17 matches found
EUVD-2000-0444
Malware in sbrugna...
EUVD-2023-47937
Malicious code in bioql PyPI...
EUVD-2024-0614
Malicious code in bioql PyPI...
CVE-2023-43531
Memory corruption while verifying the serialized header when the key pairs are generated...
Qualcomm Chipsets 安全漏洞
Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from a cryptographic issue when generating asymmetric key pairs...
Qualcomm Chipsets 安全漏洞
Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from a memory corruption that occurs when validating serialized headers when generating key pairs...
CVE-2024-1631
CVE-2024-1631 describes a vulnerability in the editor-js/agent-js identity library where Ed25519KeyIdentity.generate may use an insecure seed instead of secure randomness when no seed is provided. The private key for identity 535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe can be ...
CVE-2022-34746
CVE-2022-34746 affects Zyxel GS1900 series firmware prior to V2.70. The issue is an insufficient entropy vulnerability in RSA key pair generation due to improper randomness, enabling an unauthenticated attacker to retrieve the private key by factoring the RSA modulus N in the certificate used by ...
MGASA-2020-0469 Updated mbedtls packages fix security vulnerabilities
This update provides security bug fixes and minor enhancements. Limit the size of calculations performed by mbedtlsmpiexpmod to MBEDTLSMPIMAXSIZE to prevent a potential denial of service when generating Diffie-Hellman key pairs. A failure of the random generator was ignored in mbedtlsmpifillrando...
bouncycastle: DSA key pair generator generates a weak private key by default
In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size...
bouncycastle: flaw in the low-level interface to RSA key pair generator
A vulnerability was found in BouncyCastle. The number of iterations of the Miller-Rabin primality test was incorrectly calculated according to FIPS 186-4 C.3. Under some circumstances, this could lead to the generation of weak RSA key pairs...
bouncycastle: flaw in the low-level interface to RSA key pair generator
A vulnerability was found in BouncyCastle. The number of iterations of the Miller-Rabin primality test was incorrectly calculated according to FIPS 186-4 C.3. Under some circumstances, this could lead to the generation of weak RSA key pairs...
Security update for bouncycastle (moderate)
This update for bouncycastle to version 1.59 fixes the following issues: These security issues were fixed: - CVE-2017-13098: BouncyCastle, when configured to use the JCE Java Cryptography Extension for cryptographic functions, provided a weak Bleichenbacher oracle when any TLS cipher suite using...
Infineon RSA library does not properly generate RSA key pairs
Overview The Infineon RSA library version 1.02.013 does not properly generate RSA key pairs, which may allow an attacker to recover the RSA private key corresponding to an RSA public key generated by this library. This vulnerability is often cited as "ROCA" in the media. Description...
So, you wanna crypto (in AEM)
So another year passed by and I will talk again , ... at the Connect WE conference. This year with Damien Antipa we will have a speech entitled So, you wanna crypto in AEM . Now, is true that even symmetric encryption isn't a “solved problem” but hey we still need to protect information et al : N...
CVE-2006-1115
nCipher HSM before 2.22.6, when generating a Diffie-Hellman public/private key pair without any specified DiscreteLogGroup parameters, chooses random parameters that could allow an attacker to crack the private key in significantly less time than a brute force attack...
CVE-2000-0445
The pgpk command in PGP 5.x on Unix systems uses an insufficiently random data source for non-interactive key pair generation, which may produce predictable keys...