Lucene search
K

161 matches found

Snyk
Snyk
added 2023/06/14 12:0 a.m.3 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. A vulnerability exists in .NET when processing malicious X.509 client certificates that may consume excessive CPU. Details Denial of Service DoS describes a family of attacks, all aimed at making a system...

7.5CVSS7.8AI score0.02627EPSS
Exploits0References2
Snyk
Snyk
added 2023/06/14 12:0 a.m.3 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. A vulnerability exists in .NET when processing malicious X.509 client certificates that may consume excessive CPU. Details Denial of Service DoS describes a family of attacks, all aimed at making a system...

7.5CVSS7.8AI score0.02627EPSS
Exploits0References2
Snyk
Snyk
added 2023/06/14 12:0 a.m.6 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. A vulnerability exists in .NET when processing malicious X.509 client certificates that may consume excessive CPU. Details Denial of Service DoS describes a family of attacks, all aimed at making a system...

7.5CVSS7.1AI score0.02627EPSS
Exploits0References2
Snyk
Snyk
added 2023/06/14 12:0 a.m.5 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. A vulnerability exists in .NET when processing malicious X.509 client certificates that may consume excessive CPU. Details Denial of Service DoS describes a family of attacks, all aimed at making a system...

7.5CVSS7.1AI score0.02627EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/05/31 2:48 a.m.4 views

SUSE CVE-2023-2650

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...

6.5CVSS6.7AI score0.73461EPSS
Exploits0References125
OSV
OSV
added 2023/05/30 2:15 p.m.2 views

DEBIAN-CVE-2023-2650

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...

6.5CVSS6.4AI score0.73461EPSS
Exploits0References1
OSV
OSV
added 2023/05/30 12:0 a.m.2 views

UBUNTU-CVE-2023-2650

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...

6.5CVSS6.6AI score0.73461EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2023/04/12 12:0 a.m.5 views

The vulnerability in operating systems such as MacOS, iOS, tvOS, iPadOS, and watchOS, related to uncontrolled resource consumption during certificate processing, allows attackers to trigger service failures.

The vulnerability of operating systems such as MacOS, iOS, tvOS, iPadOS, and watchOS is related to an uncontrolled consumption of resources during the processing of certificates. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

7.8CVSS7.1AI score0.00605EPSS
Exploits0References5Affected Software5
OSV
OSV
added 2023/02/27 8:15 p.m.3 views

CVE-2023-23524

A denial-of-service issue was addressed with improved input validation. This issue is fixed in tvOS 16.3.2, iOS 16.3.1 and iPadOS 16.3.1, watchOS 9.3.1, macOS Ventura 13.2.1. Processing a maliciously crafted certificate may lead to a denial-of-service...

7.5CVSS5.8AI score0.00605EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/02/14 12:0 a.m.7 views

PT-2023-4721 · Unified Automation · Uagateway

Name of the Vulnerable Software and Affected Versions: Unified Automation UaGateway affected versions not specified Description: The issue is related to incorrect certificate validation due to an integer overflow when processing the certificate length field. This allows a remote attacker to creat...

8.6CVSS8.7AI score0.00754EPSS
Exploits0References6
Apple
Apple
added 2023/02/13 12:0 a.m.40 views

About the security content of watchOS 9.3.1

About the security content of watchOS 9.3.1 This document describes the security content of watchOS 9.3.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...

7.5CVSS7.7AI score0.00605EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/05/30 12:0 a.m.5 views

The vulnerability of the c_rehash implementation in the OpenSSL library allows a hacker to execute arbitrary commands.

The vulnerability of the crehash implementation in the OpenSSL library is related to the failure to take measures to neutralize metasymbols during certificate processing in /etc/ssl/certs/. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

8.1CVSS7.1AI score0.83223EPSS
Exploits5References21Affected Software11
OSV
OSV
added 2022/05/24 7:12 p.m.37 views

GHSA-Q9WJ-F4QW-6VFJ Read buffer overruns processing ASN.1 strings

ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL 0 byte...

7.4CVSS7.9AI score0.50445EPSS
Exploits0References31
RedHat Linux
RedHat Linux
added 2021/12/07 3:47 p.m.6 views

nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS)

A remote code execution flaw was found in the way NSS verifies certificates. This flaw allows an attacker posing as an SSL/TLS server to trigger this issue in a client application compiled with NSS when it tries to initiate an SSL/TLS connection. Similarly, a server application compiled with NSS,...

9.8CVSS7.7AI score0.17563EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2021/12/06 9:9 a.m.9 views

nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS)

A remote code execution flaw was found in the way NSS verifies certificates. This flaw allows an attacker posing as an SSL/TLS server to trigger this issue in a client application compiled with NSS when it tries to initiate an SSL/TLS connection. Similarly, a server application compiled with NSS,...

9.8CVSS7.7AI score0.17563EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2021/10/20 12:0 a.m.9 views

The vulnerability of the gpg2 utility arises from writing beyond the allocated memory space, allowing a perpetrator to cause a service failure.

The vulnerability of the gpg2 utility arises from writing beyond the allocated memory. Exploiting this vulnerability can allow an attacker to cause a service failure upon processing a certificate file that is specially crafted...

4CVSS5.5AI score
Exploits0Affected Software2
OSV
OSV
added 2021/09/28 3:15 p.m.6 views

CVE-2021-37106

There is a command injection vulnerability in CMA service module of FusionCompute 6.3.0, 6.3.1, 6.5.0 and 8.0.0 when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user...

7.2CVSS7.1AI score0.00898EPSS
Exploits0References1
OSV
OSV
added 2021/08/24 3:15 p.m.13 views

AZL-6780 CVE-2021-3712 affecting package openssl for versions less than 1.1.1k-11

ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL 0 byte...

7.4CVSS6.8AI score0.50445EPSS
Exploits0References1
OSV
OSV
added 2021/08/24 3:15 p.m.4 views

DEBIAN-CVE-2021-3712

ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL 0 byte...

7.4CVSS6.8AI score0.50445EPSS
Exploits0References1
Prion
Prion
added 2021/08/24 3:15 p.m.41 views

Buffer overflow

ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL 0 byte...

5.8CVSS7.8AI score0.50445EPSS
Exploits0References20Affected Software25
Rows per page
Query Builder