Streetside Development Samourai Wallet 安全漏洞

Streetside Development Samourai Wallet is a modern bitcoin wallet from Streetside Development. A security vulnerability exists in the Streetside Development Samourai Wallet version 0.99.96i, which stems from a vulnerability that allows an attacker to view sensitive information and decrypt the dat...

CVE-2023-26053

CVE-2023-26053 affects Gradle, where dependency verification can be bypassed via a collision attack using long IDs for PGP keys in trusted-key/pgp metadata. The vulnerability arises from accepting non-fingerprint IDs and is mitigated by making verification fail when anything but a full fingerprin...

CVE-2023-26053

Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs 64bits for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a trusted-key or pgp element in their...

CVE-2023-26053 Gradle usage of long IDs for PGP keys opens potential for collision attacks

Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs 64bits for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a trusted-key or pgp element in their...

Understanding Jamstack Security

Learn how Jamstack has emerged as a new architectural paradigm for delivering websites and web-based applications with the promise of improved performance, scalability, and security over the traditional server-driven approach to web development...

The vulnerability of Microsoft Visual Studio, a software development tool, stems from insufficient validation of input data. This allows attackers to trigger service failures.

The vulnerability of the Microsoft Visual Studio software development tool is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

ecdh vulnerable to Exposure of Resource to Wrong Sphere

In Development IL ecdh before 0.2.0, an attacker can send an invalid point not on the curve as the public key, and obtain the derived shared secret...

GHSA-P2HP-3WV3-4W74 ecdh vulnerable to Exposure of Resource to Wrong Sphere

In Development IL ecdh before 0.2.0, an attacker can send an invalid point not on the curve as the public key, and obtain the derived shared secret...

CVE-2022-44310

In Development IL ecdh before 0.2.0, an attacker can send an invalid point not on the curve as the public key, and obtain the derived shared secret...

Code injection

In Development IL ecdh before 0.2.0, an attacker can send an invalid point not on the curve as the public key, and obtain the derived shared secret...

CVE-2022-44310

CVE-2022-44310 affects the ecdh.js Node.js native module by Development IL, prior to version 0.2.0. The vulnerability arises when an attacker supplies a public key point that is not on the curve, allowing them to derive the shared secret due to improper validation of the point. This can lead to e...

CVE-2022-44310

In Development IL ecdh before 0.2.0, an attacker can send an invalid point not on the curve as the public key, and obtain the derived shared secret...

CVE-2022-44310

In Development IL ecdh before 0.2.0, an attacker can send an invalid point not on the curve as the public key, and obtain the derived shared secret...

K15723: OpenSSL vulnerability CVE-2014-3567

Security Advisory Description Description Memory leak in the tlsdecryptticket function in t1lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service memory consumption via a crafted session ticket that triggers an...

K15160: GnuTLS vulnerability CVE-2014-0092

Security Advisory Description lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. CVE-2014-0092 Impact...

K27617652: BIG-IP APM OAuth failure response message vulnerability CVE-2018-15335

Security Advisory Description When APM is deployed as an OAuth Resource Server, APM becomes a client application to an external OAuth authorization server. In certain cases when communication between the BIG-IP APM and the OAuth authorization server is lost, APM may not display the intended messa...

K15571: OpenSSL vulnerability CVE-2014-3508

Security Advisory Description Description The OBJobj2txt function in crypto/objects/objdat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to...

K11068141: Python vulnerability CVE-2014-9365

Security Advisory Description The HTTP clients in the 1 httplib, 2 urllib, 3 urllib2, and 4 xmlrpclib libraries in CPython aka Python 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not a check the certificate against a trust store or verify that the server hostname matches...

K15852: Linux kernel vulnerability CVE-2014-3122

Security Advisory Description Description The trytounmapcluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service system crash by triggering a memory-usage pattern that requires...

K16318: OpenSSL vulnerability CVE-2015-0287

Security Advisory Description The ASN1itemexd2i function in crypto/asn1/tasndec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service invalid wri...