31 matches found
EUVD-2020-23961
Malware in sbrugna...
EUVD-2018-0718
Malware in sbrugna...
EUVD-2022-29330
Malicious code in bioql PyPI...
CVE-2018-9426
In RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java, an incorrect implementation could cause weak RSA key pairs being generated. This could lead to crypto vulnerability with no additional execution privileges needed. User interaction is not needed for exploitation. Bulletin...
Mbed TLS 安全漏洞
Mbed TLS is an open source, portable, easy to use, readable and flexible SSL library from Mbed TLS Open Source. A security vulnerability exists in Mbed TLS versions 3.5.0 through 3.6.1 that stems from a buffer underrun in pkwrite when writing opaque key pairs...
FreeFrom Security Vulnerabilities
FreeFrom is an application from FreeFrom, Inc. dedicated to bringing privacy and free speech back to SNSs. A security vulnerability exists in versions of FreeFrom prior to 1.3.5 that stems from the application's reuse of random number key pairs, resulting in direct message DM content between user...
CVE-2023-43531
Memory corruption while verifying the serialized header when the key pairs are generated...
CVE-2023-43531 Access of Uninitialized Pointer in SPS Applications
Memory corruption while verifying the serialized header when the key pairs are generated...
CVE-2023-43531
CVE-2023-43531 describes memory corruption during validation of serialized headers when generating key pairs, affecting Qualcomm chipsets (including Qualcomm closed‑source components). The root cause is memory corruption in the header verification step during key pair generation. Impact is listed...
CVE-2023-43531 Access of Uninitialized Pointer in SPS Applications
Memory corruption while verifying the serialized header when the key pairs are generated...
Siemens LOGO! CMR and SIMATIC RTU 3000 Incorrect Calculation of Buffer Size (CVE-2020-36475)
An issue was discovered in Mbed TLS before 2.25.0 and before 2.16.9 LTS and before 2.7.18 LTS. The calculations performed by mbedtlsmpiexpmod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie- Hellman key pairs. This plugin only works...
CVE-2022-24447
An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by the application allows a user, with the level Operator, to access stored SSL certificates and associated key pairs during export...
ZOHO ManageEngine Key Manager Plus 信息泄露漏洞
ZOHO ManageEngine Key Manager Plus is a web-based SSH secret key management solution from ZOHO. The vulnerability is caused by the application not effectively protecting the stored SSL certificates and associated key pairs, which can be exploited by an attacker to obtain the stored SSL certificat...
PT-2022-16704 · Zoho · Zoho Manageengine Admanager Plus
Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Key Manager Plus versions prior to 6200 Description: An issue was discovered in the application where a service allows a user with the level Operator to access stored SSL certificates and associated key pairs during export...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure. OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a...
Design/Logic Flaw
An issue was discovered in Mbed TLS before 2.25.0 and before 2.16.9 LTS and before 2.7.18 LTS. The calculations performed by mbedtlsmpiexpmod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs...
CVE-2020-36475
An issue was discovered in Mbed TLS before 2.25.0 and before 2.16.9 LTS and before 2.7.18 LTS. The calculations performed by mbedtlsmpiexpmod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs...
Fedora Update for python-ecdsa FEDORA-2019-55e04129ac
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora Update for python-ecdsa FEDORA-2019-8fcf21a816
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
The Doghouse: Crown Sterling
A decade ago, the Doghouse was a regular feature in both my email newsletter Crypto-Gram and my blog. In it, I would call out particularly egregious -- and amusing -- examples of cryptographic "snake oil." I dropped it both because it stopped being fun and because almost everyone converged on...