| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of Juniper Steel Belted Radius
Bouncy Castle Java Cryptography Extension: vulnerability via XMSS Private Keys Deserialization
Synthesis of the vulnerability
A vulnerability via XMSS Private Keys Deserialization of Bouncy Castle Java Cryptography Extension was announced.
Severity: 2/4.
Creation date: 02/07/2018.
Identifiers: CERTFR-2019-AVI-325, cpuapr2019, cpujan2019, cpujul2019, CVE-2018-1000613, FEDORA-2018-e6894349c9, JSA10939, openSUSE-SU-2018:2131-1, openSUSE-SU-2018:2180-1, VIGILANCE-VUL-26596.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
A vulnerability via XMSS Private Keys Deserialization of Bouncy Castle Java Cryptography Extension was announced.
Full Vigil@nce bulletin... (Free trial) |
Bouncy Castle: vulnerability via RSA Digital Signature Prime Generation
Synthesis of the vulnerability
A vulnerability via RSA Digital Signature Prime Generation of Bouncy Castle was announced.
Severity: 1/4.
Creation date: 06/06/2018.
Identifiers: CERTFR-2019-AVI-325, cpuapr2019, cpujan2019, cpujul2019, CVE-2018-1000180, DSA-4233-1, FEDORA-2018-ceced55c5e, FEDORA-2018-da9fe79871, JSA10939, openSUSE-SU-2018:2820-1, RHSA-2018:2423-01, RHSA-2018:2424-01, RHSA-2018:2425-01, RHSA-2018:2669-01, VIGILANCE-VUL-26323.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
A vulnerability via RSA Digital Signature Prime Generation of Bouncy Castle was announced.
Full Vigil@nce bulletin... (Free trial) |
Bouncy Castle: multiple vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of Bouncy Castle.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 8.
Creation date: 22/12/2016.
Identifiers: CERTFR-2019-AVI-325, CVE-2016-1000338, CVE-2016-1000339, CVE-2016-1000340, CVE-2016-1000341, CVE-2016-1000342, CVE-2016-1000343, CVE-2016-1000344, CVE-2016-1000345, CVE-2016-1000346, CVE-2016-1000352, DLA-1418-1, JSA10939, openSUSE-SU-2018:1689-1, RHSA-2018:2669-01, USN-3727-1, VIGILANCE-VUL-21455.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
Several vulnerabilities were announced in Bouncy Castle.
An attacker can tamper with DSA/ECDSA signed data, without failure of the signature check. [severity:3/4; CVE-2016-1000338, CVE-2016-1000342]
A local attacker can measure the AES implementation speed, in order to get information about the secret key. [severity:1/4; CVE-2016-1000339]
The ECDH implementation of arithmetic for large integers includes carry propagation bugs. [severity:1/4; CVE-2016-1000340]
An attacker can time a DSA signature in order to get information about the private key. [severity:1/4; CVE-2016-1000341]
The default size of DSA keys is too small. [severity:1/4; CVE-2016-1000343]
The ECIES and DHIES algorithm accept the ECB mode. [severity:1/4; CVE-2016-1000344, CVE-2016-1000352]
An attacker can time decryption of blindly modified ciphertext, in order to get information about the corresponding plain text. [severity:1/4; CVE-2016-1000345]
An attacker can make use invalid DH public keys, in order to get information about the related private keys. [severity:1/4; CVE-2016-1000346]
Full Vigil@nce bulletin... (Free trial) |
NSPR: buffer overflow via GrowStuff
Synthesis of the vulnerability
An attacker can generate a buffer overflow in GrowStuff of NSPR, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Creation date: 13/06/2016.
Identifiers: 1174015, CERTFR-2019-AVI-325, CVE-2016-1951, DLA-513-1, DSA-3687-1, JSA10939, USN-3023-1, USN-3028-1, VIGILANCE-VUL-19876.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The NSPR library provides functions for memory management.
The routine GrowStuff reallocates a buffer. However, on 32 bits platform, an arithmetic overflow may occur, which leads to a buffer overflow because the actually allocated size is too small.
An attacker can therefore generate a buffer overflow in GrowStuff of NSPR, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
Mozilla NSS: invalid result of mp_div/mp_exptmod
Synthesis of the vulnerability
An attacker can use an error of NSS mp_div and mp_exptmod, in order to bypass some security feature.
Severity: 3/4.
Creation date: 27/01/2016.
Identifiers: CERTFR-2019-AVI-325, CVE-2016-1938, DLA-480-1, DSA-3688-1, JSA10939, MFSA-2016-07, openSUSE-SU-2016:0306-1, openSUSE-SU-2016:0309-1, SUSE-SU-2016:0334-1, SUSE-SU-2016:0338-1, USN-2903-1, USN-2903-2, VIGILANCE-VUL-18824.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The Mozilla NSS library provides Multi-Precision computation functions:
- mp_div : division
- mp_exptmod : modular exponentiation
They are used by public key algorithms.
However, these functions are incorrectly implemented, and sometimes generate invalid results.
An attacker can therefore use an error of NSS mp_div and mp_exptmod, in order to bypass some security feature.
Full Vigil@nce bulletin... (Free trial) |
OpenSSL: use after free via PSK Identify Hint
Synthesis of the vulnerability
An attacker can force the usage of a freed memory area via PSK Identify Hint of an OpenSSL multi-threaded client, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Creation date: 03/12/2015.
Identifiers: 1972951, 1976113, 1976148, 1981612, 2003480, 2003620, 2003673, 9010051, BSA-2016-006, bulletinjan2016, c05398322, CERTFR-2015-AVI-517, cisco-sa-20151204-openssl, cpuoct2017, CVE-2015-3196, DSA-3413-1, FEDORA-2015-d87d60b9a9, FreeBSD-SA-15:26.openssl, HPESBHF03709, JSA10759, NTAP-20151207-0001, openSUSE-SU-2015:2288-1, openSUSE-SU-2015:2289-1, RHSA-2015:2617-01, SA40100, SB10203, SOL12824341, SOL30714460, SOL55540723, SOL86772626, SSA:2015-349-04, USN-2830-1, VIGILANCE-VUL-18437.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The OpenSSL library can be used by a multi-threaded client.
However, in this case, the SSL_CTX structure does not contain an updated PSK Identify Hint. OpenSSL can thus free twice the same memory area.
An attacker can therefore force the usage of a freed memory area via PSK Identify Hint of an OpenSSL multi-threaded client, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
OpenSSL: information disclosure via X509_ATTRIBUTE
Synthesis of the vulnerability
An attacker can read a memory fragment via X509_ATTRIBUTE of OpenSSL processing PKCS#7 or CMS data, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 03/12/2015.
Identifiers: 1972951, 1976113, 1976148, 1985739, 2003480, 2003620, 2003673, 9010051, BSA-2016-006, bulletinjan2016, c05398322, CERTFR-2015-AVI-517, CERTFR-2016-AVI-128, cisco-sa-20151204-openssl, cpuapr2017, cpuoct2016, cpuoct2017, CVE-2015-3195, DSA-3413-1, FEDORA-2015-605de37b7f, FEDORA-2015-d87d60b9a9, FreeBSD-SA-15:26.openssl, HPESBHF03709, JSA10733, JSA10759, NTAP-20151207-0001, openSUSE-SU-2015:2288-1, openSUSE-SU-2015:2289-1, openSUSE-SU-2015:2318-1, openSUSE-SU-2015:2349-1, openSUSE-SU-2016:0637-1, openSUSE-SU-2016:0640-1, openSUSE-SU-2016:1327-1, PAN-SA-2016-0020, PAN-SA-2016-0028, RHSA-2015:2616-01, RHSA-2015:2617-01, RHSA-2016:2054-01, RHSA-2016:2055-01, RHSA-2016:2056-01, SA105, SA40100, SB10203, SOL12824341, SOL30714460, SOL55540723, SOL86772626, SSA:2015-349-04, SUSE-SU-2016:0678-1, USN-2830-1, VIGILANCE-VUL-18436.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The OpenSSL library supports the PKCS#7 and CMS formats.
However, if an X509_ATTRIBUTE structure is malformed, OpenSSL does not initialize a memory area before returning it to the user reading PKCS#7 or CMS data.
It can be noted that SSL/TLS is not impacted.
An attacker can therefore read a memory fragment via X509_ATTRIBUTE of OpenSSL processing PKCS#7 or CMS data, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial) |
OpenSSL: NULL pointer dereference via Certificate Verification
Synthesis of the vulnerability
An attacker can force a NULL pointer to be dereferenced during the certificate verification of OpenSSL (in client or server mode), in order to trigger a denial of service.
Severity: 2/4.
Creation date: 03/12/2015.
Identifiers: 1972951, 1976113, 1976148, 1985739, 1986593, 2003480, 2003620, 2003673, 9010051, BSA-2016-006, bulletinjan2016, c05398322, CERTFR-2015-AVI-517, cisco-sa-20151204-openssl, cpuoct2017, CVE-2015-3194, DSA-3413-1, FEDORA-2015-605de37b7f, FEDORA-2015-d87d60b9a9, FreeBSD-SA-15:26.openssl, HPESBHF03709, HT209139, JSA10759, NTAP-20151207-0001, openSUSE-SU-2015:2288-1, openSUSE-SU-2015:2289-1, openSUSE-SU-2015:2318-1, openSUSE-SU-2016:0637-1, openSUSE-SU-2016:1327-1, RHSA-2015:2617-01, SA105, SA40100, SB10203, SOL12824341, SOL30714460, SOL55540723, SOL86772626, SSA:2015-349-04, STORM-2015-017, USN-2830-1, VIGILANCE-VUL-18435.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The OpenSSL library can use the RSA PSS algorithm to check the validity of X.509 certificates.
However, if the "mask generation" parameter is missing during the verification of a signature in ASN.1 format, OpenSSL does not check if a pointer is NULL, before using it.
An attacker can therefore force a NULL pointer to be dereferenced during the certificate verification of OpenSSL (in client or server mode), in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
|