python-cryptography: Large inputs for symmetric encryption can trigger integer overflow leading to buffer overflow

A buffer-overflow flaw was found in the python-cryptography package. In certain sequences of update calls when symmetrically encrypting very large payloads 2GB could result in an integer overflow, leading to buffer overflows. Note: This fix is a workaround for the OpenSSL CVE-2021-23840 flaw...

CVE-2018-5407

Simultaneous Multi-threading SMT in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'...

SSL CBC IV vulnerability

curl is vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL for the SSL/TLS layer. This vulnerability has been identified CVE-2011-3389 aka the "BEAST" attack and is addressed by OpenSSL already as they have made a workaround to mitigate the problem. When doing so, they figured out...

CURL-CVE-2011-3389 SSL CBC IV vulnerability

curl is vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL for the SSL/TLS layer. This vulnerability has been identified CVE-2011-3389 aka the "BEAST" attack and is addressed by OpenSSL already as they have made a workaround to mitigate the problem. When doing so, they figured out...