Lucene search
K

9407 matches found

OSV
OSV
added 2009/01/15 5:30 p.m.1 views

DEBIAN-CVE-2009-0130

lib/crypto/csrc/cryptodrv.c in erlang does not properly check the return value from the OpenSSL DSAdoverify function, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a package...

7.5CVSS7.2AI score0.0122EPSS
Exploits1References1
Prion
Prion
added 2009/01/15 5:30 p.m.16 views

Input validation

plugins/crypto/openssl/cryptoopenssl.c in Simple Linux Utility for Resource Management aka SLURM or slurm-llnl does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS...

5CVSS6.4AI score0.05146EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2009/01/02 12:0 a.m.31 views

mplayer -- twinvq processing buffer overflow vulnerability

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

10CVSS6.3AI score0.07694EPSS
Exploits0References3
Prion
Prion
added 2008/12/17 8:30 p.m.19 views

Design/Logic Flaw

The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated again...

7.5CVSS6.9AI score0.03346EPSS
Exploits0References3Affected Software1
securityvulns
securityvulns
added 2008/10/23 12:0 a.m.118 views

Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and Cisco ASA

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and Cisco ASA Advisory ID: cisco-sa-20081022-asa http://www.cisco.com/warp/public/707/cisco-sa-20081022-asa.shtml Revision 1.0 For Public Release 2008 October 22 1600 UTC GMT Summary =====...

7.8CVSS0.9AI score0.02945EPSS
Exploits3
securityvulns
securityvulns
added 2008/10/23 12:0 a.m.46 views

Cisco PIX / ASA multiple security vulnerabilities

Windows NT domain authentication bypass, IPv6 DoS, DoS because of memory leak in crypto accelerator...

7.8CVSS3.2AI score0.02945EPSS
Exploits3References1Affected Software1
OpenVAS
OpenVAS
added 2008/09/17 12:0 a.m.23 views

Debian Security Advisory DSA 1627-2 (opensc)

The remote host is missing an update to opensc announced via advisory DSA 1627-2. OpenVAS Vulnerability Test $Id: deb16272.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1627-2 opensc Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

4.9CVSS0.5AI score0.00393EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2008/09/14 12:0 a.m.39 views

SuSE 10 Security Update : IBM Java 1.5 (ZYPP Patch Number 5591)

IBM Java 5 was updated to SR8 to fix various security issues : - Multiple vulnerabilities with unsigned applets were reported. A remote attacker could misuse an unsigned applet to connect to localhost services running on the host running the applet. CVE-2008-3104 - A vulnerability in the XML...

10CVSS8.7AI score0.25727EPSS
Exploits5References14
Debian
Debian
added 2008/08/31 10:37 a.m.21 views

[SECURITY] [DSA 1627-2] New opensc package fix incomplete check

------------------------------------------------------------------------ Debian Security Advisory DSA-1627-2 [email protected] http://www.debian.org/security/ Thijs Kinkhorst August 31, 2008 http://www.debian.org/security/faq -...

4.9CVSS6.2AI score0.00393EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2008/08/05 12:0 a.m.27 views

Debian DSA-1627-2 : opensc - programming error

Chaskiel M Grundman discovered that opensc, a library and utilities to handle smart cards, would initialise smart cards with the Siemens CardOS M4 card operating system without proper access rights. This allowed everyone to change the card's PIN. With this bug anyone can change a user PIN without...

4.9CVSS7.1AI score0.00393EPSS
Exploits1References2
Debian
Debian
added 2008/08/04 9:0 a.m.47 views

[SECURITY] [DSA 1627-1] New opensc packages fix smart card vulnerability

------------------------------------------------------------------------ Debian Security Advisory DSA-1627-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst August 04, 2008 http://www.debian.org/security/faq -...

4.9CVSS6.3AI score0.00393EPSS
Exploits1
OSV
OSV
added 2008/08/04 12:0 a.m.14 views

DSA-1627-2 opensc - smart card vulnerability

Bulletin has no description...

6.6CVSS6.3AI score0.00393EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2008/08/01 2:41 p.m.22 views

CVE-2008-2235

OpenSC before 0.11.5 uses weak permissions ADMIN file control information of 00 for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN...

4.9CVSS7.1AI score0.00393EPSS
Exploits1References1
Prion
Prion
added 2008/08/01 2:41 p.m.12 views

Design/Logic Flaw

OpenSC before 0.11.5 uses weak permissions ADMIN file control information of 00 for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN...

4.9CVSS6.2AI score0.00393EPSS
Exploits1References15Affected Software1
Debian CVE
Debian CVE
added 2008/08/01 2:0 p.m.45 views

CVE-2008-2235

OpenSC before 0.11.5 uses weak permissions ADMIN file control information of 00 for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN...

4.9CVSS6.2AI score0.00393EPSS
Exploits1
CVE
CVE
added 2008/08/01 2:0 p.m.62 views

CVE-2008-2235

OpenSC (pre-0.11.5) is affected by CVE-2008-2235 due to weak permissions on the 5015 directory for Siemens CardOS M4 smart cards and USB tokens, allowing a physically proximate attacker to change the PIN. The OpenSC/OpenSC-devel packages are the impacted components; the root cause is improper acc...

4.9CVSS7.3AI score0.00393EPSS
Exploits1References15Affected Software1
Cvelist
Cvelist
added 2008/08/01 2:0 p.m.46 views

CVE-2008-2235

OpenSC before 0.11.5 uses weak permissions ADMIN file control information of 00 for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN...

7.3AI score0.00393EPSS
Exploits1References15
Prion
Prion
added 2008/07/07 11:41 p.m.22 views

Design/Logic Flaw

Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List CRL checks by using an arbitrary URL from a certificate embedded in a 1 S/MIME e-mail message or 2 signed document, which allows remote attackers to obtai...

7.5CVSS7.1AI score0.17404EPSS
Exploits0References14Affected Software17
NVD
NVD
added 2008/07/07 11:41 p.m.31 views

CVE-2008-3068

Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List CRL checks by using an arbitrary URL from a certificate embedded in a 1 S/MIME e-mail message or 2 signed document, which allows remote attackers to obtai...

7.5CVSS6.6AI score0.17404EPSS
Exploits0References14
Cvelist
Cvelist
added 2008/07/07 11:0 p.m.35 views

CVE-2008-3068

Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List CRL checks by using an arbitrary URL from a certificate embedded in a 1 S/MIME e-mail message or 2 signed document, which allows remote attackers to obtai...

6.6AI score0.17404EPSS
Exploits0References14
Rows per page
Query Builder