79 matches found
EUVD-2016-7612
Malware in sbrugna...
EUVD-2018-4411
Malware in sbrugna...
EUVD-2017-6875
Malware in sbrugna...
EUVD-2024-2051
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2016-6709
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An information disclosure vulnerability in Conscrypt and BoringSSL in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a man-in-the-middle...
Linux Distros Unpatched Vulnerability : CVE-2017-15423
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the low-order bits of SHA512password b...
OPENSUSE-SU-2024:10660-1 boringssl-devel-20200921-1.2 on GA media
These are all security issues fixed in the boringssl-devel-20200921-1.2 package on the GA media of openSUSE Tumbleweed...
PT-2024-40763 · Git +1 · Boringssl
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash caused by the use of an uninitialized value. The crash occurs in the ssl str to group ids function, which is called by SS...
BIT-ENVOY-2022-21656 X.509 subjectAltName matching bypass in Envoy
Envoy is an open source edge and service proxy, designed for cloud-native applications. The defaultvalidator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames. This processing allows, for example, an rfc822Na...
CVE-2022-48566
A constant-time-defeating optimization issue was found in python. This issue occurs when sending a specially crafted request, which could allow an attacker to obtain sensitive information. Mitigation As per upstream, either make the accumulator variable result a volatile unsigned char instead of...
SUSE CVE-2017-15423
Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak the low-order bits of SHA512password by inspecting protocol traffic...
OpenSSL 3.0.7 security fix: Should Opera users be worried?
Security OpenSSL 3.0.7 security fix: Should Opera users be worried? Share November 3rd, 2022 Hi everyone! The OpenSSL 3.0.7 security-fix release fixes high-priority vulnerabilities in the OpenSSL open-source cryptography library, specifically CVE-2022-3602 and CVE-2022-3786. The vulnerabilities...
Slackware: Security Advisory (SSA:2015-190-01)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-21656
Envoy is an open source edge and service proxy, designed for cloud-native applications. The defaultvalidator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames. This processing allows, for example, an rfc822Na...
Type confusion
Envoy is an open source edge and service proxy, designed for cloud-native applications. The defaultvalidator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames. This processing allows, for example, an rfc822Na...
CVE-2022-21656 X.509 subjectAltName matching bypass in Envoy
Envoy is an open source edge and service proxy, designed for cloud-native applications. The defaultvalidator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames. This processing allows, for example, an rfc822Na...
CVE-2022-21656 X.509 subjectAltName matching bypass in Envoy
Envoy is an open source edge and service proxy, designed for cloud-native applications. The defaultvalidator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames. This processing allows, for example, an rfc822Na...
Private Set Membership (PSM) - Cryptographic Protocol That Allows Clients To Privately Query
Private Set Membership PSM is a cryptographic protocol that allows clients to privately query whether the client's identifier is a member of a set of identifiers held by a server in a privacy-preserving manner. At a high level, PSM provides the following privacy guarantees: The server does not...
cryptofuzz:cryptofuzz-boringssl-noasm: Segv on unknown address with empty stacktrace
Detailed Report: https://oss-fuzz.com/testcase?key=5151216529833984 Project: cryptofuzz Fuzzing Engine: libFuzzer Fuzz Target: cryptofuzz-boringssl-noasm Job Type: libfuzzermsancryptofuzz Platform Id: linux Crash Type: Segv on unknown address Crash Address: Crash State: NULL Sanitizer: memory MSA...
cryptofuzz:cryptofuzz-boringssl: Heap-buffer-overflow in mp_toradix
Project: https://github.com/guidovranken/cryptofuzz.git Detailed Report: https://oss-fuzz.com/testcase?key=5692555180900352 Project: cryptofuzz Fuzzing Engine: libFuzzer Fuzz Target: cryptofuzz-boringssl Job Type: libfuzzerasancryptofuzz Platform Id: linux Crash Type: Heap-buffer-overflow WRITE 1...