Lucene search
K

81 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:45 a.m.6 views

SUSE CVE-2017-9023

The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service infinite loop via a crafted certificate...

5.9CVSS6.8AI score0.02222EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:19 a.m.3 views

SUSE CVE-2018-1000654

GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in asn1expandobjectidptree, after a long time, the program will be killed. This attack appears to be exploitable via...

6.2CVSS6.9AI score0.02008EPSS
Exploits1References36
Tenable Nessus
Tenable Nessus
added 2020/11/23 12:0 a.m.40 views

Debian DSA-4795-1 : krb5 - security update

Demi Obeneour discovered that unbounded recursion in the ASN1 parser of libkrb5 could result in denial of service. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4795. The text itself is copyright C Software...

7.5CVSS7.5AI score0.04365EPSS
Exploits0References4
Debian
Debian
added 2020/11/21 6:19 p.m.137 views

[SECURITY] [DSA 4795-1] krb5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4795-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 21, 2020 https://www.debian.org/security/faq -...

7.5CVSS7.8AI score0.04365EPSS
Exploits0
OSV
OSV
added 2018/08/20 7:31 p.m.1 views

ALPINE-CVE-2018-1000654

GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in asn1expandobjectidptree, after a long time, the program will be killed. This attack appears to be exploitable via...

5.5CVSS6.8AI score0.02008EPSS
Exploits1References1
OSV
OSV
added 2018/08/20 7:31 p.m.3 views

DEBIAN-CVE-2018-1000654

GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in asn1expandobjectidptree, after a long time, the program will be killed. This attack appears to be exploitable via...

5.5CVSS6.1AI score0.02008EPSS
Exploits1References1
OSV
OSV
added 2018/08/20 7:31 p.m.4 views

UBUNTU-CVE-2018-1000654

GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in asn1expandobjectidptree, after a long time, the program will be killed. This attack appears to be exploitable via...

5.5CVSS6.4AI score0.02008EPSS
Exploits1References3
OSV
OSV
added 2017/06/08 4:29 p.m.4 views

ALPINE-CVE-2017-9023

The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service infinite loop via a crafted certificate...

7.5CVSS6.8AI score0.02222EPSS
Exploits0References1
OSV
OSV
added 2017/06/08 4:29 p.m.2 views

DEBIAN-CVE-2017-9023

The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service infinite loop via a crafted certificate...

7.5CVSS8.6AI score0.02222EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2017/06/08 4:0 p.m.1 views

CVE-2017-9023

The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service infinite loop via a crafted certificate...

6.3AI score0.02222EPSS
Exploits0References4
CNVD
CNVD
added 2017/05/31 12:0 a.m.5 views

strongSwan ASN.1 Parser Denial of Service Vulnerability

strongSwan is an open source IPsec-based VPN solution for Linux platforms maintained by Andreas Steffen, a Swiss software developer. The solution includes authentication mechanisms such as X.509 public key certificates, secure storage of private keys, smart cards, etc. The ASN.1 parser is a tool...

7.5CVSS7AI score0.02222EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2016/03/07 12:0 a.m.36 views

SUSE SLED11 Security Update : compat-openssl097g (SUSE-SU-2016:0631-1) (DROWN)

This update for compat-openssl097g fixes the following issues : - CVE-2016-0800 aka the 'DROWN' attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA...

10CVSS7.8AI score0.82112EPSS
Exploits2References22
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.375 views

SUSE SLED11 / SLES11 Security Update : openssl (SUSE-SU-2016:0624-1) (DROWN)

This update for openssl fixes various security issues and bugs : Security issues fixed : - CVE-2016-0800 aka the 'DROWN' attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as...

10CVSS7.8AI score0.82112EPSS
Exploits2References26
OPENSUSE Linux
OPENSUSE Linux
added 2016/03/02 11:12 p.m.45 views

Security update for openssl (important)

This update for openssl fixes various security issues: Security issues fixed: - CVE-2016-0800 aka the "DROWN" attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a...

10CVSS1.3AI score0.83645EPSS
Exploits2References9
OPENSUSE Linux
OPENSUSE Linux
added 2016/03/02 12:11 p.m.96 views

Security update for openssl (important)

This update for openssl fixes the following issues: Security issues fixed: - CVE-2016-0800 aka the "DROWN" attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a...

10CVSS0.7AI score0.82112EPSS
Exploits2References7
RedHat Linux
RedHat Linux
added 2012/07/17 6:9 p.m.6 views

nss: NSS parsing errors with zero length items

The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services NSS before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a...

5CVSS7.4AI score0.02945EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2009/06/25 2:0 a.m.3 views

CVE-2009-2185

The ASN.1 parser pluto/asn1.c, libstrongswan/asn1/asn1.c, libstrongswan/asn1/asn1parser.c in a strongSwan 2.8 before 2.8.10, 4.2 before 4.2.16, and 4.3 before 4.3.2; and b openSwan 2.6 before 2.6.22 and 2.4 before 2.4.15 allows remote attackers to cause a denial of service pluto IKE daemon crash...

5CVSS5.6AI score0.02372EPSS
Exploits0References25
ALT Linux
ALT Linux
added 2006/09/27 12:0 a.m.81 views

Security fix for the ALT Linux 9 package openssl10 version 0.9.7g-alt5

Sept. 27, 2006 Dmitry V. Levin 0.9.7g-alt5 - Applied upstream fixes for DoS bugs in ASN1 parser CVE-2006-2937, CVE-2006-2940. - Applied fix for buffer overflow in SSLgetsharedciphers, discovery and patch from Tavis Ormandy and Will Drewry of the Google Security Team CVE-2006-3738. - Applied fix f...

10CVSS7.5AI score0.48575EPSS
Exploits10
ALT Linux
ALT Linux
added 2006/09/27 12:0 a.m.106 views

Security fix for the ALT Linux 8 package openssl10 version 0.9.7g-alt5

Sept. 27, 2006 Dmitry V. Levin 0.9.7g-alt5 - Applied upstream fixes for DoS bugs in ASN1 parser CVE-2006-2937, CVE-2006-2940. - Applied fix for buffer overflow in SSLgetsharedciphers, discovery and patch from Tavis Ormandy and Will Drewry of the Google Security Team CVE-2006-3738. - Applied fix f...

10CVSS7.4AI score0.48575EPSS
Exploits10
Tenable Nessus
Tenable Nessus
added 2004/07/31 12:0 a.m.37 views

Mandrake Linux Security Advisory : openssl (MDKSA-2002:046-1)

An audit of the OpenSSL code by A.L. Digital Ltd and The Bunker, under the DARPA program CHATS, discovered a number of vulnerabilities in the OpenSSL code that are all potentially remotely exploitable. From the OpenSSL advisory : 1. The client master key in SSL2 could be oversized and overrun a...

7.5CVSS6.1AI score0.8982EPSS
Exploits2References3
Rows per page
Query Builder