CVE-2020-28362

A flaw was found in the math/big package of Go's standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The...

openSUSE 15 Security Update : bouncycastle (openSUSE-SU-2021:2163-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:2163-1 advisory. - Bouncy Castle BC Java before 1.66, BC C .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within th...

OPENSUSE-SU-2021:2163-1 Security update for bouncycastle

This update for bouncycastle fixes the following issues: - CVE-2020-15522: Fixed a timing issue within the EC math library bsc1186328...

Security update for bouncycastle (moderate)

openSUSE Security Update: Security update for bouncycastle Announcement ID: openSUSE-SU-2021:2163-1 Rating: moderate References: 1186328 Cross-References: CVE-2020-15522 CVSS scores: CVE-2020-15522 NVD : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-15522 SUSE: 5.9...

Homework Help Mouth Math App is vulnerable to upgrade hijacking

Homework Help Oral Calculation APP is produced by Homework Help for elementary school parents and teachers to use math homework tutoring platform online. An upgrade hijacking vulnerability exists in Homework Help Oral Calculation APP, which can be exploited by attackers to compromise the integrit...

openSUSE: Security Advisory for go1.15 (openSUSE-SU-2021:0950-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE SLED15 / SLES15 Security Update : go1.15 (SUSE-SU-2021:2214-1)

The remote SUSE Linux SLED15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2214-1 advisory. - Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers,...

OPENSUSE-SU-2021:0940-1 Security update for bouncycastle

This update for bouncycastle fixes the following issues: - CVE-2020-15522: Fixed a timing issue within the EC math library bsc1186328. This update was imported from the SUSE:SLE-15-SP2:Update update project...

SUSE SLED15 / SLES15 Security Update : go1.16 (SUSE-SU-2021:2186-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2186-1 advisory. - Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a...

SUSE-SU-2021:2186-1 Security update for go1.16

This update for go1.16 fixes the following issues: Update to 1.16.5. Includes these security fixes - CVE-2021-33195: net: Lookup functions may return invalid host names bsc1187443. - CVE-2021-33196: archive/zip: malformed archive may cause panic or memory exhaustion bsc1186622. - CVE-2021-33197:...

prb-math not audited

Handle gpersoon Vulnerability details Impact The library prb-math documents that it is not audited by a security researcher. This means its more risky to rely on this library. Proof of Concept // The contracts have not been audited by a security researcher. Tools Used Recommended Mitigation Steps...

SUSE SLED15 / SLES15 Security Update : bouncycastle (SUSE-SU-2021:2163-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2163-1 advisory. - Bouncy Castle BC Java before 1.66, BC C .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue with...

SUSE: Security Advisory (SUSE-SU-2021:2163-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2021:2163-1 Security update for bouncycastle

This update for bouncycastle fixes the following issues: - CVE-2020-15522: Fixed a timing issue within the EC math library bsc1186328...

Denial Of Service (DoS)

go is vulnerable to denial of service. The vulnerability exists due to the SetString and UnmarshalText methods of math/big.Rat may cause the system to hang if it is passed with a very large exponent input...

FreeBSD : go -- multiple vulnerabilities (079b3641-c4bd-11eb-a22a-693f0544ae52)

The Go project reports : The SetString and UnmarshalText methods of math/big.Rat may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents. ReverseProxy in net/http/httputil could be made to forward certain hop-by-hop headers, including Connection. In case the...

glibc security update

2.28-151.0.1.el84 - merge RH patches for ol8-u4 release Review-exception: Patch merge - Provide glibc.pthread.mutexspincount tunable for pthread adaptive - spin mutex Orabug: 27982358. Reviewed-by: Qing Zhao - add Ampere emag to tunable cpu list Patrick McGehearty - add optimized memset for emag ...

Fedora: Security Advisory for glibc (FEDORA-2021-2ba993d6c5)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2020-18221

Cross Site Scripting XSS in Typora v0.9.65 and earlier allows remote attackers to execute arbitrary code by injecting commands during block rendering of a mathematical formula...

Information Disclosure

bouncycastle is vulnerable to information disclosure. The vulnerability exists due to a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures...