CVE-2021-29524 Division by 0 in `Conv2DBackpropFilter`

TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a division by 0 in tf.rawops.Conv2DBackpropFilter. This is because the...

PT-2019-4482

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.1.1 through 1.1.1d OpenSSL versions 1.0.2 through 1.0.2t Description The issue is related to an overflow bug in the x64 64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are...

openssl: rsaz_1024_mul_avx2 overflow bug on x86_64

There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attack...

Authentication flaw

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, SD 820, and SD 820A, function cepkcs1psspaddingverifyautorecoversaltlen assumes that t...

Weak DH Key Exchange Supported (PCI DSS)

At least one of the services on the remote host supports a Diffie-Hellman key exchange using a public modulus smaller than 2048 bits. Diffie-Hellman key exchanges with keys smaller than 2048 bits do not meet the PCI definition of strong cryptography as specified by NIST Special Publication 800-57...

UBUNTU-CVE-2017-3738

There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attack...

CVE-2016-6886

The pstmreverse function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service invalid memory read and crash via a 1 zero value or 2 the key's modulus for the secret key during RSA key exchange...

nettle: secp256 calculation bug

The ecc256modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than...

MatrixSSL pstm_exptmod Function Miscalculation Vulnerability

INSIDE Secure MatrixSSL is an embedded, open source SSLv3 stack from INSIDE Secure, France, designed for small applications and devices. The pstmexptmod in MatrixSSL inputs incorrect results for certain parameters, causing the associated cryptographic functions to fail to handle the private key...

Aruba Networks / Alcatel-Lucent Private Key Disclosure

This advisory is accompanied by a blog post regarding a recap on our published "House of Keys" research study on the re-use of cryptographic secrets from 11/2015. For further information also see http://blog.sec-consult.com/2016/09/house-of-keys-9-months-later-40-worse.html SEC Consult...

CVE-2016-2194

The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service infinite loop via unspecified input to the OS2ECP function, related to a composite modulus...

Input validation

The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service infinite loop via unspecified input to the OS2ECP function, related to a composite modulus...

UBUNTU-CVE-2016-2194

The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 allows remote attackers to cause a denial of service infinite loop via unspecified input to the OS2ECP function, related to a composite modulus...

CVE-2016-2194

Removed by vendor...

Debian Security Advisory DSA 3565-1 (botan1.10 - security update)

Several security vulnerabilities were found in botan1.10, a C++ library which provides support for many common cryptographic operations, including encryption, authentication, X.509v3 certificates and CRLs. CVE-2015-5726 The BER decoder would crash due to reading from offset 0 of an empty vector i...

OpenSSL BN_mod_exp() Information Disclosure Vulnerability

OpenSSL is an open source implementation of SSL for strong encryption of network communications. A security vulnerability exists in OpenSSL BNmodexp, which can be exploited by a remote attacker to obtain sensitive information in a private key using a rounding propagation vulnerability...

ssl-dh-params NSE Script

Weak ephemeral Diffie-Hellman parameter detection for SSL/TLS services. This script simulates SSL/TLS handshakes using ciphersuites that have ephemeral Diffie-Hellman as the key exchange algorithm. Diffie-Hellman MODP group parameters are extracted and analyzed for vulnerability to Logjam CVE...

RSA Security RSAREF 2.0 - Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/843/info A buffer overflow vulnerability exists in the RSAREF cryptographic library which may possibly make any software using the library vulnerable. The vulnerability exists in four functions in the rsa.c source file. T...

Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass

Exploit for unknown platform in category remote exploits ====================================================================================== Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability...

Mozilla NSS - NULL Character CA SSL Certificate Validation Security Bypass

Mozilla NSS - NULL Character CA SSL Certificate Validation Security Bypass source: https://www.securityfocus.com/bid/35888/info Mozilla Network Security Services NSS is prone to a security-bypass vulnerability because it fails to properly validate the domain name in a signed CA certificate,...