28 matches found
EUVD-2026-23819
In the Linux kernel, the following vulnerability has been resolved: X.509: Fix out-of-bounds access when parsing extensions Leo reports an out-of-bounds access when parsing a certificate with empty Basic Constraints or Key Usage extension because the first byte of the extension is read before...
CVE-2026-31430
In the Linux kernel, the following vulnerability has been resolved: X.509: Fix out-of-bounds access when parsing extensions Leo reports an out-of-bounds access when parsing a certificate with empty Basic Constraints or Key Usage extension because the first byte of the extension is read before...
CVE-2026-31789
Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker controlled code execution or other undefined behavior. If an attacker c...
DEBIAN-CVE-2026-31789
Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker controlled code execution or other undefined behavior. If an attacker c...
CVE-2026-31789 Heap Buffer Overflow in Hexadecimal Conversion
Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker controlled code execution or other undefined behavior. If an attacker c...
OpenSSL 3.0.0 < 3.0.20 Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 3.0.20. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.0.20 advisory. - Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bi...
UBUNTU-CVE-2026-31789
Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker controlled code execution or other undefined behavior. If an attacker c...
EUVD-2023-41210
Malicious code in bioql PyPI...
Botan Security Vulnerabilities
Botan is a library of cryptographic algorithms written in C++. It supports a variety of algorithms including AES, DES, SHA-1, RSA, DSA and Diffie-Hellman. A security vulnerability exists in Botan that stems from an error in the parsing of name-constrained extensions in X.509 certificates, which...
CVE-2023-37306
MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages...
PT-2023-25897 · Misp · Misp
Name of the Vulnerable Software and Affected Versions: MISP version 2.4.172 Description: The issue arises from MISP's mishandling of different certificate file extensions during server sync, leading to sensitive information disclosure through error messages. Recommendations: For MISP version...
MISP 安全漏洞
MISP is an open source software solution. The product is used to collect, store, distribute, and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A security vulnerability exists in MISP version 2.4.172, which stems from the incorrect...
CVE-2021-23047
On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, and all versions of 13.1.x, 12.1.x and 11.6.x, when BIG-IP APM performs Online Certificate Status Protocol OCSP verification of a certificate that contains Authority Information Access AIA, undisclosed requests may cau...
UBUNTU-CVE-2019-15651
wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/src/asn.c because reading the ASNBOOLEAN byte is mishandled for a crafted DER certificate in GetLengthex...
RHEL 5 : java-1.4.2-ibm-sap (RHSA-2012:1332)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:1332 advisory. IBM J2SE version 1.4.2 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several...
openSUSE Security Update : openSUSE-2014- (openSUSE-2014--1)
MozillaFirefox was updated to version 31 to fix various security issues and bugs : - MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 Miscellaneous memory safety hazards - MFSA 2014-57/CVE-2014-1549 bmo1020205 Buffer overflow during Web Audio buffering for playback - MFSA 2014-58/CVE-2014-1550 bmo1020411...
OpenJDK: CRL and certificate extensions handling improvements (Security, 7143872)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.237 and earlier allows remote attackers to affect availability via unknown vectors related to Security...
OpenJDK: CRL and certificate extensions handling improvements (Security, 7143872)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.237 and earlier allows remote attackers to affect availability via unknown vectors related to Security...
OpenJDK: CRL and certificate extensions handling improvements (Security, 7143872)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.237 and earlier allows remote attackers to affect availability via unknown vectors related to Security...
OpenJDK: CRL and certificate extensions handling improvements (Security, 7143872)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.237 and earlier allows remote attackers to affect availability via unknown vectors related to Security...