Page 10 of 115 results (0.004 seconds)

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0

x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors. x86_64/ecc-384-modp.asm en Nettle en versiones anteriores a 3.2 no maneja correctamente la propagación de acarreo y produce una salida incorrecta en su implementación de la curva elíptica P-384 NIST, lo que permite a atacantes tener un impacto no especificado a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-updates/2016-02/msg00091.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00093.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00100.html http://rhn.redhat.com/errata/RHSA-2016-2582.html http://www.openwall.com/lists/oss-security/2016/02/02/2 http://www.openwall.com/lists/oss-security/2016/02/03/1 http://www.ubuntu.com/usn/USN-2897-1 https://blog.fuzzing-project.org/38-Miscomputations-of-elliptic-curve-scalar-mult • CWE-254: 7PK - Security Features CWE-310: Cryptographic Issues CWE-358: Improperly Implemented Security Check for Standard •

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0

The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803. La función ecc_256_modq en ecc-256.c en Nettle en versiones anteriores a 3.2 no maneja correctamente la propagación de acarreo y produce una salida incorrecta en su implementación de la curva elíptica P-256 NIST, lo que permite a atacantes tener un impacto no especificado a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2015-8803. • http://lists.opensuse.org/opensuse-updates/2016-02/msg00091.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00093.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00100.html http://rhn.redhat.com/errata/RHSA-2016-2582.html http://www.openwall.com/lists/oss-security/2016/02/02/2 http://www.openwall.com/lists/oss-security/2016/02/03/1 http://www.securityfocus.com/bid/84272 http://www.ubuntu.com/usn/USN-2897-1 https://blog.fuzzing-project.org&#x • CWE-310: Cryptographic Issues CWE-358: Improperly Implemented Security Check for Standard •

CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0

Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a (1) .aux, (2) .log, (3) .out, (4) .pdf, or (5) .toc extension for the file name, as demonstrated by .thesis.tex.aux. Gummi 0.6.5 permite a usuarios locales escribir en archivos arbitrarios a través de un ataque de enlace simbólico en un archivo temporal dot que usa el nombre de un archivo existente y la extensión (1) .aux, (2) .log, (3) .out, (4) .pdf o (5) .toc para el nombre de archivo, según lo demostrado por .thesis.tex.aux. • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178582.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178642.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00117.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00150.html http://www.openwall.com/lists/oss-security/2015/10/08/4 http://www.openwall.com/lists/oss-security/2015/10/08/5 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756432 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes". El archivo de configuración ".encfs6.xml" en encfs en versiones anteriores a la 1.7.5 permite que atacantes remotos accedan a datos confidenciales ajustando "blockMACBytes" a 0 y añadiendo un 8 a "blockMACRandBytes". • http://lists.opensuse.org/opensuse-updates/2017-01/msg00090.html http://www.openwall.com/lists/oss-security/2014/05/14/2 https://bugzilla.redhat.com/show_bug.cgi?id=1097537 https://security.gentoo.org/glsa/201512-09 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 8%CPEs: 23EXPL: 0

The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule. El (1) git-remote-ext y (2) otros programas de ayuda remotos no especificados en Git en versiones anteriores a 2.3.10, 2.4.x en versiones anteriores a 2.4.10, 2.5.x en versiones anteriores a 2.5.4 y 2.6.x en versiones anteriores a 2.6.1 no restringen correctamente los protocolos permitidos, lo que podría permitir a atacantes remotos ejecutar código arbitrario a través de una URL en un (a) archivo .gitmodules u (b) otras fuentes desconocidas en un submódulo. A flaw was found in the way the git-remote-ext helper processed certain URLs. If a user had Git configured to automatically clone submodules from untrusted repositories, an attacker could inject commands into the URL of a submodule, allowing them to execute arbitrary code on the user's system. • http://lists.opensuse.org/opensuse-updates/2015-11/msg00066.html http://rhn.redhat.com/errata/RHSA-2015-2515.html http://www.debian.org/security/2016/dsa-3435 http://www.openwall.com/lists/oss-security/2015/12/08/5 http://www.openwall.com/lists/oss-security/2015/12/09/8 http://www.openwall.com/lists/oss-security/2015/12/11/7 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016&# • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-284: Improper Access Control •