19 matches found
EUVD-2021-27058
Malware in sbrugna...
Advisory ROSA-SA-2024-2438
Software: opencryptoki 3.14.0 OS: ROSA Virtualization 2.1 packageevrstring: opencryptoki-3.14.0 CVE-ID: CVE-2021-3798 BDU-ID: CVE-Crit: MEDIUM. CVE-DESC.: The openCryptoki software token does not check if the EC key is valid when the EC key is created with CCreateObject and when CDeriveKey is use...
python-cryptography security update
36.0.1-4.0.1 - Fix CVE-2023-49083: NULL-dereference when loading PKCS7 certificates Orabug: 36119159 36.0.1-4 - Fix FTBFS caused by rsapkcs1implicitrejection OpenSSL feature, resolves rhbz2203840 36.0.1-3 - Fix CVE-2023-23931: Don't allow updateinto to mutate immutable objects, resolves rhbz21723...
PT-2023-36151 · Openssl +1 · Openssl +1
Name of the Vulnerable Software and Affected Versions: openssl-ibmca versions prior to 2.4.0 Description: The issue concerns adjustments and fixes for OpenSSL versions 3.1 and 3.2, including support for RSA blinding, constant-time fixes for RSA PKCS1 v1.5 and OAEP padding, and support for 'implic...
A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack.
...
CVE-2021-3798
A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via CCreateObject, nor when CDeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack...
AZL-10659 CVE-2021-3798 affecting package opencryptoki for versions less than 3.17.0-1
A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via CCreateObject, nor when CDeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack...
CVE-2021-3798
A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via CCreateObject, nor when CDeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack...
CVE-2021-3798
A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via CCreateObject, nor when CDeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack...
Design/Logic Flaw
A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via CCreateObject, nor when CDeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack...
CVE-2021-3798
A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via CCreateObject, nor when CDeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack...
CVE-2021-3798
A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via CCreateObject, nor when CDeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack...
openCryptoki 安全漏洞
openCryptoki is openCryptoki open source a PKCS11 library and tool for Linux. A security vulnerability exists in openCryptoki that stems from the fact that when an EC key is created via CCreateObject or when CDeriveKey is used with ECDH public data, the openCryptoki soft token does not check if t...
Denial Of Service (DoS)
openCryptoki is vulnerable to denial of service. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via CCreateObject, nor when CDeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid cur...
CVE-2021-3798
A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via CCreateObject, nor when CDeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack...
ALBA-2021:3054 opencryptoki bug fix and enhancement update
The opencryptoki packages contain version 2.11 of the PKCS11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These packages includes support for the IBM 4758 Cryptographic CoProcessor with the PKCS11 firmware loaded, the IBM eServer Cryptographic Accelerator FC 4960 ...
ECDSA signature vulnerability of Minerva timing attack in jsrsasign
Impact ECDSA side-channel attack named Minerava have been found and it was found that it affects to jsrsasign. Execution time of thousands signature generation have been observed then EC private key which is scalar value may be recovered since point and scalar multiplication time depends on bits ...
Fedora 19 : php-5.5.10-1.fc19 (2014-3537)
Excerpt from upstream NEWS: 06 Mar 2014, PHP 5.5.10 Core : - Fixed Request 66574i Allow multiple paths in phpiniscannedpath. Remi Date : - Fixed bug 45528 Allow the DateTimeZone constructor to accept timezones per offset too. Derick Fileinfo : - Fixed bug 66731 file: infinite recursion...
Fedora 20 : php-5.5.10-1.fc20 (2014-3534)
Excerpt from upstream NEWS: 06 Mar 2014, PHP 5.5.10 Core : - Fixed Request 66574i Allow multiple paths in phpiniscannedpath. Remi Date : - Fixed bug 45528 Allow the DateTimeZone constructor to accept timezones per offset too. Derick Fileinfo : - Fixed bug 66731 file: infinite recursion...