Lucene search
K

74 matches found

NVD
NVD
added 2023/02/08 8:15 p.m.24 views

CVE-2023-0286

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This field is subsequentl...

7.4CVSS7.7AI score0.59501EPSS
Exploits0References8
Prion
Prion
added 2023/02/08 8:15 p.m.40 views

Type confusion

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This field is subsequentl...

4CVSS7.6AI score0.59501EPSS
Exploits0References7Affected Software3
Cvelist
Cvelist
added 2023/02/08 7:1 p.m.219 views

CVE-2023-0286 X.400 address type confusion in X.509 GeneralName

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This field is subsequentl...

7.7AI score0.59501EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2023/02/08 7:1 p.m.106 views

CVE-2023-0286

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This field is subsequentl...

7.4CVSS7.3AI score0.59501EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2023/02/08 7:1 p.m.532 views

CVE-2023-0286

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This field is subsequentl...

7.4CVSS7.8AI score0.59501EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/02/08 7:1 p.m.3 views

CVE-2023-0286 X.400 address type confusion in X.509 GeneralName

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This field is subsequentl...

7.5AI score0.59501EPSS
Exploits0References7
OSV
OSV
added 2023/02/08 7:1 p.m.35 views

CVE-2023-0286 X.400 address type confusion in X.509 GeneralName

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This field is subsequentl...

7.4CVSS7AI score0.59501EPSS
Exploits0References10
CVE
CVE
added 2023/02/08 7:1 p.m.1361 views

CVE-2023-0286

CVE-2023-0286 is a type-confusion bug in OpenSSL related to X.400 address processing inside X.509 GeneralName. The public GENERAL_NAME.x400Address was defined as ASN1_TYPE instead of ASN1_STRING, causing GeneralName_cmp to treat it as a pointer, which under CRL_CHECK can allow an attacker to pass...

7.4CVSS7.7AI score0.59501EPSS
Exploits0References8Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/02/08 12:0 a.m.99 views

Amazon Linux AMI : openssl (ALAS-2023-1683)

The version of openssl installed on the remote host is prior to 1.0.2k-16.162. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1683 advisory. A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover...

7.5CVSS7.8AI score0.59501EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2023/02/08 12:0 a.m.96 views

Amazon Linux 2 : openssl (ALAS-2023-1935)

The version of openssl installed on the remote host is prior to 1.0.2k-24. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1935 advisory. A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a...

7.5CVSS7.8AI score0.59501EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2023/02/08 12:0 a.m.56 views

SUSE SLES12: libopenssl-1_0_0-devel / libopenssl-1_0_0-devel-32bit / etc (SUSE-SU-2023:0306-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0306-1 advisory. - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERALNAMEcmp for x400Address bsc1207533. - CVE-2023-0215: Fixed...

7.5CVSS7.1AI score0.59501EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2023/02/07 5:30 p.m.235 views

CVE-2023-0286

A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled for example, the application sets the X509VFLAGCRLCHECK flag, this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call,...

7.4CVSS7.7AI score0.59501EPSS
Exploits0References4
RustSec
RustSec
added 2023/02/07 12:0 p.m.105 views

X.400 address type confusion in X.509 `GeneralName`

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This field is subsequentl...

7.4CVSS6.7AI score0.59501EPSS
Exploits0Affected Software1
OSV
OSV
added 2023/02/07 12:0 p.m.45 views

RUSTSEC-2023-0006 X.400 address type confusion in X.509 `GeneralName`

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This field is subsequentl...

7.4CVSS7.6AI score0.59501EPSS
Exploits0References3
Amazon
Amazon
added 2023/02/07 12:0 a.m.129 views

Important: openssl

Issue Overview: A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number o...

7.5CVSS7.3AI score0.59501EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2023/02/07 12:0 a.m.54 views

CVE-2023-0286

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This field is subsequentl...

7.4CVSS7AI score0.59501EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2023/02/07 12:0 a.m.70 views

Ubuntu 18.04 LTS : OpenSSL vulnerabilities (USN-5845-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5845-1 advisory. David Benjamin discovered that OpenSSL incorrectly handled X.400 address processing. A remote attacker could possibly use this issue to read arbitrary...

7.5CVSS8.2AI score0.59501EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/11/29 12:0 a.m.13 views

PT-2023-1352

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1 STRING but the public structure definition for...

7.4CVSS8AI score0.59501EPSS
Exploits0References319
Veracode
Veracode
added 2019/05/02 5:19 a.m.32 views

Authentication Bypass

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws t...

10CVSS7.6AI score0.09991EPSS
Exploits0References37Affected Software5
RedHat Linux
RedHat Linux
added 2017/11/16 7:10 p.m.108 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.18 security update

An update is now available for Red Hat JBoss Enterprise Application Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

9.1CVSS6.7AI score0.95707EPSS
Exploits19References10
Rows per page
Query Builder