229 matches found
SSL Certificate Fails to Adhere to Basic Constraints / Key Usage Extensions
An X.509 certificate sent by the remote host contains one or more violations of the restrictions imposed on it by RFC 5280. This means that either a root or intermediate Certificate Authority signed a certificate incorrectly. Certificates that fail to adhere to the restrictions in their extension...
CVE-2010-0525
Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during processing of a keychain that specifies multiple certificates for an e-mail recipient, which might make it easier for remote attackers to obtain sensitive information via a brute-force attack on a weakly...
CVE-2010-0525
CVE-2010-0525 affects Apple Mac OS X prior to 10.6.3. Mail may select an encryption key from a keychain with multiple recipient certificates without proper key-usage validation, enabling possible information disclosure via brute-force on a weakly encrypted e‑mail. Root cause: inadequate enforceme...
Debian DSA-1896-1 : opensaml, shibboleth-sp - several vulnerabilities
Several vulnerabilities have been discovered in the opensaml and shibboleth-sp packages, as used by Shibboleth 1.x : - Chris Ries discovered that decoding a crafted URL leads to a crash and potentially, arbitrary code execution. - Ian Young discovered that embedded NUL characters in certificate...
Debian DSA-1895-1 : xmltooling - several vulnerabilities
Several vulnerabilities have been discovered in the xmltooling packages, as used by Shibboleth : - Chris Ries discovered that decoding a crafted URL leads to a crash and potentially, arbitrary code execution. - Ian Young discovered that embedded NUL characters in certificate names were not...
Apple iPhone cryptographic weakness
Certificate key usage is not checked during validation of .mobileconfig wireless autoconfiguration file...
Debian Security Advisory DSA 1896-1 (opensaml, shibboleth-sp)
The remote host is missing an update to opensaml, shibboleth-sp announced via advisory DSA 1896-1. OpenVAS Vulnerability Test $Id: deb18961.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1896-1 opensaml, shibboleth-sp Authors: Thomas Reinke Copyright:...
ipsec -- Incorrect key usage in AES-XCBC-MAC
Problem description A programming error in the implementation of the AES-XCBC-MAC algorithm for authentication resulted in a constant key being used instead of the key specified by the system administrator. Impact If the AES-XCBC-MAC algorithm is used for authentication in the absence of any...
Переполнение буфера в bdf из HP-UX
Классическое переполнение буфера при исопльзовании ключа -t...