301 matches found
pyOpenSSL: Failure to release memory before removing last reference in PKCS #12 Store
Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS 12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends...
python-cryptography: GCM tag forgery via truncated tag in finalize_with_tag API
A flaw was found in python-cryptography versions between =1.9.0 and 2.3. The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker could craft an invalid payload with a shortened tag e.g. 1 byte suc...
CVE-2018-8319
A Security Feature Bypass vulnerability exists in MSR JavaScript Cryptography Library that is caused by incorrect arithmetic computations, aka "MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability." This affects Microsoft Research JavaScript Cryptography Library...
CVE-2018-8319
A Security Feature Bypass vulnerability exists in MSR JavaScript Cryptography Library that is caused by incorrect arithmetic computations, aka "MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability." This affects Microsoft Research JavaScript Cryptography Library...
CVE-2018-8319
CVE-2018-8319 concerns MSR JavaScript Cryptography Library (msrcrypto). Affects the library’s Elliptic Curve Cryptography (ECC) implementation, where multiple bugs in ECC could allow an attacker to glean information about a server’s private ECC key (key leakage) or craft invalid ECDSA signatures ...
Microsoft MSR JavaScript Cryptography Library CVE-2018-8319 Remote Security Bypass Vulnerability
Description Microsoft MSR JavaScript Cryptography Library is prone to a remote security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. Technologies Affected Microsoft MSR JavaScrip...
CVE-2018-12915
In libpbc.a in PBC through 2017-03-02, there is a buffer over-read in calchash in map.c...
Intel Integrated Performance Primitives Cryptography Library Information Disclosure Vulnerability
Intel Integrated Performance Primitives Cryptography Library is a multi-threaded library for multimedia and data processing applications from Intel Corporation. A security vulnerability exists in certain implementations of the Intel Integrated Performance Primitives Cryptography Library versions...
Information disclosure
Some implementations in Intel Integrated Performance Primitives Cryptography Library before version 2018 U3.1 do not properly ensure constant execution time...
CVE-2018-3691
Some implementations in Intel Integrated Performance Primitives Cryptography Library before version 2018 U3.1 do not properly ensure constant execution time...
Intel Integrated Performance Primitives Cryptography Library Information Disclosure Vulnerability
Intel Integrated Performance Primitives Cryptography Library is a multi-threaded library for multimedia and data processing applications from Intel Corporation. A security vulnerability exists in Intel Integrated Performance Primitives Cryptography Library versions prior to 2018 U2.1, which stems...
Nimbus JOSE+JWT padding oracle attack information disclosure vulnerability
Nimbus JOSE+JWT is an open source Java library . Nimbus JOSE+JWT has a security vulnerability that allows attackers to submit specially crafted requests to perform padding oracle attacks and obtain sensitive information...
Moderate: Red Hat Bug Fix Advisory: openssl bug fix and enhancement update
An update for openssl is now available for Red Hat Enterprise Linux 7. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. For detailed information on changes in this release...
UBUNTU-CVE-2017-9526
In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key from side-channel observation during the signing process can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point...
PYSEC-2017-8
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digestsize...
DEBIAN-CVE-2016-9243
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digestsize...
PYSEC-2017-8
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digestsize...
[SECURITY] [DLA 786-1] botan1.10 security update
Package : botan1.10 Version : 1.10.5-1+deb7u2 CVE ID : CVE-2016-9132 It was discovered that there was an integer overflow vulnerability in botan, a cryptography library. This could occur while parsing untrusted inputs such as X.509 certificates. For Debian 7 "Wheezy", this problem has been fixed ...
Botan: Multiple vulnerabilities
Background Botan Japanese for peony is a cryptography library written in C++11. Description Multiple vulnerabilities have been discovered in Botan. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of...
UBUNTU-CVE-2016-9243
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digestsize...