Lucene search
+L

171 matches found

OSV
OSV
added 2024/03/06 11:11 a.m.32 views

BIT-TYPO3-2020-15099

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, in a case where an attacker manages to generate a valid cryptographic message authentication code HMAC-SHA1 - either by using a different existing vulnerability or in case t...

8.1CVSS8.4AI score0.01782EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2023/12/07 12:37 p.m.12 views

openssl: Possible DoS translating ASN.1 object identifiers

A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when...

6.5CVSS6.8AI score0.75116EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2023/09/13 12:0 p.m.6 views

acme-rs (>=0.1.0 <=0.2.0), apkeep (>=0.6.0 <=0.13.0) +23 more potentially affected by CVE-2023-39914 via bcder (>=0.1.0 <=0.6.1)

bcder CARGO version =0.1.0, =0.1.0, =0.6.0, =0.1.0, =0.8.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =0.1.5, =0.3.0, =0.19.0, =0.20.0 and more Source cves: CVE-2023-39914 Source advisory: OSV:RUSTSEC-2023-0062...

7.5CVSS7.1AI score0.00592EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2023/06/21 2:51 p.m.6 views

openssl: Possible DoS translating ASN.1 object identifiers

A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when...

6.5CVSS6.8AI score0.75116EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:8 a.m.4 views

SUSE CVE-2008-1552

The silcpkcs1decode function in the silccrypt library silcpkcs1.c in Secure Internet Live Conferencing SILC Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS1 message, which triggers an integer...

6.8CVSS8.2AI score0.04105EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:5 a.m.4 views

SUSE CVE-2009-0591

The CMSverify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid...

2.6CVSS7AI score0.02735EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 6:0 a.m.4 views

SUSE CVE-2010-0742

The Cryptographic Message Syntax CMS implementation in crypto/cms/cmsasn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, a...

7.5CVSS7.5AI score0.07834EPSS
Exploits2References9
SUSE CVE
SUSE CVE
added 2023/02/15 5:48 a.m.4 views

SUSE CVE-2012-0884

The implementation of Cryptographic Message Syntax CMS and PKCS 7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack MMA adaptive chosen ciphertext...

5CVSS8.4AI score0.12932EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/02/15 5:19 a.m.4 views

SUSE CVE-2015-3195

The ASN1TFLGCOMBINE implementation in crypto/asn1/tasndec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by...

5.3CVSS8.5AI score0.38709EPSS
Exploits1References23
OSV
OSV
added 2023/02/08 8:15 p.m.4 views

ALPINE-CVE-2023-0215

The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the...

7.5CVSS6.9AI score0.04494EPSS
Exploits0References1
OSV
OSV
added 2023/02/08 8:15 p.m.6 views

AZL-37641 CVE-2023-0215 affecting package hvloader for versions less than 1.0.1-2

The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the...

7.5CVSS6.8AI score0.04494EPSS
Exploits0References1
OSV
OSV
added 2023/02/08 8:15 p.m.1 views

DEBIAN-CVE-2023-0215

The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the...

7.5CVSS7AI score0.04494EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/01/03 12:0 a.m.7 views

Mozilla Thunderbird 缓冲区错误漏洞

Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The software supports IMAP, POP mail protocols, and HTML mail formats. Mozilla Thunderbird suffers from a buffer error vulnerability that originates from a...

9.8CVSS8.5AI score0.00469EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2021/12/17 8:0 a.m.8 views

NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS S/MIME PKCS \#7 or PKCS \#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS X.509 OCSP or CRL functionality may be impacted depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However email clients and PDF viewers that use NSS for signature verification such as Thunderbird LibreOffice Evolution and Evince are believed to be impacted. This vulnerability affects NSS < 3.73 and NSS < 3.68.1.

...

9.8CVSS8.8AI score0.17563EPSS
Exploits0
OSV
OSV
added 2021/12/01 4:0 p.m.25 views

UBUNTU-CVE-2021-43527

NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \7, or PKCS \12 are likely to be impacted. Applications using N...

9.8CVSS6.8AI score0.17563EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2021/11/15 10:48 a.m.4 views

kernel: Insufficient validation of user-supplied sizes for the MSG_CRYPTO message type

A flaw was discovered in the cryptographic receive code in the Linux kernel's implementation of transparent interprocess communication. An attacker, with the ability to send TIPC messages to the target, can corrupt memory and escalate privileges on the target system...

9.8CVSS7.3AI score0.5758EPSS
Exploits2References4
Microsoft CVE
Microsoft CVE
added 2021/11/08 8:0 a.m.6 views

An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.

...

9.8CVSS8.5AI score0.5758EPSS
Exploits2
OSV
OSV
added 2021/04/07 11:2 a.m.4 views

OESA-2021-1132 wireshark security update

Wireshark is an open source tool for profiling network traffic and analyzing packets. Such a tool is often referred to as a network analyzer, network protocol analyzer or sniffer. Wireshark, formerly known as Ethereal, can be used to examine the details of traffic at a variety of levels ranging...

7.5CVSS8.9AI score0.06079EPSS
Exploits3References5
CNVD
CNVD
added 2020/11/04 12:0 a.m.1 views

Mozilla Network Security Services Code Issue Vulnerability

Network Security Services NSS is a set of libraries for cross-platform development of security-enabled client and server applications compiled with NSS to support security standards such as SSLv2, SSLv3, TLS, etc. NSS is an underlying cryptography library from the Mozilla Foundation. NSS is an...

6.5CVSS8.9AI score0.0198EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/08/06 12:0 a.m.28 views

FreeBSD : typo3 -- multiple vulnerabilities (eab964f8-d632-11ea-9172-4c72b94353b5)

Typo3 Team reports : In case an attacker manages to generate a valid cryptographic message authentication code HMAC-SHA1 - either by using a different existing vulnerability or in case the internal encryptionKey was exposed - it is possible to retrieve arbitrary files of a TYPO3 installation. Thi...

8.8CVSS8.5AI score0.02229EPSS
Exploits1References6
Rows per page
Query Builder