22 matches found
CVE-2026-25793 Nebula Has Possible Blocklist Bypass via ECDSA Signature Malleability
Nebula is a scalable overlay networking tool. In versions from 1.7.0 to 1.10.2, when using P256 certificates which is not the default configuration, it is possible to evade a blocklist entry created against the fingerprint of a certificate by using ECDSA Signature Malleability to use a copy of th...
GHSA-69X3-G4R3-P962 Blocklist Bypass possible via ECDSA Signature Malleability
Impact When using P256 certificates which is not the default configuration, it is possible to evade a blocklist entry created against the fingerprint of a certificate by using ECDSA Signature Malleability to use a copy of the certificate with a different fingerprint. In order for this to affect a...
Blocklist Bypass possible via ECDSA Signature Malleability
Impact When using P256 certificates which is not the default configuration, it is possible to evade a blocklist entry created against the fingerprint of a certificate by using ECDSA Signature Malleability to use a copy of the certificate with a different fingerprint. In order for this to affect a...
EUVD-2018-21161
Malware in sbrugna...
EUVD-2016-8014
Malware in sbrugna...
EUVD-2016-8015
Malware in sbrugna...
Debian: Security Advisory (DLA-3608-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-132-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: A vulnerability in Java SE related to the Libraries component affects IBM Control Center (CVE-2020-14782)
Summary A flaw in the CertPath implementation allows certificate fingerprint checks to be bypassed under certain circumstances. The fix ensures that certificate fingerprint checks cannot be bypassed in this way. Vulnerability Details CVEID: CVE-2020-14782 DESCRIPTION: An unspecified vulnerability...
SUSE: Security Advisory (SUSE-SU-2015:0172-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2018-9567
On Pixel devices there is a bug causing verified boot to show the same certificate fingerprint despite using different signing keys. This may lead to local escalation of privilege if people are relying on those fingerprints to determine what version of the OS the device is running, with System...
Privilege escalation
On Pixel devices there is a bug causing verified boot to show the same certificate fingerprint despite using different signing keys. This may lead to local escalation of privilege if people are relying on those fingerprints to determine what version of the OS the device is running, with System...
CVE-2018-9567
On Pixel devices there is a bug causing verified boot to show the same certificate fingerprint despite using different signing keys. This may lead to local escalation of privilege if people are relying on those fingerprints to determine what version of the OS the device is running, with System...
CVE-2018-9567
CVE-2018-9567 affects Pixel devices: a bug in verified boot causes the certificate fingerprint to appear identical despite different signing keys, enabling local privilege escalation with no user interaction. The Android Security Bulletin (Dec 2018) indicates patches at the 2018-12-01 and 2018-12...
Oracle: Security Advisory (ELSA-2015-0800)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openssl security update
0.9.8e-33 - fix CVE-2014-8275 without introduction of CVE-2015-0286 - various certificate fingerprint issues - fix CVE-2015-0204 - remove support for RSA ephemeral keys for non-export ciphersuites and on server - fix CVE-2015-0287 - ASN.1 structure reuse decoding memory corruption - fix...
Debian DLA-132-1 : openssl security update (FREAK)
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues : CVE-2014-3570 Pieter Wuille of Blockstream reported that the bignum squaring BNsqr may produce incorrect results on some...
SUSE-SU-2015:0305-1 Security update for compat-openssl098
The openssl 0.9.8j compatibility package was updated to fix several security vulnerabilities: CVE-2014-3570: Bignum squaring BNsqr may produce incorrect results on some platforms, including x8664. CVE-2014-3571: Fix crash in dtls1getrecord whilst in the listen state where you get two separate rea...
SuSE 11.3 Security Update : compat-openssl097g (SAT Patch Number 10208)
OpenSSL compat-openssl097g has been updated to fix various security issues. More information can be found in the openssl advisory: http://openssl.org/news/secadv20150108.txt . The following issues have been fixed : - Bignum squaring BNsqr may have produced incorrect results on some platforms,...
SuSE 11.3 Security Update : OpenSSL (SAT Patch Number 10150)
OpenSSL has been updated to fix various security issues. More information can be found in the OpenSSL advisory: http://openssl.org/news/secadv20150108.txt . The following issues have been fixed : - Bignum squaring BNsqr may produce incorrect results on some platforms, including x8664. bsc912296...