EUVD-2009-0787

Malware in sbrugna...

EUVD-2022-1274

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2015-0287

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ASN1itemexd2i function in crypto/asn1/tasndec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not...

K16318: OpenSSL vulnerability CVE-2015-0287

Security Advisory Description The ASN1itemexd2i function in crypto/asn1/tasndec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service invalid wri...

GHSA-2R2C-G63R-VCCR Improper Verification of Cryptographic Signature in `node-forge`

Impact RSA PKCS1 v1.5 signature verification code is not properly checking DigestInfo for a proper ASN.1 structure. This can lead to successful verification with signatures that contain invalid structures but a valid digest. Patches The issue has been addressed in node-forge 1.3.0. For more...

Mageia: Security Advisory (MGASA-2021-0429)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Multiple Vulnerabilities (NS-SA-2019-0033)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssl packages installed that are affected by multiple vulnerabilities: - OpenSSL 1.0.2 starting from version 1.0.2b introduced an error state mechanism. The intent was that if a fatal error occurred during a handshake th...

SUSE SLES12 Security Update : compat-openssl098 (SUSE-SU-2015:0553-1)

OpenSSL was updated to fix various security issues. Following security issues were fixed : - CVE-2015-0209: A Use After Free following d2iECPrivatekey error was fixed which could lead to crashes for attacker supplied Elliptic Curve keys. This could be exploited over SSL connections with client...

SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2015:0541-1)

OpenSSL was updated to fix various security issues. Following security issues were fixed : - CVE-2015-0209: A Use After Free following d2iECPrivatekey error was fixed which could lead to crashes for attacker supplied Elliptic Curve keys. This could be exploited over SSL connections with client...

openssl security update

1.0.1e-30.7 - update fix for CVE-2015-0287 to what was released upstream 1.0.1e-30.6 - fix CVE-2015-0209 - potential use after free in d2iECPrivateKey - fix CVE-2015-0286 - improper handling of ASN.1 boolean comparison - fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption - fix...

Ubuntu: Security Advisory (USN-2537-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-2537-1: OpenSSL vulnerabilities

It was discovered that OpenSSL incorrectly handled malformed EC private key files. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or execute arbitrary code. CVE-2015-0209 Stephen Henson discovered that OpenSSL incorrectly handled...

CVE-2012-1569

The asn1getlengthder function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service heap memory corruption and application crash or possibly ha...

CVE-2012-1569

The asn1getlengthder function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service heap memory corruption and application crash or possibly ha...

OpenSSL 0.9.8 < 0.9.8k Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 0.9.8k. It is, therefore, affected by multiple vulnerabilities as referenced in the 0.9.8k advisory. - OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remo...