kernel: crypto: algif_aead - Revert to operating out-of-place

A flaw was found in the Linux kernel's algifaead cryptographic algorithm interface. An incorrect in-place operation causes source and destination data mappings to differ during cryptographic processing. A low-privileged local attacker can exploit this flaw to corrupt the contents of sensitive...

EUVD-2015-6446

Malware in sbrugna...

kernel: tls: handle backlogging of crypto requests

A flaw was found in the tls subsystem of the Linux kernel. When setting the CRYPTOTFMREQMAYBACKLOG flag on requests to the crypto API, cryptoaeadencrypt and cryptoaeaddecrypt functions can return -EBUSY instead of -EINPROGRESS in valid situations. This issue could lead to undefined behavior and a...

ALPINE-CVE-2024-28960

An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory...

Microsoft Windows CryptoAPI安全漏洞

Microsoft Windows CryptoAPI is a cryptographic compiler added to the Windows operating system by Microsoft. CryptoAPI supports synchronous and asynchronous key encryption and the management of digital certificates in the operating system as the basis for data encryption and decryption functions. ...

SUSE CVE-2015-6506

Cross-site scripting XSS vulnerability in the cryptography interface in Request Tracker RT before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public key...

Updated rt/perl-Encode packages fix security vulnerability

RT 4.0.0 and above are vulnerable to a limited privilege escalation leading to unauthorized modification of ticket data. The DeleteTicket right and any custom lifecycle transition rights may be bypassed by any user with ModifyTicket CVE-2012-4733. RT 3.8.0 and above include a version of bin/rt th...

CVE-2015-6506

Cross-site scripting XSS vulnerability in the cryptography interface in Request Tracker RT before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public key...

DEBIAN-CVE-2015-6506

Cross-site scripting XSS vulnerability in the cryptography interface in Request Tracker RT before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public key...

Cross site scripting

Cross-site scripting XSS vulnerability in the cryptography interface in Request Tracker RT before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public key...

UBUNTU-CVE-2015-6506

Cross-site scripting XSS vulnerability in the cryptography interface in Request Tracker RT before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public key...

CVE-2015-6506

Cross-site scripting XSS vulnerability in the cryptography interface in Request Tracker RT before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public key...

CVE-2015-6506

Cross-site scripting XSS vulnerability in the cryptography interface in Request Tracker RT before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public key...

CVE-2015-6506

Summary: CVE-2015-6506 is a cross-site scripting (XSS) vulnerability in the Request Tracker (RT) cryptography interface, exploitable via a crafted public key in RT 4.x. Affected software: Request Tracker, versions before 4.2.12 (RT 4.x

RT -- two XSS vulnerabilities

Best Practical reports: RT 4.0.0 and above are vulnerable to a cross-site scripting XSS attack via the user and group rights management pages. This vulnerability is assigned CVE-2015-5475. It was discovered and reported by Marcin Kopec at Data Reliance Shared Service Center. RT 4.2.0 and above ar...