Security update for libtomcrypt (moderate)

openSUSE Security Update: Security update for libtomcrypt Announcement ID: openSUSE-SU-2019:2514-1 Rating: moderate References: 1153433 Cross-References: CVE-2019-17362 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for...

openSUSE Security Update : libtomcrypt (openSUSE-2019-2514)

This update for libtomcrypt fixes the following issue : CVE-2019-17362: Fixed an improper detection of invalid UTF-8 sequences that could have led to DoS or information disclosure via crafted DER-encoded data bsc1153433. This update was imported from the SUSE:SLE-15:Update update project. C Tenab...

openSUSE Security Update : libtomcrypt (openSUSE-2019-2454)

This update for libtomcrypt fixes the following issue : CVE-2019-17362: Fixed an improper detection of invalid UTF-8 sequences that could have led to DoS or information disclosure via crafted DER-encoded data bsc1153433. This update was imported from the SUSE:SLE-15:Update update project...

openSUSE: Security Advisory for libtomcrypt (openSUSE-SU-2019:2454-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for libtomcrypt (moderate)

openSUSE Security Update: Security update for libtomcrypt Announcement ID: openSUSE-SU-2019:2454-1 Rating: moderate References: 1153433 Cross-References: CVE-2019-17362 Affected Products: openSUSE Leap 15.0 An update that fixes one vulnerability is now available. Description: This update for...

EulerOS 2.0 SP3 : openssl098e (EulerOS-SA-2019-2271)

According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer overflow flaw, leading to a buffer overflow, was found in the way the EVPEncryptUpdate function of OpenSSL parsed very large...

Denial Of Service (DoS)

libtomcrypt.so is vulnerable to denial of service DoS. The attack is possible because it does not properly handle detection of invalid UTF-8 sequences in the function derdecodeutf8string when an malicious DER-encoded data, causing memory leaks...

Debian: Security Advisory (DLA-1951-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-17362

In LibTomCrypt through 1.18.2, the derdecodeutf8string function in derdecodeutf8string.c does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service out-of-bounds read and crash or read information from other memory locations via...

Out-of-bounds

In LibTomCrypt through 1.18.2, the derdecodeutf8string function in derdecodeutf8string.c does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service out-of-bounds read and crash or read information from other memory locations via...

CVE-2019-17362

In LibTomCrypt through 1.18.2, the derdecodeutf8string function in derdecodeutf8string.c does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service out-of-bounds read and crash or read information from other memory locations via...

CVE-2019-17362

In LibTomCrypt through 1.18.2, the derdecodeutf8string function in derdecodeutf8string.c does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service out-of-bounds read and crash or read information from other memory locations via...

DEBIAN-CVE-2019-1010083

The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656...

PT-2019-11460 · Pallets +1 · Flask +1

Name of the Vulnerable Software and Affected Versions: The Pallets Project Flask versions prior to 1.0 Description: The issue is related to unexpected memory usage, which can lead to denial of service. The attack vector involves crafted encoded JSON data. Recommendations: For versions prior to 1....

Server side request forgery (ssrf)

Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF...

Exploiting Blind Java Deserialization with Burp and Ysoserial

While performing a web application penetration test, I stumbled upon a parameter with some base64 encoded data within a POST parameter. Curious as to what it was, I sent it over to Burp decoder...

DEBIAN-CVE-2018-14359

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer overflow via base64 data...

Security Bulletin: TS3000 (TSSC/IMC) is affected by OpenSSL vulnerabilities

Summary The Total Storage System Console/TS4500 Integrated Management Console is affected by seven security vulnerabilities related to OpenSSL. Vulnerability Details CVEID: CVE-2015-0209 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a...

Denial Of Service (DoS)

libtasn1.so is vulnerable to denial of service DoS. The attack exists because it allows a two-byte stack overflow while decoding DER encoded data in asn1derdecoding, leading to the DoS attack and possibly other attacks...

Node.js third-party modules: `njwt` allocates uninitialized Buffers when number is passed in base64urlEncode input

I would like to report an uninitialized Buffer allocation issue in njwt. It allows to extract sensitive data from uninitialized memory or to cause a DoS by passing in a large number, in setups where typed user input can be passed e.g. from JSON. Module module name: njwt version: 0.4.0 npm page:...