Lucene search
+L

245 matches found

CNNVD
CNNVD
added 2022/06/28 12:0 a.m.24 views

Mozilla Firefox 输入验证错误漏洞

Mozilla Firefox is an open source Web browser from the Mozilla Foundation. Mozilla Firefox is vulnerable to an input validation error that stems from a lack of ASN.1 parsing restrictions on error formats. An attacker could exploit this vulnerability to compromise the affected system...

9.8CVSS8.2AI score0.007EPSS
Exploits0References9
Prion
Prion
added 2022/02/09 10:15 p.m.14 views

Design/Logic Flaw

OPA is an open source, general-purpose policy engine. Under certain conditions, pretty-printing an abstract syntax tree AST that contains synthetic nodes could change the logic of some statements by reordering array literals. Example of policies impacted are those that parse and compare web paths...

4.3CVSS5.2AI score0.0103EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2022/02/09 12:0 a.m.6 views

Open Policy Agent 安全漏洞

Open Policy Agent is an open source general-purpose policy engine that enables uniform, context-aware policy enforcement across the stack. Open Policy Agent suffers from a security vulnerability that stems from the fact that under certain conditions, pretty-printing an Abstract Syntax Tree AST...

6.3CVSS5.9AI score0.0103EPSS
Exploits1References5
OSV
OSV
added 2021/12/16 7:9 p.m.7 views

CLSA-2021-1639681783 Fix CVE(s): CVE-2021-3712

SECURITY UPDATE: fix assumption that ASN.1 string is NULL terminated when it exactly doesn't. - debian/patches/CVE-2021-3712.patch: backport all found cases where code relayed on assumtion that ASN.1 string is NULL terminated - CVE-2021-3712...

7.4CVSS6.9AI score0.50445EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2021/11/10 5:14 p.m.5 views

openssl: Read buffer overruns processing ASN.1 strings

It was found that openssl assumed ASN.1 strings to be NUL terminated. A malicious actor may be able to force an application into calling openssl function with a specially crafted, non-NUL terminated string to deliberately hit this bug, which may result in a crash of the application, causing a...

7.4CVSS6.7AI score0.50445EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2021/10/16 7:0 a.m.5 views

Read buffer overruns processing ASN.1 strings

...

7.4CVSS6.3AI score0.50445EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2021/10/15 7:0 a.m.4 views

MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.

...

7.5CVSS7AI score0.04365EPSS
Exploits0
OSV
OSV
added 2021/04/07 11:2 a.m.4 views

OESA-2021-1132 wireshark security update

Wireshark is an open source tool for profiling network traffic and analyzing packets. Such a tool is often referred to as a network analyzer, network protocol analyzer or sniffer. Wireshark, formerly known as Ethereal, can be used to examine the details of traffic at a variety of levels ranging...

7.5CVSS8.9AI score0.06079EPSS
Exploits3References5
BDU FSTEC
BDU FSTEC
added 2021/03/21 12:0 a.m.11 views

The vulnerability of the ASN.1 BER analyzer of the computer network traffic analysis tool Wireshark allows a hacker to cause a service failure.

The vulnerability of the ASN.1 BER analyzer in Wireshark for analyzing computer network traffic involves an operation that goes beyond the acceptable limits of the data buffer. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

7.5CVSS6.5AI score0.06079EPSS
Exploits1References13Affected Software6
RedHat Linux
RedHat Linux
added 2020/06/17 10:38 p.m.8 views

jenkins-script-security-plugin: sandbox protection bypass during script compilation phase by applying AST transforming annotations

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations...

8.8CVSS5.8AI score0.01267EPSS
Exploits0References5
CNVD
CNVD
added 2020/04/08 12:0 a.m.3 views

perl-Convert-ASN1 Denial of Service Vulnerability

Perl is a general-purpose, interpreted, dynamic cross-platform programming language from the Perl community. A security vulnerability exists in perl-Convert-ASN1 0.27 and earlier versions, which stems from the program's unsafe decoding of user input. A remote attacker can exploit the vulnerabilit...

7.5CVSS6.8AI score0.04158EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2020/02/24 12:0 a.m.5 views

The vulnerability of the ASN.1 component of the Bouncy Castle Crypto library, which involves the allocation of unlimited memory, allows a attacker to trigger a service failure.

The vulnerability of the ASN.1 component in the Bouncy Castle Crypto library is related to the provision of unlimited memory. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

7.8CVSS7.2AI score0.0895EPSS
Exploits0References7Affected Software14
Positive Technologies
Positive Technologies
added 2020/02/12 12:0 a.m.5 views

PT-2020-15317 · Jenkins · Jenkins Script Security Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Script Security Plugin versions 1.69 and earlier Description: The issue allows sandbox protection to be circumvented during the script compilation phase. This can be achieved by applying AST transforming annotations to imports or by...

8.8CVSS8.6AI score0.01267EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2019/11/26 12:0 a.m.5 views

PT-2019-15802 · Python +1 · Typed Ast +1

Name of the Vulnerable Software and Affected Versions: typed ast versions 1.3.0 through 1.3.1 Description: The issue is related to an out-of-bounds read in the ast for arguments function. An attacker who can cause a Python interpreter to parse Python source code, but not necessarily execute it, m...

8.7CVSS7.2AI score0.03255EPSS
Exploits0References34
FireEye
FireEye
added 2019/11/25 8:0 p.m.17 views

FIDL: FLARE’s IDA Decompiler Library

IDA Pro and the Hex Rays decompiler are a core part of any toolkit for reverse engineering and vulnerability research. In a previous blog post we discussed how the Hex-Rays API can be used to solve small, well-defined problems commonly seen as part of malware analysis. Having access to a...

6.7AI score
Exploits0References2
CNVD
CNVD
added 2019/11/11 12:0 a.m.3 views

wolfSSL buffer overflow vulnerability (CNVD-2019-41425)

wolfSSL formerly known as CyaSSL is the United States wolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. A buffer overflow vulnerability exists in the DecodedCert structure of GetName in wolfcrypt/src/asn.c file in wolfSSL versions 4.1.0...

7.5CVSS7.3AI score0.01972EPSS
Exploits1References1
CNVD
CNVD
added 2019/11/07 12:0 a.m.5 views

LibSass heap buffer overread vulnerability (CNVD-2019-40159)

LibSass is a C/C++ implementation of the Sass compiler. A heap buffer over-read vulnerability exists in Sass::weaveParents in astselweave.cpp in LibSass versions prior to 3.6.3. No details of the vulnerability are provided at this time...

6.5CVSS7AI score0.01053EPSS
Exploits1References1
OSV
OSV
added 2019/09/05 5:15 p.m.6 views

UBUNTU-CVE-2019-15946

OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1decodeentry in libopensc/asn1.c...

6.4CVSS6.7AI score0.00385EPSS
Exploits0References5
OSV
OSV
added 2019/07/17 8:15 p.m.2 views

DEBIAN-CVE-2019-13619

In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments...

7.5CVSS8.9AI score0.06079EPSS
Exploits1References1
OSV
OSV
added 2019/07/17 12:0 a.m.6 views

UBUNTU-CVE-2019-13619

In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments...

7.5CVSS7.2AI score0.06079EPSS
Exploits1References6
Rows per page
Query Builder