Root" - Certificate "AddTrust...

9.8CVSS7.3AI score0.17563EPSS
Exploits0References1
OSV
OSV
added 2021/10/11 5:9 p.m.10 views

GHSA-3F99-HVG4-QJWJ Insecure random number generation in keypair

Description and Impact A bug in the pseudo-random number generator used by keypair versions up to and including 1.0.3 could allow for weak RSA key generation. This could enable an attacker to decrypt confidential messages or gain authorized access to an account belonging to the victim. We recomme...

8.7CVSS7.5AI score0.02993EPSS
Exploits1References6
OSV
OSV
added 2021/05/31 3:39 p.m.8 views

UVI-2021-1000392 crypto: sun8i-ss - fix result memory leak on error path

crypto: sun8i-ss - fix result memory leak on error path This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.37 by commit...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2021/03/26 12:0 a.m.6 views

PT-2024-11146 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the crypto: qat module in the Linux kernel, where the ADF STATUS PF RUNNING flag is set after adf dev init. However, the vf2pf lock is initialized in adf dev...

7.8CVSS6.5AI score0.08555EPSS
Exploits6References1088
OSV
OSV
added 2020/09/01 9:22 p.m.13 views

GHSA-H5VJ-F7R9-W564 Entropy Backdoor in text-qrcode

All versions of text-qrcode contain malicious code that overwrites the randomBytes method for the crypto module with a function that generates weak entropy. Instead of generating 32 bytes, the infected randomBytes will generate 3 bytes of entropy and hash them, resulting in a 32 byte value being...

9.8CVSS7.2AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2020/09/01 9:22 p.m.52 views

Entropy Backdoor in text-qrcode

All versions of text-qrcode contain malicious code that overwrites the randomBytes method for the crypto module with a function that generates weak entropy. Instead of generating 32 bytes, the infected randomBytes will generate 3 bytes of entropy and hash them, resulting in a 32 byte value being...

1.4AI score
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2020/06/26 4:15 p.m.50 views

CVE-2020-10769

A buffer over-read flaw was found in RH kernel versions before 5.0 in cryptoauthencextractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read...

5.5CVSS6.9AI score0.00491EPSS
Exploits1References3
Cvelist
Cvelist
added 2020/06/26 3:32 p.m.26 views

CVE-2020-10769

A buffer over-read flaw was found in RH kernel versions before 5.0 in cryptoauthencextractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read...

6AI score0.00491EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2020/06/08 9:22 a.m.2 views

freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c

An issue was found in freerdp's libfreerdp/crypto/crypto.c, in versions before 2.1.1, where buffer access with an incorrect length value, leads to an out-of-bounds write. This flaw allows a remote, unauthenticated, attacker running an RDP server, or a local attacker, using a specially crafted...

8.3CVSS5.8AI score0.0239EPSS
Exploits0References4
CNVD
CNVD
added 2020/05/25 12:0 a.m.1 views

FreeRDP Buffer Overflow Vulnerability (CNVD-2020-31441)

FreeRDP is an open source implementation of the Remote Desktop Protocol RDP from the FreeRDP team. A buffer overflow vulnerability exists in the libfreerdp/crypto/crypto.c file, cryptorsacommon, in versions of FreeRDP prior to 2.1.1. The vulnerability stems from a network system or product...

8.3CVSS9.7AI score0.0239EPSS
Exploits0References1
CVE
CVE
added 2019/05/03 4:10 p.m.72 views

CVE-2019-1706

Summary: CVE-2019-1706 affects Cisco ASAv and Firepower 2100 Series running ASA software. The issue is a logic error in the software cryptography module’s handling of IPsec sessions, allowing an unauthenticated, remote attacker to trigger a device reload and a DoS condition by generating many IPs...

8.6CVSS8.5AI score0.0107EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/02/19 12:0 a.m.3 views

The vulnerability of the Go programming language’s crypto module, which allows a hacker to trigger a service failure

The vulnerability of the Go programming language’s crypto module exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

7.8CVSS7.2AI score0.04326EPSS
Exploits0References5Affected Software3
Node.js
Node.js
added 2018/11/29 12:41 a.m.19 views

Entropy Backdoor

Overview All versions of text-qrcode contain malicious code that overwrites the randomBytes method for the crypto module with a function that generates weak entropy. Instead of generating 32 bytes, the infected randomBytes will generate 3 bytes of entropy and hash them, resulting in a 32 byte val...

6.9AI score
Exploits0Affected Software1
CNVD
CNVD
added 2018/01/04 12:0 a.m.2 views

CRYPTO module buffer overflow vulnerability in multiple Huawei products

Huawei DP300, RP200, TE30/40/50/60, TP3106/3206, and ViewPoint 9030 are Huawei's all-in-one Desktop Intelligence products and HD video conferencing terminals for high-end customers. A buffer overflow vulnerability exists in the CRYPTO module of multiple Huawei products, which is due to the progra...

7AI score
Exploits0References1
Huawei
Huawei
added 2018/01/03 12:0 a.m.20 views

Security Advisory - Two Vulnerabilities in CRYPTO module of Several Huawei Products

There is a buffer overflow vulnerability in the CRYPTO module of several Huawei products. An unauthenticated, local attacker could craft malformed file with a specific field that the length is longer than the maximum value. Due to insufficient validation of the inputs, successful exploit could...

7.2AI score
Exploits0Affected Software9
Rows per page
Query Builder