MiracleLinux 8 : freerdp-2.0.0-46.rc4.el8.2 (AXSA:2020-325:04)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-325:04 advisory. freerdp: Out-of-bounds write in cryptorsacommon in libfreerdp/crypto/crypto.c CVE-2020-13398 Tenable has extracted the preceding description block directly fr...

MiracleLinux 4 : freerdp-1.0.2-7.AXS4 (AXSA:2020-112:03)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-112:03 advisory. freerdp: Out-of-bounds write in cryptorsacommon in libfreerdp/crypto/crypto.c CVE-2020-13398 Tenable has extracted the preceding description block directly fr...

Linux Distros Unpatched Vulnerability : CVE-2023-49092

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a non-constant-time implementation, information about the private key is leaked through...

Security update for the Linux Kernel (Live Patch 47 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059170 fixes several issues. The following security issues were fixed: CVE-2022-49014: net: tun: Fix use-after-free in tundetach bsc1232818. CVE-2022-49563: crypto: qat - add param check for RSA bsc1238788. CVE-2022-49564: crypto: qat - add param check...

CVE-2023-52472

A null pointer dereference flaw was found in mpialloc in the crypto rsa subcomponent in the Linux kernel...

DEBIAN-CVE-2023-52472

In the Linux kernel, the following vulnerability has been resolved: crypto: rsa - add a check for allocation failure Static checkers insist that the mpialloc allocation can fail so add a check to prevent a NULL dereference. Small allocations like this can't actually fail in current kernels, but...

Fedora 38 : golang (2023-8ee7d4a8e3)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-8ee7d4a8e3 advisory. go1.20.2 released 2023-03-07 includes a security fix to the crypto/elliptic package, as well as bug fixes to the compiler, the covdata command, the linker, t...

SUSE CVE-2020-13398

An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds OOB write vulnerability has been detected in cryptorsacommon in libfreerdp/crypto/crypto.c...

GO-2021-0160 Incorrect calculation affecting RSA computations in math/big

Int.Exp Montgomery mishandled carry propagation and produced an incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors. This issue can affect RSA computations in crypto/rsa, which is used by crypto/tls. TLS servers on 32-bit systems could plausibl...

CVE-2020-28362

A flaw was found in the math/big package of Go's standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The...

Private CRT-based RSA Key Leakage

crypto/rsa in github.com/golang/go is vulnerable to private CRT-based RSA key leakage. The leakage happens due to an error in the CRT computation. And it fails to check RSA signature to prevent the error...

FreeBSD : go -- information disclosure vulnerability (6809c6db-bdeb-11e5-b5fe-002590263bf5)

Jason Buberel reports : A security-related issue has been reported in Go's math/big package. The issue was introduced in Go 1.5. We recommend that all users upgrade to Go 1.5.3, which fixes the issue. Go programs must be recompiled with Go 1.5.3 in order to receive the fix. The Go team would like...

keybase: information leakage

This issue can affect RSA computations in crypto/rsa, which is used by crypto/tls. TLS servers on 32-bit systems could plausibly leak their RSA private key due to this issue. Other protocol implementations that create many RSA signatures could also be impacted in the same way. Specifically,...

syncthing: information leakage

This issue can affect RSA computations in crypto/rsa, which is used by crypto/tls. TLS servers on 32-bit systems could plausibly leak their RSA private key due to this issue. Other protocol implementations that create many RSA signatures could also be impacted in the same way. Specifically,...