DEBIAN-CVE-2019-11841

A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" Armor Headers. The...

CVE-2019-11841

A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" Armor Headers. The...

CVE-2019-11841

A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. According to the OpenPGP Message Format specification in RFC 4880 chapter 7, a cleartext signed message can contain one or more optional "Hash" Armor Headers. The...

PT-2019-12524 · Go · Go Cryptography Libraries

Name of the Vulnerable Software and Affected Versions: supplementary Go cryptography libraries affected versions not specified Description: A message-forgery issue was discovered in the supplementary Go cryptography libraries. According to the OpenPGP Message Format specification in RFC 4880...

Information Disclosure

Java is vulnerable to information disclosure. When generating DSA signatures, the security component in OpenJDK fails to check the digest algorithm strength. The use of a digest weaker than the key strength could lead to the generation of signatures that are weaker than expected and attackers may...

UBUNTU-CVE-2018-16152

In verifyemsapkcs1signature in gmprsapublickey.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS1 v1.5 signature verification. Consequently, a remote attacker can forge...

Sudo sudoers plugin design vulnerability

Sudo is a suite of programs developed by software developer Todd C. Miller for Unix-like operating systems that allow users to execute commands in a secure manner with special privileges. sudoers plugin is one of the Sudo configuration plugin. A design flaw exists in the SHA-2 digest support of t...

BSA-2017-271

Security Advisory ID : BSA-2017-271 Component : MD5 Algorithm Revision : 1.0: Interim The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature...

Design flaws in the Android version of the Far Eastern Express app client

Yuancheng Express app is a life service application, a mobile logistics platform. There is a design vulnerability in the Far Cheng Express app client for Android. Due to the digest digest algorithm can be cracked, allowing an attacker to exploit the vulnerability to reset the password of any user...

Mageia: Security Advisory (MGASA-2016-0149)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2016-693)

It was discovered that the ObjectInputStream class in the Serialization component of OpenJDK failed to properly ensure thread consistency when deserializing serialized input. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. CVE-2016-0686 It was...

Critical: java-1.7.0-openjdk

Issue Overview: It was discovered that the ObjectInputStream class in the Serialization component of OpenJDK failed to properly ensure thread consistency when deserializing serialized input. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions...

Scientific Linux Security Update : java-1.7.0-openjdk on SL5.x, SL7.x i386/x86_64 (20160421)

Security Fixes : - Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. CVE-2016-0686, CVE-2016-0687 - It was discovered that the RMI server implementati...

RedHat Update for java-1.7.0-openjdk RHSA-2016:0676-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

java security update

CentOS Errata and Security Advisory CESA-2016:0675 An update for java-1.7.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...

Scientific Linux Security Update : java-1.8.0-openjdk on SL7.x x86_64 (20160420)

Security Fixes : - Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. CVE-2016-0686, CVE-2016-0687 - It was discovered that the RMI server implementati...

TLS 1.2 Transcipt Collision attacks against MD5 in key exchange protocol (SLOTH)

A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to...

F5 Networks BIG-IP : MD2 Message-Digest Algorithm vulnerability (SOL15663)

The Network Security Services NSS library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash...

SOL15663 - MD2 Message-Digest Algorithm vulnerability CVE-2009-2409

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

Ubuntu: Security Advisory (USN-1287-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...