37 matches found
Null pointer dereference
The X509toX509REQ function in crypto/x509/x509req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service NULL pointer dereference and application crash via an invalid certificate key...
CVE-2015-0288
The X509toX509REQ function in crypto/x509/x509req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service NULL pointer dereference and application crash via an invalid certificate key...
CVE-2015-0288
CVE-2015-0288 affects OpenSSL X509_to_X509_REQ path. The vulnerability allows a NULL pointer dereference leading to DoS when presented with an invalid certificate key, impacting OpenSSL releases prior to 0.9.8zf, 1.0.0r, 1.0.1m, and 1.0.2a. Remediation is to upgrade to patched OpenSSL versions as...
CVE-2015-0288
The X509toX509REQ function in crypto/x509/x509req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service NULL pointer dereference and application crash via an invalid certificate key...
UBUNTU-CVE-2015-0288
The X509toX509REQ function in crypto/x509/x509req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service NULL pointer dereference and application crash via an invalid certificate key...
Vulnerability in OpenSSL - X509_to_X509_REQ NULL pointer deref
X509toX509REQ NULL pointer deref. The function X509toX509REQ will crash with a NULL pointer dereference if the certificate key is invalid. This function is rarely used in practice. Found by Brian Carpenter...
CVE-2015-2077
The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft Ad-Aware Web Companion 1.1.885.1766 and Ad-Aware AdBlocker alpha 1.3.69.1, Qustodio for Windows, Atom Security, Inc. StaffCop 5.8, and other products, uses the same X.509 certificate private key for a root CA certificate across...
SSL Digital Certificate Security Issues Put CAs on Notice
It’s been a rough couple of years for the security of fundamental Internet infrastructure technologies such the domain name system DNS, SSL and digital certificates. Hackers are taking aim at these core technologies at the heart of ecommerce and online communication, and are more often than not,...
Microsoft Recommends Workarounds to Mitigate Latest IE Zero-Day; Patch Still to Come
Microsoft issued a security advisory Monday night and recommended several workarounds to mitigate a zero-day vulnerability in Internet Explorer reported over the weekend that is being exploited in the wild. Microsoft said it is still investigating the vulnerability, and may issue an out-of-band...
Microsoft Ships Two Bulletins in September Security Update
The Microsoft security team shipped just two bulletins – resolving as many holes – in the September, 2012 edition of Patch Tuesday. The patches will supply fixes for two ‘important’ rated bugs, one in Microsoft Developer Tools and the other in Micrososft Server Software. If unpatched, both could...
Two Microsoft Security Updates Await In Advance of Certificate Key Length Changes
Microsoft is promising a light load of security updates for next Tuesday’s monthly patch release in an attempt to give Windows administrators and security teams time to prepare for an October change to certificate key length requirements. Angela Gunn of Microsoft’s Security Response Team announce...
Microsoft Windows Minimum Certificate Key Length Spoofing Vulnerability (2661254)
Microsoft Windows operating system is prone to digital certificate key length spoofing vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
FTPShell Server证书密钥文件处理栈溢出漏洞
BUGTRAQ ID: 33403 CVECAN ID: CVE-2009-0349 FTPShell Server是一款安全可靠的FTP客户端工具。 FTPShell Server在处理畸形的证书密钥(.key)文件时存在栈溢出漏洞。如果用户受骗导入了大于8000字节的证书的话,就可能触发这个溢出,导致拒绝服务或执行任意代码。 Codeorigin FTPShell Server 4.3 厂商补丁: Codeorigin ---------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...
CVE-1999-1226
Netscape Communicator 4.7 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long certificate key...
CVE-1999-1226
CVE-1999-1226 affects Netscape Communicator 4.7 and earlier. The vulnerability allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long certificate key. The connected sources do not provide concrete exploit code or in-the-wild details. Affected com...
CVE-1999-1226
Netscape Communicator 4.7 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long certificate key...
CVE-1999-1226
Netscape Communicator 4.7 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long certificate key...