EulerOS Virtualization 2.10.0 : nss (EulerOS-SA-2026-1184)

According to the versions of the nss packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the tlsverifycallback function. An attacker can trigger a denial of service by supplying a specially crafted TLS certificate that causes i2dX509 to return -1, which is then misused as a parameter to...

EulerOS 2.0 SP12 : nss (EulerOS-SA-2025-2049)

According to the versions of the nss packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is...

EulerOS 2.0 SP11 : nss (EulerOS-SA-2025-1962)

According to the versions of the nss packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is...

Security update for gnutls

This update for gnutls fixes the following issues: CVE-2024-28835: certtool crash when verifying a certificate chain bsc1221747 CVE-2024-28834: Fixed side-channel in the deterministic ECDSA bsc1221746 jitterentropy: Release the memory of the entropy collector when using jitterentropy with phtread...

DEBIAN-CVE-2022-22747

After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

Updated thunderbird packages fix security vulnerability

It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox CVE-2021-4140. Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable cra...

MGASA-2022-0013 Updated nss and firefox packages fix security vulnerabilities

It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox CVE-2021-4140. Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable cra...

UBUNTU-CVE-2017-7792

A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier OID. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...

openssl: Memory corruption in the ASN.1 encoder

A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an...

Linux kernel ASN.1 DER decoder denial of service vulnerability

Linux kernel is an open source operating system. The Linux kernel's ASN.1 DER decoder handles certificate files with labels of undefined length. A local attacker can crash the system with a specially crafted DER file for X.509 certificates...

openssl: Memory corruption in the ASN.1 encoder

A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an...

GPG2/Kleopatra 2.0.11 Malformed Certificate Crash

!/usr/bin/env python GPG2/Kleopatra 2.0.11 - Malformed Certificate Crash PoC Note: Part of the GPG4Win Package v2.0.1 Found By: DrIDE Tested On: 7RC, XPSP3 Usage: Import the Cert into Kleopatra, GPG2.exe Crashes Seems to only check for the presense of this signature cert =...