CVSS: 9.8EPSS: 1%CPEs: 6EXPL: 0CVE-2015-8803 – nettle: secp256 calculation bug
https://notcve.org/view.php?id=CVE-2015-8803
The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805. La función ecc_256_modp en ecc-256.c en Nettle en versiones anteriores a 3.2 no maneja correctamente la propagación del acarreo y produce una salida incorrecta en su implementación de la curva elíptica P-256 NIST, lo que permite a atacantes tener un impacto no especificado a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2015-8805. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176807.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177229.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177473.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00091.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00093.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00100.html http://rhn.redhat.com/errata/RHSA-2016-2582.html http://ww • CWE-254: 7PK - Security Features CWE-310: Cryptographic Issues CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2015-8804 – nettle: miscalculations on secp384 curve
https://notcve.org/view.php?id=CVE-2015-8804
x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors. x86_64/ecc-384-modp.asm en Nettle en versiones anteriores a 3.2 no maneja correctamente la propagación de acarreo y produce una salida incorrecta en su implementación de la curva elíptica P-384 NIST, lo que permite a atacantes tener un impacto no especificado a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-updates/2016-02/msg00091.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00093.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00100.html http://rhn.redhat.com/errata/RHSA-2016-2582.html http://www.openwall.com/lists/oss-security/2016/02/02/2 http://www.openwall.com/lists/oss-security/2016/02/03/1 http://www.ubuntu.com/usn/USN-2897-1 https://blog.fuzzing-project.org/38-Miscomputations-of-elliptic-curve-scalar-mult • CWE-254: 7PK - Security Features CWE-310: Cryptographic Issues CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2015-8805 – nettle: secp256 calculation bug
https://notcve.org/view.php?id=CVE-2015-8805
The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803. La función ecc_256_modq en ecc-256.c en Nettle en versiones anteriores a 3.2 no maneja correctamente la propagación de acarreo y produce una salida incorrecta en su implementación de la curva elíptica P-256 NIST, lo que permite a atacantes tener un impacto no especificado a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2015-8803. • http://lists.opensuse.org/opensuse-updates/2016-02/msg00091.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00093.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00100.html http://rhn.redhat.com/errata/RHSA-2016-2582.html http://www.openwall.com/lists/oss-security/2016/02/02/2 http://www.openwall.com/lists/oss-security/2016/02/03/1 http://www.securityfocus.com/bid/84272 http://www.ubuntu.com/usn/USN-2897-1 https://blog.fuzzing-project.org&#x • CWE-310: Cryptographic Issues CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2015-7758
https://notcve.org/view.php?id=CVE-2015-7758
Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a (1) .aux, (2) .log, (3) .out, (4) .pdf, or (5) .toc extension for the file name, as demonstrated by .thesis.tex.aux. Gummi 0.6.5 permite a usuarios locales escribir en archivos arbitrarios a través de un ataque de enlace simbólico en un archivo temporal dot que usa el nombre de un archivo existente y la extensión (1) .aux, (2) .log, (3) .out, (4) .pdf o (5) .toc para el nombre de archivo, según lo demostrado por .thesis.tex.aux. • http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178582.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178642.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00117.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00150.html http://www.openwall.com/lists/oss-security/2015/10/08/4 http://www.openwall.com/lists/oss-security/2015/10/08/5 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756432 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-3462
https://notcve.org/view.php?id=CVE-2014-3462
The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes". El archivo de configuración ".encfs6.xml" en encfs en versiones anteriores a la 1.7.5 permite que atacantes remotos accedan a datos confidenciales ajustando "blockMACBytes" a 0 y añadiendo un 8 a "blockMACRandBytes". • http://lists.opensuse.org/opensuse-updates/2017-01/msg00090.html http://www.openwall.com/lists/oss-security/2014/05/14/2 https://bugzilla.redhat.com/show_bug.cgi?id=1097537 https://security.gentoo.org/glsa/201512-09 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •