Lucene search
K

301 matches found

RedHat Linux
RedHat Linux
added 2019/01/16 5:55 p.m.4 views

pyOpenSSL: Failure to release memory before removing last reference in PKCS #12 Store

Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS 12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploitable via Depends...

5.9CVSS5.7AI score0.01895EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/11/13 10:13 p.m.7 views

python-cryptography: GCM tag forgery via truncated tag in finalize_with_tag API

A flaw was found in python-cryptography versions between =1.9.0 and 2.3. The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker could craft an invalid payload with a shortened tag e.g. 1 byte suc...

7.5CVSS5.8AI score0.03196EPSS
Exploits0References4
OSV
OSV
added 2018/07/11 12:29 a.m.4 views

CVE-2018-8319

A Security Feature Bypass vulnerability exists in MSR JavaScript Cryptography Library that is caused by incorrect arithmetic computations, aka "MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability." This affects Microsoft Research JavaScript Cryptography Library...

9.8CVSS5.8AI score0.07035EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/07/11 12:0 a.m.15 views

CVE-2018-8319

A Security Feature Bypass vulnerability exists in MSR JavaScript Cryptography Library that is caused by incorrect arithmetic computations, aka "MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability." This affects Microsoft Research JavaScript Cryptography Library...

9.3AI score0.07035EPSS
Exploits0References3
CVE
CVE
added 2018/07/11 12:0 a.m.76 views

CVE-2018-8319

CVE-2018-8319 concerns MSR JavaScript Cryptography Library (msrcrypto). Affects the library’s Elliptic Curve Cryptography (ECC) implementation, where multiple bugs in ECC could allow an attacker to glean information about a server’s private ECC key (key leakage) or craft invalid ECDSA signatures ...

9.8CVSS9.2AI score0.07035EPSS
Exploits0References3Affected Software1
Symantec
Symantec
added 2018/07/10 12:0 a.m.57 views

Microsoft MSR JavaScript Cryptography Library CVE-2018-8319 Remote Security Bypass Vulnerability

Description Microsoft MSR JavaScript Cryptography Library is prone to a remote security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. Technologies Affected Microsoft MSR JavaScrip...

0.9AI score0.07035EPSS
Exploits0
OSV
OSV
added 2018/06/27 6:29 p.m.6 views

CVE-2018-12915

In libpbc.a in PBC through 2017-03-02, there is a buffer over-read in calchash in map.c...

9.8CVSS6AI score0.01466EPSS
Exploits0References1
CNVD
CNVD
added 2018/06/07 12:0 a.m.6 views

Intel Integrated Performance Primitives Cryptography Library Information Disclosure Vulnerability

Intel Integrated Performance Primitives Cryptography Library is a multi-threaded library for multimedia and data processing applications from Intel Corporation. A security vulnerability exists in certain implementations of the Intel Integrated Performance Primitives Cryptography Library versions...

4.7CVSS5.2AI score0.00288EPSS
Exploits0References1
Prion
Prion
added 2018/06/05 9:29 p.m.21 views

Information disclosure

Some implementations in Intel Integrated Performance Primitives Cryptography Library before version 2018 U3.1 do not properly ensure constant execution time...

1.9CVSS5.7AI score0.00288EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/06/05 9:29 p.m.4 views

CVE-2018-3691

Some implementations in Intel Integrated Performance Primitives Cryptography Library before version 2018 U3.1 do not properly ensure constant execution time...

4.7CVSS5.9AI score0.00288EPSS
Exploits0References1
CNVD
CNVD
added 2018/05/15 12:0 a.m.6 views

Intel Integrated Performance Primitives Cryptography Library Information Disclosure Vulnerability

Intel Integrated Performance Primitives Cryptography Library is a multi-threaded library for multimedia and data processing applications from Intel Corporation. A security vulnerability exists in Intel Integrated Performance Primitives Cryptography Library versions prior to 2018 U2.1, which stems...

6.9AI score
Exploits0References1
CNVD
CNVD
added 2017/08/21 12:0 a.m.7 views

Nimbus JOSE+JWT padding oracle attack information disclosure vulnerability

Nimbus JOSE+JWT is an open source Java library . Nimbus JOSE+JWT has a security vulnerability that allows attackers to submit specially crafted requests to perform padding oracle attacks and obtain sensitive information...

4.3CVSS4.4AI score0.00637EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2017/08/01 2:8 p.m.3 views

Moderate: Red Hat Bug Fix Advisory: openssl bug fix and enhancement update

An update for openssl is now available for Red Hat Enterprise Linux 7. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. For detailed information on changes in this release...

5.5CVSS6.8AI score0.00594EPSS
Exploits0References14
OSV
OSV
added 2017/06/10 12:0 a.m.3 views

UBUNTU-CVE-2017-9526

In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key from side-channel observation during the signing process can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point...

5.9CVSS6.6AI score0.02318EPSS
Exploits0References3
PyPA
PyPA
added 2017/03/27 5:59 p.m.9 views

PYSEC-2017-8

HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digestsize...

7.5CVSS6.9AI score0.03399EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2017/03/27 5:59 p.m.3 views

DEBIAN-CVE-2016-9243

HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digestsize...

7.5CVSS6.9AI score0.03399EPSS
Exploits0References1
OSV
OSV
added 2017/03/27 5:59 p.m.9 views

PYSEC-2017-8

HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digestsize...

7.5CVSS5.9AI score0.03399EPSS
Exploits0References10
Debian
Debian
added 2017/01/16 9:24 a.m.24 views

[SECURITY] [DLA 786-1] botan1.10 security update

Package : botan1.10 Version : 1.10.5-1+deb7u2 CVE ID : CVE-2016-9132 It was discovered that there was an integer overflow vulnerability in botan, a cryptography library. This could occur while parsing untrusted inputs such as X.509 certificates. For Debian 7 "Wheezy", this problem has been fixed ...

9.8CVSS9.5AI score0.01978EPSS
Exploits0
Gentoo Linux
Gentoo Linux
added 2016/12/13 12:0 a.m.43 views

Botan: Multiple vulnerabilities

Background Botan Japanese for peony is a cryptography library written in C++11. Description Multiple vulnerabilities have been discovered in Botan. Please review the CVE identifiers referenced below for details. Impact A remote attacker could possibly execute arbitrary code with the privileges of...

10CVSS3.5AI score0.06677EPSS
Exploits0
OSV
OSV
added 2016/11/09 12:0 a.m.10 views

UBUNTU-CVE-2016-9243

HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digestsize...

7.5CVSS6.7AI score0.03399EPSS
Exploits0References4
Rows per page
Query Builder