113 matches found
Amazon Linux AMI : openssl (ALAS-2016-695)
A vulnerability was discovered that allows a man-in-the-middle attacker to use a padding oracle attack to decrypt traffic on a connection using an AES CBC cipher with a server supporting AES-NI. CVE-2016-2107 , Important It was discovered that the ASN.1 parser can misinterpret a large universal t...
Vulnerability in OpenSSL - Memory corruption in the ASN.1 encoder
This issue affected versions of OpenSSL prior to April 2015. The bug causing the vulnerability was fixed on April 18th 2015, and released as part of the June 11th 2015 security releases. The security impact of the bug was not known at the time. In previous versions of OpenSSL, ASN.1 encoding the...
Apple OS X ASN.1 Parser Memory Corruption Vulnerability (CNVD-2015-08144)
Apple OS X is an operating system developed by Apple Inc. A security vulnerability in the handling of special certificates by the Apple OS X ASN.1 resolver allows attackers to conduct denial of service attacks or execute arbitrary code by submitting a certificate request...
CVE-2005-1730
Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in Novell iManager 2.0.2, allows remote attackers to cause a denial of service NULL pointer dereference via crafted packets, as demonstrated by "OpenSSL ASN.1 brute forcer." NOTE: this issue might overlap CVE-2004-0079, CVE-2004-0081, ...
openSUSE Security Update : openssl (openSUSE-SU-2012:0414-1)
Specially crafted MIME headers could crash openssl's ASN.1 parser %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-174. The text description of this plugin is C SUSE LLC...
Debian DSA-2922-1 : strongswan - security update
A vulnerability has been found in the ASN.1 parser of strongSwan, an IKE/IPsec suite used to establish IPsec protected links. By sending a crafted IDDERASN1DN ID payload to a vulnerable pluto or charon daemon, a malicious remote user can provoke a NULL pointer dereference in the daemon parsing th...
DSA-2922-1 strongswan - security update
Bulletin has no description...
Debian Security Advisory DSA 2922-1 (strongswan - security update)
A vulnerability has been found in the ASN.1 parser of strongSwan, an IKE/IPsec suite used to establish IPsec protected links. By sending a crafted IDDERASN1DN ID payload to a vulnerable pluto or charon daemon, a malicious remote user can provoke a null pointer dereference in the daemon parsing th...
Debian: Security Advisory (DSA-2922-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 2789-1] strongswan security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2789-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez November 01, 2013 http://www.debian.org/security/faq -...
DSA-2789-1 strongswan - Denial of service and authorization bypass
Bulletin has no description...
Debian Security Advisory DSA 2789-1 (strongswan - Denial of service and authorization bypass)
A vulnerability has been found in the ASN.1 parser of strongSwan, an IKE daemon used to establish IPsec protected links. By sending a crafted IDDERASN1DN ID payload to a vulnerable pluto or charon daemon, a malicious remote user can provoke a denial of service daemon crash or an authorization...
Debian: Security Advisory (DSA-2789-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SuSE 10 Security Update : strongswan (ZYPP Patch Number 6529)
The previous fix for a flaw in the ASN.1 parser was incomplete and had to be reworked. CVE-2009-2661 This could lead to crashes of the pluto IKE daemon. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...
openSUSE 10 Security Update : openswan (openswan-6481)
The previous fix for a flaw in the ASN.1 parser was incomplete and had to be reworked. CVE-2009-2661 This could lead to crashes of the pluto IKE daemon. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Securit...
SuSE 11 Security Update : openswan (SAT Patch Number 1296)
The previous fix for a flaw in the ASN.1 parser was incomplete and had to be reworked. CVE-2009-2661 This could lead to crashes of the pluto IKE daemon. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update...
SuSE 11 Security Update : strongswan (SAT Patch Number 1042)
Two vulnerabilities in the strongswan ASN.1 parser when handling RDNs, UTCTIME and GENERALIZEDTIME strings could lead to remote crashes of the pluto daemon. CVE-2009-2185 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fro...
SuSE 10 Security Update : openswan (ZYPP Patch Number 6478)
The previous fix for a flaw in the ASN.1 parser was incomplete and had to be reworked. CVE-2009-2661 This could lead to crashes of the pluto IKE daemon. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc';...
SuSE 11 Security Update : strongswan (SAT Patch Number 1283)
The previous fix for a flaw in the ASN.1 parser was incomplete and had to be reworked. CVE-2009-2661 This could lead to crashes of the pluto IKE daemon. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11 update...
SuSE 11 Security Update : Kerberos (SAT Patch Number 738)
Clients sending negotiation requests with invalid flags could crash the kerberos server. CVE-2009-0845 GSS-API clients could crash when reading from an invalid address space. CVE-2009-0844 Invalid length checks could crash applications using the kerberos ASN.1 parser. CVE-2009-0847 Under certain...