Dell BSAFE Crypto-C _A_DecodeType out-of-bounds read vulnerability

Talos Vulnerability Report TALOS-2025-2140 Dell BSAFE Crypto-C ADecodeType out-of-bounds read vulnerability October 16, 2025 CVE Number CVE-2019-3728 SUMMARY An integer overflow vulnerability exists in the ADecodeType functionality of Dell BSAFE Crypto-C xxx. A specially crafted ASN.1 record can...

Amazon Linux 2023 : squid (ALAS2023-2025-1219)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1219 advisory. Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asnbuildobjid in lib/snmplib/asn1.c. CVE-2025-59362 Tenable has extracted the preceding description block directly from the...

EUVD-2020-20680

Malware in sbrugna...

EUVD-2018-0660

Malware in sbrugna...

EUVD-2015-0302

Malware in sbrugna...

EUVD-2018-0506

Malware in sbrugna...

EUVD-2025-10288

Malicious code in bioql PyPI...

CVE-2025-59362

Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asnbuildobjid in lib/snmplib/asn1.c...

CVE-2025-32029

ts-asn1-der is a collection of utility classes to encode ASN.1 data following DER rule. Incorrect number DER encoding can lead to denial on service for absolute values in the range 231 -- 232 - 1. The arithmetic in the numBitLen didn't take into account that values in this range could result in a...

Siemens SCALANCE X-200RNA Switch Devices NULL Pointer Dereference (CVE-2015-0289)

The PKCS7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service NULL pointer dereference and application crash by leveraging an applicati...

SUSE CVE-2016-1000342

In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of...

MGASA-2021-0022 Updated krb5 packages fix a security vulnerability

MIT Kerberos 5 aka krb5 before 1.17.2 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1encode.c support for BER indefinite lengths lacks a recursion limit CVE-2020-28196...

Huawei EulerOS: Security Advisory for openssl098e (EulerOS-SA-2020-2076)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : openssl098e (EulerOS-SA-2020-2076)

According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The PKCS7dataDecodefunction in crypto/pkcs7/pk7doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before...

jsrsasign

This is an open-source JavaScript library called jsrsasign, which provides cryptographic functions for RSA/RSAPSS/ECDSA/DSA signing and validation, ASN.1, PKCS1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, and CAdES. The library is available on Node.js and...

In Bouncy Castle JCE Provider ECDSA does not fully validate ASN.1 encoding of signature on verification

In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of...

bouncycastle: DSA does not fully validate ASN.1 encoding during signature verification allowing for injection of unsigned data

In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of...

bouncycastle: ECDSA improper validation of ASN.1 encoding of signature

In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of...

Updated bouncycastle packages fix security vulnerabilities

Updated bouncycastle packages fix security vulnerabilities: Ensure full validation of ASN.1 encoding of signature on verification. It was possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may have allowed the introduction of...

MGASA-2018-0376 Updated bouncycastle packages fix security vulnerabilities

Updated bouncycastle packages fix security vulnerabilities: Ensure full validation of ASN.1 encoding of signature on verification. It was possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may have allowed the introduction of...