Design/Logic Flaw

The Web Cryptography API aka WebCrypto implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via crafted JavaScript code,...

CVE-2016-5142

The CVE-2016-5142 entry describes a vulnerability in the Web Cryptography API (WebCrypto) implementation in Blink used by Google Chrome prior to 52.0.2743.116. The issue is a data buffer copy error in Blink (NormalizeAlgorithm.cpp and SubtleCrypto.cpp) that can cause a use-after-free, leading to ...

CVE-2016-5142

The Web Cryptography API aka WebCrypto implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via crafted JavaScript code,...

CVE-2016-5142

The Web Cryptography API aka WebCrypto implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via crafted JavaScript code,...

MS KB3050995: Improperly Issued Digital Certificates Could Allow Spoofing (deprecated)

The remote host is missing KB3050995, KB2677070 automatic updater, or the latest disallowed certificate update using KB2813430 manual updater. If KB2677070 has been installed, it has not yet obtained the latest auto-updates. Note that this plugin checks that the updaters have actually updated the...

openSUSE Security Update : libssh2_org (openSUSE-2015-242)

libssh2org was updated to version 1.5.0 to fix bugs and a security issue. Changes in 1.5.0: Added Windows Cryptography API: Next Generation based backend Bug fixes : - Security Advisory: Using SSHMSGKEXINIT data unbounded, CVE-2015-1782 - missing libssh2error in libssh2channelwrite - knownhost: F...

MS KB2982792: Improperly Issued Digital Certificates Could Allow Spoofing

The remote host is missing KB2982792, KB2677070 automatic updater, or the latest disallowed certificate update using KB2813430 manual updater. If KB2677070 is installed, it is missing the latest auto-updates. Note that this plugin checks that the updaters have actually updated the disallowed CTL...

Improperly Issued Digital Certificates Could Allow Spoofing (Microsoft Security Advisory 2916652)

The remote host is missing either KB2677070 or KB2917500. If KB2677070 is installed, it is missing the latest auto-updates. Note that this plugin checks that the updaters have actually updated the disallowed CTL list, not that the KBs listed are installed. This approach was taken since the...

CVE-2007-6721

The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes."...

CVE-2007-6721

The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes."...

CVE-2007-6721

The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes."...

PT-2009-1169 · Bouncy Castle · Crypto Provider Package +1

Name of the Vulnerable Software and Affected Versions: Bouncy Castle Java Cryptography API versions prior to 1.38 Crypto Provider Package versions prior to 1.36 Description: The issue is related to a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes, which has...