openSUSE 15 Security Update : bouncycastle (openSUSE-SU-2021:2163-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:2163-1 advisory. - Bouncy Castle BC Java before 1.66, BC C .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within th...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack. A timing issue within the EC math library can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures. Remediation...

CVE-2020-15522

Bouncy Castle BC Java before 1.66, BC C .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multip...

DEBIAN-CVE-2020-15522

Bouncy Castle BC Java before 1.66, BC C .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multip...

CVE-2020-15522

Bouncy Castle BC Java before 1.66, BC C .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multip...

UBUNTU-CVE-2020-15522

Bouncy Castle BC Java before 1.66, BC C .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multip...

bouncycastle: Timing issue within the EC math library

A flaw was found in bouncycastle. A timing issue within the EC math library can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures...

GHSA-9295-MHF3-V33M Insecure temporary file in Netflix OSS Hollow

ID: NFLX-2021-001 Title: Local information disclosure in Hollow Release Date: 2021-03-23 Credit: Security Researcher @JLLeitschuh Overview Security researcher @JLLeitschuh reported that Netflix Hollow a Netflix OSS project available here: https://github.com/Netflix/hollow writes to a local...

CVE-2021-28099

In Netflix OSS Hollow, since the Files.existsparent is run before creating the directories, an attacker can pre-create these directories with wide permissions. Additionally, since an insecure source of randomness is used, the file names to be created can be deterministically calculated...

Design/Logic Flaw

In Netflix OSS Hollow, since the Files.existsparent is run before creating the directories, an attacker can pre-create these directories with wide permissions. Additionally, since an insecure source of randomness is used, the file names to be created can be deterministically calculated...

PT-2021-17743 · Netflix · Netflix Oss Hollow

Name of the Vulnerable Software and Affected Versions: Netflix OSS Hollow affected versions not specified Description: The issue allows an attacker to pre-create directories with wide permissions since the Files.existsparent check is performed before creating the directories. Furthermore, the use...

CVE-2021-26307

An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It allows cpuidcount calls even if the processor does not support the CPUID instruction, which is unsound and causes a deterministic crash...

Design/Logic Flaw

An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It allows cpuidcount calls even if the processor does not support the CPUID instruction, which is unsound and causes a deterministic crash...

CVE-2021-26307

An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It allows cpuidcount calls even if the processor does not support the CPUID instruction, which is unsound and causes a deterministic crash...

CVE-2020-27264

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications use deterministic keys, which allows unauthenticated, physically proximate attackers to brute-force the keys via Bluetooth Low...

CVE-2020-27264

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications use deterministic keys, which allows unauthenticated, physically proximate attackers to brute-force the keys via Bluetooth Low...

CSS paint API: Being predictably random

Take a look at this: Space invaders If you're using a browser that supports the CSS paint API, the element will have a 'random' pixel-art gradient in the background. But it turns out, doing random in CSS isn't as easy as it seems… Initial implementation This isn't a full tutorial on the CSS paint...

Google Tink Data Forgery Issue Vulnerability

Tink is the United States Google Google a multi-language cross-platform to provide encryption API of a development library. A security vulnerability exists in versions of Tink prior to 1.5, which stems from incorrect handling of invalid unicode characters and can be exploited by an attacker to...

Design/Logic Flaw

A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. This can be a problem with encrypting...

PYSEC-2020-142

A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext. This can be a problem with encrypting...