249 matches found
OpenSSL 安全漏洞
OpenSSL is an open source general-purpose cryptographic library capable of implementing the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols from the OpenSSL team. It supports a wide range of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...
Security Bulletin: Vulnerabilities in OpenSSL affect GCM16 & GCM32 KVM Switch Firmware (CVE-2018-0734, CVE-2018-0737, CVE-2018-0739)
Summary GCM16 & GCM32 KVM Switch Firmware have addressed the following vulnerabilities in OpenSSL. Vulnerability Details CVEID: CVE-2018-0734 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing side channel attack in the DSA signature algorithm. ...
Debian: Security Advisory (DLA-262-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
K54022413: GnuTLS vulnerability CVE-2015-0294
Security Advisory Description GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. CVE-2015-0294 Impact GnuTLS does not check if all sections of X.509 certificates indicate the same signature algorithm. This flaw, in combination with a different...
SUSE CVE-2008-5077
OpenSSL 0.9.8i and earlier does not properly check the return value from the EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys...
SUSE CVE-2015-9258
In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might for example be able to forge a signature by forcing a misinterpretation of an RSA-PSS key as Ed2551...
SUSE CVE-2016-2178
The dsasignsetup function in crypto/dsa/dsaossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack...
SUSE CVE-2016-1000341
In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k...
SUSE CVE-2016-1000343
In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size...
SUSE CVE-2017-3732
There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed...
UBUNTU-CVE-2023-0217
An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVPPKEYpubliccheck function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allo...
Allocation of Resources Without Limits or Throttling
Overview std/crypto/dsa is a Go standard library package std/crypto/dsa Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: via the Verify function. An attacker can cause excessive resource consumption and make affecte...
GHSA-785H-HRF7-GQXC Docker Notary Signature Algorithm Not Matched to Key vulnerability
In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might for example be able to forge a signature by forcing a misinterpretation of an RSA-PSS key as Ed2551...
Docker Notary Signature Algorithm Not Matched to Key vulnerability
In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might for example be able to forge a signature by forcing a misinterpretation of an RSA-PSS key as Ed2551...
UBUNTU-CVE-2022-24773
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signature verification code does not properly check DigestInfo for a proper ASN.1 structure. This can lead to successful verification with signatures that...
CVE-2021-43392
STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE...
Access Restriction Bypass
Overview Affected versions of this package are vulnerable to Access Restriction Bypass during attempted authentication by a TLS 1.3 client to a TLS 1.3 server, certificate validation may be bypassed when the sigalgo field differs between the certificateverify message and the certificate message...
CVE-2022-25638
In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sigalgo field differs between the certificateverify message and the certificate message...
DEBIAN-CVE-2022-25638
In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sigalgo field differs between the certificateverify message and the certificate message...
wolfSSL 信任管理问题漏洞
Wolfssl CyaSSL is a small, portable embedded SSL programming library for use by embedded systems developers from Wolfssl, Inc. in the United States. A security vulnerability exists in wolfSSL versions prior to 5.2.0, which stems from an application attempting to authenticate a TLS 1.3 client to a...