42 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Block: Zero non-PI portion of the auto-generated integrity buffer. The auto-generated integrity buffer for write operations needs to be fully initialized before being passed to the underlying block device. Otherwise, the...
EUVD-2026-34159
OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Prior to version 4.11.0, on many of the ECDH shared secret paths, the public key isn't verified to be a point on the correct curve. By...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfsetpipapoavx2: fix initial map fill If the first field does not cover the entire start map, then we must set the remaining bits to zero; otherwise, those bits will be leaked into the next matching map round. The...
DM-RSA: an Extension of RSA with Dual Modulus
We introduce DM-RSA Dual Modulus RSA, a variant of the RSA cryptosystem that employs two distinct moduli symmetrically to enhance security. By leveraging the Chinese Remainder Theorem CRT for decryption, DM-RSA provides increased robustness against side-channel attacks while preserving the...
Cost-Effective Optimization and Implementation of the CRT-Paillier Decryption Algorithm for Enhanced Performance
To address the privacy protection problem in cloud computing, privacy enhancement techniques such as the Paillier additive homomorphism algorithm are receiving widespread attention. Paillier algorithm allows addition and scalar multiplication operations in dencrypted state, which can effectively...
Verifiable Weighted Secret Sharing
Traditionally, threshold secret sharing TSS schemes assume all parties have equal weight, yet emerging systems like blockchains reveal disparities in party trustworthiness, such as stake or reputation. Weighted Secret Sharing WSS addresses this by assigning varying weights to parties, ensuring...
SUSE CVE-2024-57947
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfsetpipapo: fix initial map fill The initial buffer has to be inited to all-ones, but it must restrict it to the size of the first field, not the total field size. After each round in the map search step, the result a...
UBUNTU-CVE-2024-57947
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfsetpipapo: fix initial map fill The initial buffer has to be inited to all-ones, but it must restrict it to the size of the first field, not the total field size. After each round in the map search step, the result a...
CVE-2024-43817 net: missing check virtio
In the Linux kernel, the following vulnerability has been resolved: net: missing check virtio Two missing check in virtionethdrtoskb allowed syzbot to crash kernels again 1. After the skbsegment function the buffer may become non-linear nrfrags != 0, but since the SKBTXSHAREDFRAG flag is not set...
GO-2021-0160 Incorrect calculation affecting RSA computations in math/big
Int.Exp Montgomery mishandled carry propagation and produced an incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors. This issue can affect RSA computations in crypto/rsa, which is used by crypto/tls. TLS servers on 32-bit systems could plausibl...
Oracle MySQL Server <= 5.5.45 / 5.6 <= 5.6.26 Security Update (cpujan2016) - Windows
Oracle MySQL Server is prone to a vulnerability in a third party library. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2016-6887
The pstmexptmod function in MatrixSSL 3.8.6 and earlier does not properly perform modular exponentiation, which might allow remote attackers to predict the secret key via a CRT attack...
MariaDB 10.1.0 < 10.1.9 Multiple Vulnerabilities
The version of MariaDB installed on the remote host is prior to 10.1.9. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.1.9 advisory. - Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality,...
Amazon Linux AMI : mysql56 (ALAS-2016-684)
wolfSSL formerly CyaSSL before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem CRT process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS...
Mageia: Security Advisory (MGASA-2016-0072)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated libgcrypt packages fix security vulnerabilities
Updated libgcrypt packages fix security vulnerability: Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered that the ECDH secret decryption keys in applications using the libgcrypt20 library could be leaked via a side-channel attack CVE-2015-7511. The libgcrypt package was also...
Security update for MySQL (important)
This update to MySQL 5.6.28 fixes the following issues bsc962779: - CVE-2015-7744: Lack of verification against faults associated with the Chinese Remainder Theorem CRT process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote...
openSUSE Security Update : MySQL (openSUSE-2016-165)
This update to MySQL 5.6.28 fixes the following issues bsc962779 : - CVE-2015-7744: Lack of verification against faults associated with the Chinese Remainder Theorem CRT process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote...
OpenSSL CVE-2 0 1 6-0 7 0 1 Private Key Recovery attack vulnerability analysis-vulnerability warning-the black bar safety net
by: au2o3t @3 6 0 Cloud Security Team 0x01 Foreword 2 0 1 6 1 2 8, OpenSSL official published number for the CVE-2 0 1 6-0 7 0 1 vulnerabilities. The vulnerability occurs in the OpenSSL 1.0.2 versionOpenSSL 1.0.2 f and later versions not affected, when using the DH algorithm to a different client...
OpenSSL Cryptographic Algorithm Cracking Vulnerability
OpenSSL is a general-purpose open source cryptographic library that implements Secure Sockets Layer and Secure Transport Layer protocols and can support a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure hashing algorithms, and so on. OpenSSL there is a...