DEBIAN-CVE-2021-24116

In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level administrator attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped,...

User Enumeration

Overview Affected versions of this package are vulnerable to User Enumeration. In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level administrator attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attac...

UBUNTU-CVE-2021-24119

In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level administrator attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single...

Code injection

In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level administrator attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single...

UBUNTU-CVE-2021-24116

In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level administrator attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped,...

CVE-2021-24117

CVE-2021-24117 affects Apache Teaclave Rust SGX SDK 1.1.3 and is caused by a side-channel vulnerability in base64 PEM file decoding that can be exploited in isolated environments running on Intel SGX. This allows system-level attackers to glean information about secret RSA keys via a controlled-c...

CVE-2021-24116

In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level administrator attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped,...

CVE-2021-24116

CVE-2021-24116 affects wolfSSL up to version 4.6.0, where a side-channel vulnerability in the base64 PEM file decoding path may allow system-level (administrator) attackers to glean information about secret RSA keys. The issue is described as a controlled-channel/side-channel attack that can oper...

CVE-2021-24116

In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level administrator attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped,...

Trusted Firmware M 安全漏洞

ARM Trusted Firmware M TFM is an open source software from ARM UK. It provides a set of highly configurable software components to create a trusted execution environment. A security vulnerability exists in Trusted Firmware Mbed TLS that stems from a side-channel vulnerability in base64 PEM file...

Baidu Rust SGX SDK 安全漏洞

Baidu Rust SGX SDK is a Rust language development kit for Intel SGX Trusted Computing Platform from Baidu, China. Baidu Rust SGX SDK suffers from a security vulnerability, which originates from a side-channel vulnerability in base64 PEM file decoding in Rust SGX 1.1.3. An attacker can exploit the...

wolfSSL 安全漏洞

Wolfssl CyaSSL is a small, portable embedded SSL programming library for use by embedded systems developers from Wolfssl, Inc. in the United States. A security vulnerability exists in wolfSSL due to an observable timing difference in base64 PEM decoding. A local user could gain access to sensitiv...

Updated botan2 packages fix security vulnerability

Updated botan2 packages fix security vulnerability: In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations base32, base58, base64, and hex CVE-2021-24115...

The vulnerability of the image decoding process in QUIC systems of the Rendering of Remote Virtual Desktops SPICE software lies in the copying of buffers without checking the size of the input data. This allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the image decoding process in the QUIC rendering system for remote virtual desktops SPICE involves copying buffers without checking the size of the input data. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, a...

The vulnerability of the ReadMIFFImage function in the coders/miff.c component of the console image editing tool ImageMagick, related to infinite loop execution, allows attackers to cause a service failure.

The vulnerability of the ReadMIFFImage function in the coders/miff.c component of the ImageMagick console graphics editor is related to the infinite execution of a loop. Exploiting this vulnerability allows an attacker to cause a service failure by using a specially created MIFF image...

SUSE-SU-2021:2180-1 Security update for libsolv

This update for libsolv fixes the following issues: Security issues fixed: - CVE-2019-20387: Fixed heap-buffer-overflow in repodataschema2id bsc1161510 - CVE-2021-3200: testcaseread: error out if repos are added or the system is changed too late bsc1186229 Other issues fixed: - backport support f...

SUSE-SU-2021:2145-1 Security update for libsolv

This update for libsolv fixes the following issues: Security issues fixed: - CVE-2019-20387: Fixed heap-buffer-overflow in repodataschema2id bsc1161510 - CVE-2021-3200: testcaseread: error out if repos are added or the system is changed too late bsc1186229 Other issues fixed: - backport support f...

openvswitch: use-after-free in decode_NXAST_RAW_ENCAP during the decoding of a RAW_ENCAP action

Open vSwitch aka openvswitch has a use-after-free in decodeNXASTRAWENCAP called from ofpactdecode and ofpactsdecode during the decoding of a RAWENCAP action...

The vulnerability of the libwebp library regarding the encoding and decoding of WebP images allows for uncontrolled resource consumption, enabling attackers to cause service failures.

The vulnerability of the libwebp library for encoding and decoding WebP images is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

The vulnerability of the libwebp library lies in its ability to allow arbitrary code execution during image encoding and decoding in the WebP format. This vulnerability stems from the use of memory after the library is freed, which enables attackers to execute arbitrary code.

The vulnerability of the libwebp library for encoding and decoding WebP images is related to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code by creating a specially crafted file...