218 matches found
EUVD-2017-11924
Malware in sbrugna...
EUVD-2016-7767
Malware in sbrugna...
EUVD-2016-7777
Malware in sbrugna...
EUVD-2022-46942
Malicious code in bioql PyPI...
EUVD-2022-49309
Malicious code in bioql PyPI...
CVE-2022-46505
An issue in MatrixSSL 4.5.1-open and earlier leads to failure to securely check the SessionID field, resulting in the misuse of an all-zero MasterSecret that can decrypt secret data...
CVE-2019-13470
MatrixSSL before 4.2.1 has an out-of-bounds read during ASN.1 handling...
CVE-2019-13629
MatrixSSL 4.2.1 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or a remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because crypto/pubkey/eccmath.c scalar...
CVE-2017-1000417
MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic resulting in possible spoofing of OIDs e.g. in ExtKeyUsage extension on X.509 certificates...
CVE-2019-10914
pubRsaDecryptSignedElementExt in MatrixSSL 4.0.1 Open, as used in Inside Secure TLS Toolkit, has a stack-based buffer overflow during X.509 certificate verification because of missing validation in psRsaDecryptPubExt in crypto/pubkey/rsapub.c...
CVE-2004-2682
PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which allows context-dependent attackers to obtain the server's private key by determining factors using timing differences on 1 the number of extra reductions during Montgomery reduction, and 2 the use of different integer...
CVE-2022-43974
MatrixSSL 4.0.4 through 4.5.1 has an integer overflow in matrixSslDecodeTls13. A remote attacker might be able to send a crafted TLS Message to cause a buffer overflow and achieve remote code execution. This is fixed in 4.6.0...
CVE-2019-14431
In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseSSLHandshake in sslDecode.c. During processing of a crafted packet, the server mishandles the...
K54039800: MatrixSSL vulnerability CVE-2016-6883
Security Advisory Description MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote attackers to obtain sensitive information via a Bleichenbacher variant attack. CVE-2016-6883 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status...
MatrixSSL <= 4.5.1 Privilege Escalation Vulnerability
MatrixSSL is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:matrixssl:matrixssl";...
CVE-2022-46505
An issue in MatrixSSL 4.5.1-open and earlier leads to failure to securely check the SessionID field, resulting in the misuse of an all-zero MasterSecret that can decrypt secret data...
CVE-2022-46505
An issue in MatrixSSL 4.5.1-open and earlier leads to failure to securely check the SessionID field, resulting in the misuse of an all-zero MasterSecret that can decrypt secret data...
Open redirect
An issue in MatrixSSL 4.5.1-open and earlier leads to failure to securely check the SessionID field, resulting in the misuse of an all-zero MasterSecret that can decrypt secret data...
CVE-2022-46505
CVE-2022-46505 affects MatrixSSL up to version 4.5.1-open. The issue is a failure to securely validate the SessionID, enabling misuse of an all-zero MasterSecret that can decrypt secret data. Public references in the provided documents consistently tie the vulnerability to MatrixSSL’s SessionID h...
CVE-2022-46505
An issue in MatrixSSL 4.5.1-open and earlier leads to failure to securely check the SessionID field, resulting in the misuse of an all-zero MasterSecret that can decrypt secret data...