Lucene search
K

9179 matches found

NVD
NVD
added 2023/04/21 6:15 p.m.21 views

CVE-2022-47930

An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session...

6.8CVSS6.5AI score0.00523EPSS
Exploits0References2
OSV
OSV
added 2023/04/21 6:15 p.m.10 views

CVE-2023-26556

io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time there is an if statement in a loop. One leak is in ecdsa/keygen/round2.go. bnb-chain/tss-lib and...

9.1CVSS5.8AI score0.00864EPSS
Exploits0References4
Prion
Prion
added 2023/04/21 6:15 p.m.22 views

Design/Logic Flaw

An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session...

3.6CVSS6.5AI score0.00523EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/04/21 12:0 a.m.21 views

CVE-2022-47930

An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session...

6.7AI score0.00523EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/21 12:0 a.m.4 views

tss-lib 安全漏洞

tss-lib is an open source IO FinNet implementation of the multi-party t,n- threshold ECDSA Elliptic Curve Digital Signature Algorithm based on Gennaro and Goldfeder 2020 1 and EdDSA Edwards Curve Digital Signature Algorithm. A security vulnerability exists in IO FinNet tss-lib versions prior to...

6.8CVSS6.6AI score0.00523EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2023/04/21 12:0 a.m.24 views

Authentication Bypass by Capture-replay

An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session...

6.8CVSS6.7AI score0.00523EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/04/20 4:15 p.m.19 views

CVE-2023-27351

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 Build 63914. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper...

8.2CVSS8AI score0.7842EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/04/20 4:14 p.m.15 views

CVE-2023-1255 Input buffer over-read in AES-XTS implementation on 64 bit ARM

Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The...

5.9AI score0.00953EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/04/20 12:0 a.m.30 views

openSUSE 15 Security Update : chromium (openSUSE-SU-2023:0092-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0092-1 advisory. - Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to...

8.8CVSS8.4AI score0.40798EPSS
Exploits1References33
Cvelist
Cvelist
added 2023/04/20 12:0 a.m.32 views

CVE-2023-27351

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 Build 63914. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper...

8.2CVSS8.4AI score0.7842EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2023/04/19 2:15 p.m.106 views

USN-6030-1: Linux kernel (Qualcomm Snapdragon) vulnerabilities

It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-1281 It was discovered that the System V IPC...

7.9CVSS7.6AI score0.03702EPSS
Exploits5
Ubuntu
Ubuntu
added 2023/04/19 2:6 p.m.94 views

USN-6029-1: Linux kernel vulnerabilities

It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-1281 It was discovered that the infrared...

7.8CVSS7.1AI score0.0046EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/04/19 12:58 p.m.74 views

USN-6027-1: Linux kernel vulnerabilities

It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-1281 Jiasheng Jiang discovered that the HSA...

7.8CVSS7.1AI score0.0046EPSS
Exploits0
Veracode
Veracode
added 2023/04/19 7:5 a.m.30 views

Inappropriate Implementation

Google Chrome is vulnerable to Inappropriate Implementation. The vulnerability exists in the WebShare, which allows an attacker to potentially hide the contents of the Omnibox URL bar via a crafted HTML page...

6.5CVSS6.9AI score0.00847EPSS
Exploits0References7Affected Software1
Ubuntu
Ubuntu
added 2023/04/19 1:17 a.m.77 views

USN-6024-1: Linux kernel vulnerabilities

It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2023-1281 Lin Ma discovered a race condition in t...

7.8CVSS7.2AI score0.00964EPSS
Exploits4
Code423n4
Code423n4
added 2023/04/19 12:0 a.m.15 views

Position.sol: usage of an incorrect version of Ownable library can potentially malfunction all onlyOwner functions

Lines of code Vulnerability details Impact // From https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/access/Ownable.sol The current implementaion is using a non-upgradeable version of the Ownable library isnstead of the upgradeable version:...

6.8AI score
Exploits0
NVD
NVD
added 2023/04/17 10:15 p.m.26 views

CVE-2023-30536

slim/psr7 is a PSR-7 implementation for use with Slim 4. In versions prior to 1.6.1 an attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. An...

6.5CVSS6.5AI score0.00743EPSS
Exploits0References3
Prion
Prion
added 2023/04/17 10:15 p.m.34 views

Code injection

slim/psr7 is a PSR-7 implementation for use with Slim 4. In versions prior to 1.6.1 an attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. An...

6.4CVSS6.5AI score0.00743EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/04/17 9:37 p.m.21 views

CVE-2023-30541 TransparentUpgradeableProxy clashing selector calls may not be delegated in @openzeppelin/contracts

OpenZeppelin Contracts is a library for secure smart contract development. A function in the implementation contract may be inaccessible if its selector clashes with one of the proxy's own selectors. Specifically, if the clashing function has a different signature with incompatible ABI encoding,...

5.3CVSS5.2AI score0.00812EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/04/17 9:17 p.m.26 views

CVE-2023-30536 Insecure header validation in slim/psr7

slim/psr7 is a PSR-7 implementation for use with Slim 4. In versions prior to 1.6.1 an attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. An...

6.5CVSS6.9AI score0.00743EPSS
Exploits0References3
Rows per page
Query Builder