9407 matches found
DEBIAN-CVE-2009-0130
lib/crypto/csrc/cryptodrv.c in erlang does not properly check the return value from the OpenSSL DSAdoverify function, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a package...
Input validation
plugins/crypto/openssl/cryptoopenssl.c in Simple Linux Utility for Resource Management aka SLURM or slurm-llnl does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS...
mplayer -- twinvq processing buffer overflow vulnerability
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Design/Logic Flaw
The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated again...
Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and Cisco ASA
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco PIX and Cisco ASA Advisory ID: cisco-sa-20081022-asa http://www.cisco.com/warp/public/707/cisco-sa-20081022-asa.shtml Revision 1.0 For Public Release 2008 October 22 1600 UTC GMT Summary =====...
Cisco PIX / ASA multiple security vulnerabilities
Windows NT domain authentication bypass, IPv6 DoS, DoS because of memory leak in crypto accelerator...
Debian Security Advisory DSA 1627-2 (opensc)
The remote host is missing an update to opensc announced via advisory DSA 1627-2. OpenVAS Vulnerability Test $Id: deb16272.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1627-2 opensc Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
SuSE 10 Security Update : IBM Java 1.5 (ZYPP Patch Number 5591)
IBM Java 5 was updated to SR8 to fix various security issues : - Multiple vulnerabilities with unsigned applets were reported. A remote attacker could misuse an unsigned applet to connect to localhost services running on the host running the applet. CVE-2008-3104 - A vulnerability in the XML...
[SECURITY] [DSA 1627-2] New opensc package fix incomplete check
------------------------------------------------------------------------ Debian Security Advisory DSA-1627-2 [email protected] http://www.debian.org/security/ Thijs Kinkhorst August 31, 2008 http://www.debian.org/security/faq -...
Debian DSA-1627-2 : opensc - programming error
Chaskiel M Grundman discovered that opensc, a library and utilities to handle smart cards, would initialise smart cards with the Siemens CardOS M4 card operating system without proper access rights. This allowed everyone to change the card's PIN. With this bug anyone can change a user PIN without...
[SECURITY] [DSA 1627-1] New opensc packages fix smart card vulnerability
------------------------------------------------------------------------ Debian Security Advisory DSA-1627-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst August 04, 2008 http://www.debian.org/security/faq -...
DSA-1627-2 opensc - smart card vulnerability
Bulletin has no description...
CVE-2008-2235
OpenSC before 0.11.5 uses weak permissions ADMIN file control information of 00 for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN...
Design/Logic Flaw
OpenSC before 0.11.5 uses weak permissions ADMIN file control information of 00 for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN...
CVE-2008-2235
OpenSC before 0.11.5 uses weak permissions ADMIN file control information of 00 for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN...
CVE-2008-2235
OpenSC (pre-0.11.5) is affected by CVE-2008-2235 due to weak permissions on the 5015 directory for Siemens CardOS M4 smart cards and USB tokens, allowing a physically proximate attacker to change the PIN. The OpenSC/OpenSC-devel packages are the impacted components; the root cause is improper acc...
CVE-2008-2235
OpenSC before 0.11.5 uses weak permissions ADMIN file control information of 00 for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN...
Design/Logic Flaw
Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List CRL checks by using an arbitrary URL from a certificate embedded in a 1 S/MIME e-mail message or 2 signed document, which allows remote attackers to obtai...
CVE-2008-3068
Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List CRL checks by using an arbitrary URL from a certificate embedded in a 1 S/MIME e-mail message or 2 signed document, which allows remote attackers to obtai...
CVE-2008-3068
Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List CRL checks by using an arbitrary URL from a certificate embedded in a 1 S/MIME e-mail message or 2 signed document, which allows remote attackers to obtai...