19 matches found
CVE-2026-30922
pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the pyasn1 library is vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested SEQUENC...
OpenSSL 0.9.7 < 0.9.7l Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 0.9.7l. It is, therefore, affected by multiple vulnerabilities as referenced in the 0.9.7l advisory. - The getserverhello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions...
EulerOS 2.0 SP5 : openssl (EulerOS-SA-2019-1009)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries CVE-2018-0495 - openssl: Malicious server can send large prime to...
Scientific Linux Security Update : openssl on SL7.x x86_64 (20181030)
Security Fixes : - openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries CVE-2018-0495 - openssl: Malicious server can send large prime to client during DHE TLS handshake causing the client to hang CVE-2018-0732 - openssl: Handling of crafted recursive ASN.1 structures can cau...
RHEL 7 : openssl (RHSA-2018:3221)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3221 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...
Oracle GlassFish Server 2.1.1.x < 2.1.1.29 Mozilla NSS ASN.1 Structure Handling RCE (October 2016 CPU)
According to its self-reported version number, the Oracle GlassFish Server running on the remote host is 2.1.1.x prior to 2.1.1.29. It is, therefore, affected by a remote code execution vulnerability in the Mozilla Network Security Services NSS component due to improper validation of user-supplie...
Updated nss packages fix CVE-2016-1950
Updated rootcerts and nss packages fix security vulnerability: A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute...
FreeBSD : NSS -- multiple vulnerabilities (c4292768-5273-4f17-a267-c5fe35125ce4)
Mozilla Foundation reports : Security researcher Francis Gabriel reported a heap-based buffer overflow in the way the Network Security Services NSS libraries parsed certain ASN.1 structures. An attacker could create a specially crafted certificate which, when parsed by NSS, would cause it to cras...
NSS -- multiple vulnerabilities
Mozilla Foundation reports: Security researcher Francis Gabriel reported a heap-based buffer overflow in the way the Network Security Services NSS libraries parsed certain ASN.1 structures. An attacker could create a specially-crafted certificate which, when parsed by NSS, would cause it to crash...
Scientific Linux Security Update : nss and nspr on SL5.x i386/x86_64 (20151104)
A use-after-poison flaw and a heap-based buffer overflow flaw were found in the way NSS parsed certain ASN.1 structures. An attacker could use these flaws to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library...
Scientific Linux Security Update : nss, nss-util, and nspr on SL6.x, SL7.x i386/x86_64 (20151104)
A use-after-poison flaw and a heap-based buffer overflow flaw were found in the way NSS parsed certain ASN.1 structures. An attacker could use these flaws to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library...
Critical: nspr, nss-util, nss, jss
Issue Overview: Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime NSPR provides platform independence for non-GUI operating system facilities. A use-after-poison flaw and...
Oracle Linux 5 : openssl (ELSA-2015-0800)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-0800 advisory. - fix CVE-2014-8275 without introduction of CVE-2015-0286 - various certificate fingerprint issues - fix CVE-2015-0204 - remove support for RSA ephemer...
Moderate: Red Hat Security Advisory: openssl security update
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available...
SuSE 11 Security Update : OpenSSL (SAT Patch Number 772)
This update of openssl fixes the following problems : - ASN1STRINGprintex function allows remote denial of service. CVE-2009-0590 - CMSverify function allows signatures to look valid. CVE-2009-0591 - denial of service due to malformed ASN.1 structures. CVE-2009-0789 %NASLMINLEVEL 70300 C Tenable...
FreeBSD Ports: openssl
The remote host is missing an update to the system as announced in the referenced advisory. VID 0f37d765-c5d4-11db-9f82-000e0c2e438a OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
CVE-2006-2937
OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service infinite loop and memory consumption via malformed ASN.1 structures that trigger an improperly handled error condition...
Design/Logic Flaw
OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service infinite loop and memory consumption via malformed ASN.1 structures that trigger an improperly handled error condition...
CVE-2006-2937
OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service infinite loop and memory consumption via malformed ASN.1 structures that trigger an improperly handled error condition...