Carry Propagation

bouncycastle is vulnerable to carry propagation bugs. This bug caused mathematical miscalculations during static Elliptic Curve Diffie Hellman which in rare cases for it to miscalculate elliptic curve scalar multiplication. This allows a malicious user in certain cases to obtain the key...

Unsafe Encryption Scheme

bouncycastle unsafely uses an electronic code book ECB when using the Diffie-Hellman Integrated Encryption Scheme DHIES. ECB is known to be unsafe, particularly against replay attacks...

Partial Key Validation

bouncycastle is vulnerable to partial key validation. The library doesn't fully validate the other parties' Diffie-Hellman key, meaning that invalid keys can reveal information about the other parties' private key when static Diffie-Hellman is used...

FormAssembly: formassembly.com is vulnerable to padding-oracle attacks.

Dear Formassembly bug bounty team, Summary --- formassembly.com is vulnerable to CVE-2016-2107, allowing remote attackers to obtain sensitive information via padding-oracle attacks. $ git clone https://github.com/FiloSottile/CVE-2016-2107.git $ go run main.go www.formassembly.com ... Vulnerable:...

Ubuntu: Security Advisory (USN-3163-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS / 16.04 LTS : NSS vulnerabilities (USN-3163-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3163-1 advisory. It was discovered that NSS incorrectly handled certain invalid Diffie-Hellman keys. A remote attacker could possibly use this flaw to cause N...

USN-3163-1: NSS vulnerabilities

It was discovered that NSS incorrectly handled certain invalid Diffie-Hellman keys. A remote attacker could possibly use this flaw to cause NSS to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. CVE-2016-5285 Hubert Kari...

Amazon Linux AMI : nss-util / nss,nss-softokn (ALAS-2016-774)

CVE-2016-2834 nss: Multiple security flaws MFSA 2016-61 Multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the permission of the...

Medium: nss-util, nss, nss-softokn

Issue Overview: CVE-2016-2834 nss: Multiple security flaws MFSA 2016-61 Multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the...

Scientific Linux Security Update : nss and nss-util on SL5.x, SL6.x, SL7.x i386/x86_64 (20161116)

The nss-util packages provide utilities for use with the Network Security Services NSS libraries. The following packages have been upgraded to a newer upstream version: nss 3.12.3, nss-util 3.12.3. Security Fixes : - Multiple buffer handling flaws were found in the way NSS handled cryptographic...

MGASA-2016-0392 Updated libssh2 packages fix security vulnerability

Andreas Schneider reported that libssh2 passes the number of bytes to a function that expects number of bits during the SSHv2 handshake when libssh2 is to get a suitable value for 'group order' in the Diffie-Hellman negotiation. This weakens significantly the handshake security, potentially...

CentOS 5 / 6 / 7 : nss / nss-util (CESA-2016:2779)

An update for nss and nss-util is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...

CentOS Update for nss-util CESA-2016:2779 centos6

Check for the Version of nss-util SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882593";...

CentOS Update for nss CESA-2016:2779 centos5

Check for the Version of nss SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882596";...

nss security update

CentOS Errata and Security Advisory CESA-2016:2779 An update for nss and nss-util is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common...

CVE-2016-8635

It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group...

UBUNTU-CVE-2016-8635

It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group...

nss: small-subgroups attack flaw

It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group...

Moderate: Red Hat Security Advisory: nss and nss-util security update

An update for nss and nss-util is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...

CVE-2016-5285

A NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS...