EUVD-2021-31533

Malicious code in bioql PyPI...

EUVD-2016-7236

Malicious code in bioql PyPI...

CVE-2023-24609

Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. An attacked device calculates an SHA-2 hash over at least 65 KB in RAM. With a large number of crafted TLS messages, the CPU...

EulerOS 2.0 SP9 : python-cryptography (EulerOS-SA-2024-2836)

According to the versions of the python-cryptography package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS server...

UBUNTU-CVE-2023-50781

A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...

CVE-2023-24609

Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. An attacked device calculates an SHA-2 hash over at least 65 KB in RAM. With a large number of crafted TLS messages, the CPU...

CVE-2023-24609

Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. An attacked device calculates an SHA-2 hash over at least 65 KB in RAM. With a large number of crafted TLS messages, the CPU...

Integer overflow

Matrix SSL 4.x through 4.6.0 and Rambus TLS Toolkit have a length-subtraction integer overflow for Client Hello Pre-Shared Key extension parsing in the TLS 1.3 server. An attacked device calculates an SHA-2 hash over at least 65 KB in RAM. With a large number of crafted TLS messages, the CPU...

PT-2023-9145 · M2Crypto +2 · M2Crypto +2

Name of the Vulnerable Software and Affected Versions: m2crypto affected versions not specified Description: A flaw was found in m2crypto, which may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges. This could lead to the exposure of confidential or...

Cisco Firepower Threat Defense Software SSL Decryption Policy Bleichenbacher Attack (cisco-sa-ftd-tls-bb-rCgtmY2)

A vulnerability in the TLS handler of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper implementation of countermeasures against a Bleichenbacher attack on a device that uses...

Security Bulletin: Information regarding security vulnerability in IBM SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server and addressed by Oracle CPU January 2014

Summary Multiple security vulnerabilities exist in the IBM SDK Java Technology Edition that is shipped with IBM WebSphere Application Server and included in the products that are listed in this document. Vulnerability Details The affected products are shipped with a version of IBM WebSphere...

CVE-2021-44718

wolfSSL through 5.0.0 allows an attacker to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle MITM position. The root cause is that the client module accepts TLS messages that normally are only sent to TLS servers...

CVE-2021-44718

wolfSSL through 5.0.0 allows an attacker to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle MITM position. The root cause is that the client module accepts TLS messages that normally are only sent to TLS servers...

wolfSSL 安全漏洞

wolfSSL CyaSSL is a small, portable embedded SSL programming library for embedded systems developers from wolfSSL, Inc. A security vulnerability exists in wolfSSL version 5.0.0 and earlier, which stems from a client module accepting TLS messages that are normally only sent to TLS servers. An...

CVE-2021-1402 Cisco Firepower Threat Defense Software SSL Decryption Policy Denial of Service Vulnerability

A vulnerability in the software-based SSL/TLS message handler of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service DoS condition. The vulnerability is due to insufficient validati...

Security Bulletin: Information regarding security vulnerability in IBM SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server and addressed by Oracle CPU January 2014

Summary Multiple security vulnerabilities exist in the IBM SDK Java Technology Edition that is shipped with IBM WebSphere Application Server and included in the products that are listed in this document. Vulnerability Details The affected products are shipped with a version of IBM WebSphere...

Design/Logic Flaw

The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service memory consumption via crafted TLS messages, related to statem/statem.c and statem/statemlib.c...

CVE-2016-6307

The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service memory consumption via crafted TLS messages, related to statem/statem.c and statem/statemlib.c...

Squid SSL-Bump Denial of Service

A denial-of-service vulnerability exists in Squid. The vulnerability is due to integer overflow and input validation errors in Squid when processing TLS messages. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted Client or Server Hello message, which...

java-1_7_0-openjdk: update to 2.3.6 (critical)

java-170-openjdk was updated to icedtea-2.3.6 bnc803379 containing various security and bugfixes: Security fixes - S6563318, CVE-2013-0424: RMI data sanitization - S6664509, CVE-2013-0425: Add logging context - S6664528, CVE-2013-0426: Find log level matching its name or value given at constructi...