Page 24 of 117 results (0.004 seconds)

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors. El código Montgomery de Int.Exp en la librería math/big en Go 1.5.x en versiones anteriores a 1.5.3 no maneja correctamente la propagación acarreo y produce una salida incorrecta, lo que facilita a atacantes obtener claves privadas RSA a través de vectores no especificados. • http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175642.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176179.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00077.html http://www.openwall.com/lists/oss-security/2015/12/21/6 http://www.openwall.com/lists/oss-security/2015/12/22/9 http://www.openwall.com/lists/oss-security/2016/01/13/7 https://github.com/golang/go/issues/13515 https://go-review.googlesource.com/&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0

crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors. crpyto/tls en Go 1.1 anterior a 1.3.2, cuando SessionTicketsDisabled está habilitado, permite a atacantes man-in-the-middle falsificar clientes através de vectores no especificados. • http://www.openwall.com/lists/oss-security/2014/09/26/28 http://www.securityfocus.com/bid/70156 https://exchange.xforce.ibmcloud.com/vulnerabilities/96693 https://groups.google.com/forum/#%21msg/golang-nuts/eeOHNw_shwU/OHALUmroA5kJ • CWE-264: Permissions, Privileges, and Access Controls •