CLEANSTART-2026-IE61882 Security fixes for CVE-2026-33870, ghsa-72hv-8253-57qq, ghsa-pwqr-wmgm-9rr8 applied in versions: 2.19.5-r0

Multiple security vulnerabilities affect the opensearch package. These issues are resolved in later releases. See references for individual vulnerability details...

Astra Linux - уязвимость в botan

Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. A bug in the parsing of name constraint extensions in X.509 certificates meant that if the extension included both permitted subtree...

OESA-2024-1924 botan2 security update

Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API...

[SECURITY] Fedora 39 Update: botan2-2.19.5-1.fc39

Botan is a BSD-licensed crypto library written in C++. It provides a wide variety of basic cryptographic algorithms, X.509 certificates and CRLs, PKCS \10 certificate requests, a filter/pipe message processing system, and a wide variety of other features, all written in portable C++. The API...

OPENSUSE-SU-2024:14188-1 Botan-doc-2.19.5-1.1 on GA media

These are all security issues fixed in the Botan-doc-2.19.5-1.1 package on the GA media of openSUSE Tumbleweed...

AZL-44286 CVE-2024-39312 affecting package botan2 2.14.0-2

Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. A bug in the parsing of name constraint extensions in X.509 certificates meant that if the extension included both permitted subtree...

AZL-43942 CVE-2024-34702 affecting package botan2 2.14.0-2

Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to 3.5.0 and 2.19.5, checking name constraints in X.509 certificates is quadratic in the number of names and name constraints...

CVE-2024-39312

Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. A bug in the parsing of name constraint extensions in X.509 certificates meant that if the extension included both permitted subtree...

UBUNTU-CVE-2024-34702

Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to 3.5.0 and 2.19.5, checking name constraints in X.509 certificates is quadratic in the number of names and name constraints...

UBUNTU-CVE-2024-39312

Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. A bug in the parsing of name constraint extensions in X.509 certificates meant that if the extension included both permitted subtree...

CVE-2024-39312

Botan CVE-2024-39312 affects the X.509 name-contraint check: when a certificate’s name is present in both permitted and excluded subtrees, the parser may erroneously accept it. The issue is resolved by upgrading Botan to 3.5.0 or 2.19.5 (fixed versions cited in multiple sources). The vulnerabilit...

CVE-2024-39312 Botan has an Authorization Error due to Name Constraint Decoding Bug

Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. A bug in the parsing of name constraint extensions in X.509 certificates meant that if the extension included both permitted subtree...

JVN#97422426 Hyper NIKKI System cross-site request forgery vulnerability

Impact If a weblog administrator accesses a malicious web page, an attacker could add, alter, or delete the weblog text. If the weblog text is successfully altered, the attacker could perform a cross-site scripting attack to steal cookie information of weblog readers including weblog administrato...