Lucene search
K

19 matches found

Debian CVE
Debian CVE
added 2026/03/18 2:29 a.m.3 views

CVE-2026-30922

pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the pyasn1 library is vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested SEQUENC...

7.5CVSS6.9AI score0.0058EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/06/07 12:0 a.m.26 views

OpenSSL 0.9.7 < 0.9.7l Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 0.9.7l. It is, therefore, affected by multiple vulnerabilities as referenced in the 0.9.7l advisory. - The getserverhello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions...

10CVSS7.3AI score0.48575EPSS
Exploits10References9
Tenable Nessus
Tenable Nessus
added 2019/01/08 12:0 a.m.41 views

EulerOS 2.0 SP5 : openssl (EulerOS-SA-2019-1009)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries CVE-2018-0495 - openssl: Malicious server can send large prime to...

7.5CVSS6.4AI score0.49268EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2018/11/27 12:0 a.m.49 views

Scientific Linux Security Update : openssl on SL7.x x86_64 (20181030)

Security Fixes : - openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries CVE-2018-0495 - openssl: Malicious server can send large prime to client during DHE TLS handshake causing the client to hang CVE-2018-0732 - openssl: Handling of crafted recursive ASN.1 structures can cau...

7.5CVSS6.3AI score0.49268EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2018/10/31 12:0 a.m.128 views

RHEL 7 : openssl (RHSA-2018:3221)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3221 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

7.5CVSS6.6AI score0.49268EPSS
Exploits1References17
Tenable Nessus
Tenable Nessus
added 2016/10/20 12:0 a.m.195 views

Oracle GlassFish Server 2.1.1.x < 2.1.1.29 Mozilla NSS ASN.1 Structure Handling RCE (October 2016 CPU)

According to its self-reported version number, the Oracle GlassFish Server running on the remote host is 2.1.1.x prior to 2.1.1.29. It is, therefore, affected by a remote code execution vulnerability in the Mozilla Network Security Services NSS component due to improper validation of user-supplie...

8.8CVSS9.2AI score0.04192EPSS
Exploits0References2
Mageia
Mageia
added 2016/03/16 6:7 p.m.56 views

Updated nss packages fix CVE-2016-1950

Updated rootcerts and nss packages fix security vulnerability: A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute...

8.8CVSS4.7AI score0.04192EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2016/03/09 12:0 a.m.28 views

FreeBSD : NSS -- multiple vulnerabilities (c4292768-5273-4f17-a267-c5fe35125ce4)

Mozilla Foundation reports : Security researcher Francis Gabriel reported a heap-based buffer overflow in the way the Network Security Services NSS libraries parsed certain ASN.1 structures. An attacker could create a specially crafted certificate which, when parsed by NSS, would cause it to cras...

8.8CVSS8.8AI score0.04192EPSS
Exploits0References7
FreeBSD
FreeBSD
added 2016/03/08 12:0 a.m.48 views

NSS -- multiple vulnerabilities

Mozilla Foundation reports: Security researcher Francis Gabriel reported a heap-based buffer overflow in the way the Network Security Services NSS libraries parsed certain ASN.1 structures. An attacker could create a specially-crafted certificate which, when parsed by NSS, would cause it to crash...

2.6AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2015/11/05 12:0 a.m.42 views

Scientific Linux Security Update : nss and nspr on SL5.x i386/x86_64 (20151104)

A use-after-poison flaw and a heap-based buffer overflow flaw were found in the way NSS parsed certain ASN.1 structures. An attacker could use these flaws to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library...

9.8CVSS8.4AI score0.10238EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2015/11/05 12:0 a.m.27 views

Scientific Linux Security Update : nss, nss-util, and nspr on SL6.x, SL7.x i386/x86_64 (20151104)

A use-after-poison flaw and a heap-based buffer overflow flaw were found in the way NSS parsed certain ASN.1 structures. An attacker could use these flaws to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library...

9.8CVSS8.4AI score0.10238EPSS
Exploits0References4
Amazon
Amazon
added 2015/11/05 12:0 a.m.56 views

Critical: nspr, nss-util, nss, jss

Issue Overview: Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime NSPR provides platform independence for non-GUI operating system facilities. A use-after-poison flaw and...

9.8CVSS9.4AI score0.10238EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2015/04/14 12:0 a.m.39 views

Oracle Linux 5 : openssl (ELSA-2015-0800)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-0800 advisory. - fix CVE-2014-8275 without introduction of CVE-2015-0286 - various certificate fingerprint issues - fix CVE-2015-0204 - remove support for RSA ephemer...

7.5CVSS7.6AI score0.98685EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2015/04/13 11:54 a.m.62 views

Moderate: Red Hat Security Advisory: openssl security update

Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available...

7.5CVSS7.2AI score0.98685EPSS
Exploits2References11
Tenable Nessus
Tenable Nessus
added 2009/09/24 12:0 a.m.35 views

SuSE 11 Security Update : OpenSSL (SAT Patch Number 772)

This update of openssl fixes the following problems : - ASN1STRINGprintex function allows remote denial of service. CVE-2009-0590 - CMSverify function allows signatures to look valid. CVE-2009-0591 - denial of service due to malformed ASN.1 structures. CVE-2009-0789 %NASLMINLEVEL 70300 C Tenable...

5CVSS8AI score0.06194EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2008/09/04 12:0 a.m.32 views

FreeBSD Ports: openssl

The remote host is missing an update to the system as announced in the referenced advisory. VID 0f37d765-c5d4-11db-9f82-000e0c2e438a OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

10CVSS0.48575EPSS
Exploits10
OSV
OSV
added 2006/09/28 6:7 p.m.7 views

CVE-2006-2937

OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service infinite loop and memory consumption via malformed ASN.1 structures that trigger an improperly handled error condition...

9.1AI score
Exploits0References161
Prion
Prion
added 2006/09/28 6:7 p.m.36 views

Design/Logic Flaw

OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service infinite loop and memory consumption via malformed ASN.1 structures that trigger an improperly handled error condition...

7.8CVSS7.1AI score0.10629EPSS
Exploits1References136Affected Software1
UbuntuCve
UbuntuCve
added 2006/09/28 6:7 p.m.30 views

CVE-2006-2937

OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service infinite loop and memory consumption via malformed ASN.1 structures that trigger an improperly handled error condition...

7.8CVSS6.7AI score0.10629EPSS
Exploits1References2
Rows per page
Query Builder