OESA-2026-2164 opencryptoki security update

openCryptoki is an implementation of the PKCS 11 API that allows interfacing to devices that hold cryptographic information and perform cryptographic functions. openCryptoki provides application portability by isolating the application from the details of the cryptographic device. Isolating the...

OESA-2026-2163 opencryptoki security update

openCryptoki is an implementation of the PKCS 11 API that allows interfacing to devices that hold cryptographic information and perform cryptographic functions. openCryptoki provides application portability by isolating the application from the details of the cryptographic device. Isolating the...

GHSA-82J2-J2CH-GFR8 rustls-webpki: Denial of service via panic on malformed CRL BIT STRING

Summary bitstringflags in src/der.rs panics with an index-out-of-bounds when given a BIT STRING whose content is exactly 0x00 one byte: zero padding bits, zero data bytes. This is reachable through the public API BorrowedCertRevocationList::fromder via the issuingDistributionPoint CRL extension...

RUSTSEC-2026-0104 Reachable panic in certificate revocation list parsing

A panic was reachable when parsing certificate revocation lists via BorrowedCertRevocationList::fromder or OwnedCertRevocationList::fromder. This was the result of mishandling a syntactically valid empty BIT STRING appearing in the onlySomeReasons element of a IssuingDistributionPoint CRL...

Reachable panic in certificate revocation list parsing

A panic was reachable when parsing certificate revocation lists via BorrowedCertRevocationList::fromder or OwnedCertRevocationList::fromder. This was the result of mishandling a syntactically valid empty BIT STRING appearing in the onlySomeReasons element of a IssuingDistributionPoint CRL...

PT-2026-34530

A panic was reachable when parsing certificate revocation lists via BorrowedCertRevocationList::from der or OwnedCertRevocationList::from der. This was the result of mishandling a syntactically valid empty BIT STRING appearing in the onlySomeReasons element of a IssuingDistributionPoint CRL...

EUVD-2015-5672

Malware in sbrugna...

CVE-2025-30077

Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.28 allows an index out-of-range panic in asn1/aper GetBitString via a zero value of numBits...

onos-lib-go 输入验证错误漏洞

onos-lib-go is an open source library of utilities and convenience programs for developing µONOS components in Go from the µONOS Project. A security vulnerability exists in onos-lib-go version 0.10.28, which stems from an asn1/aper GetBitString that can cause an index out-of-bounds panic when...

SUSE CVE-2008-3963

MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' b single-quote single-quote token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service daemon crash by using this token in a SQL statement...

SUSE CVE-2010-0442

The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service daemon crash or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT...

SUSE CVE-2015-5726

The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service application crash via an empty BIT STRING in ASN.1 data...

PT-2020-19361 · Unknown +1 · Libiec61850 +1

Name of the Vulnerable Software and Affected Versions: libIEC61850 versions prior to 1.4.1 Description: The issue arises from a heap-based buffer overflow in the MmsValue decodeMmsData function when parsing the MMS BIT STRING data type. This occurs in the mms/iso mms/server/mms access result.c fi...

DEBIAN-CVE-2019-15945

OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decodebitstring in libopensc/asn1.c...

UBUNTU-CVE-2019-15945

OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decodebitstring in libopensc/asn1.c...

UBUNTU-CVE-2015-5726

The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service application crash via an empty BIT STRING in ASN.1 data...

CVE-2015-5726

Removed by vendor...

FreeBSD : Botan BER Decoder vulnerabilities (2004616d-f66c-11e5-b94c-001999f8d30b)

The botan developers reports : Excess memory allocation in BER decoder - The BER decoder would allocate a fairly arbitrary amount of memory in a length field, even if there was no chance the read request would succeed. This might cause the process to run out of memory or invoke the OOM killer...

Moderate: Red Hat Security Advisory: postgresql security update

Updated postgresql packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings,...

postgresql: substring() negative length argument buffer overflow

The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service daemon crash or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT...