Lucene search
K

20 matches found

CVE
CVE
added 2018/11/07 8:0 p.m.57 views

CVE-2018-16253

CVE-2018-16253 describes a flaw in axTLS 2.1.3 and earlier where PKCS#1 v1.5 signature verification in sig_verify() of x509.c does not properly verify ASN.1 metadata, enabling a remote attacker to forge signatures under small public exponents and impersonate via fake X.509 certificates. The issue...

5.9CVSS5.7AI score0.00618EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2018/09/26 9:29 p.m.30 views

CVE-2018-16152

In verifyemsapkcs1signature in gmprsapublickey.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS1 v1.5 signature verification. Consequently, a remote attacker can forge...

7.5CVSS5.8AI score0.01888EPSS
Exploits0References8
Prion
Prion
added 2018/09/26 9:29 p.m.23 views

Design/Logic Flaw

In verifyemsapkcs1signature in gmprsapublickey.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS1 v1.5 signature verification. Consequently, a remote attacker can forge...

5CVSS6.6AI score0.1617EPSS
Exploits0References8Affected Software3
AlpineLinux
AlpineLinux
added 2018/09/26 9:0 p.m.61 views

CVE-2018-16152

In verifyemsapkcs1signature in gmprsapublickey.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS1 v1.5 signature verification. Consequently, a remote attacker can forge...

7.5CVSS7.1AI score0.01888EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2018/09/24 2:0 p.m.34 views

CVE-2018-16152

In verifyemsapkcs1signature in gmprsapublickey.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS1 v1.5 signature verification. Consequently, a remote attacker can forge...

7.5CVSS6.8AI score0.01888EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2018/03/12 12:0 a.m.19 views

Solaris 10 (sparc) : 123938-05

GNOME 2.6.0: GNU Transport Layer Security Library Patch. Date this patch was last updated by Sun : Oct/17/16 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc';...

5.9CVSS6.3AI score0.02427EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2018/03/12 12:0 a.m.19 views

Solaris 10 (sparc) : 123938-04

GNOME 2.6.0: GNU Transport Layer Security Library Patch. Date this patch was last updated by Sun : Nov/15/14 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc';...

5.9CVSS6.3AI score0.02427EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2018/03/12 12:0 a.m.13 views

Solaris 10 (x86) : 123939-03

GNOME 2.6.0x86: GNU Transport Layer Security Library Patch. Date this patch was last updated by Sun : Sep/13/14 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc';...

5.9CVSS6.3AI score0.02427EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2018/03/12 12:0 a.m.13 views

Solaris 10 (x86) : 123939-05

GNOME 2.6.0x86: GNU Transport Layer Security Library Patch. Date this patch was last updated by Sun : Oct/17/16 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc';...

5.9CVSS6.3AI score0.02427EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2009/10/10 12:0 a.m.41 views

SLES9: Security update for IBM Java2 JRE and SDK

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: IBMJava2-SDK IBMJava2-JRE For more information, please visit the referenced security advisories. More details may also be found by searching for keyword...

5CVSS0.2AI score0.02427EPSS
Exploits0
OpenVAS
OpenVAS
added 2009/10/10 12:0 a.m.42 views

SLES9: Security update for IBM Java2 JRE and SDK

The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: IBMJava2-SDK IBMJava2-JRE For more information, please visit the referenced security advisories. More details may also be found by searching for keyword...

5CVSS6.6AI score0.02427EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2009/09/24 12:0 a.m.39 views

SuSE9 Security Update : gnutls (YOU Patch Number 11228)

A security problem in the GNU TLS library has been found : If an RSA key with exponent 3 is used, the PKCS padding gets removed before generating a hash, which allows remote attackers to forge a PKCS signature that apapears to be signed by that RSA key and prevents gnutls from correctly verifying...

5CVSS6.1AI score0.02427EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2008/09/24 12:0 a.m.31 views

Gentoo Security Advisory GLSA 200609-15 (gnutls)

The remote host is missing updates announced in advisory GLSA 200609-15. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

5CVSS0.1AI score0.02427EPSS
Exploits0
OpenVAS
OpenVAS
added 2008/09/24 12:0 a.m.19 views

Gentoo Security Advisory GLSA 200609-15 (gnutls)

The remote host is missing updates announced in advisory GLSA 200609-15. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS7.6AI score0.02427EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2007/12/13 12:0 a.m.32 views

SuSE 10 Security Update : IBM Java (ZYPP Patch Number 2461)

This update brings IBM Java 1.4.2 to Service Release 7. It contains several undisclosed security fixes, including the fix for the RSA attack similar to Mitre CVE ID CVE-2006-4790. It also contains timezone updates : - US daylightsaving time update starting 2007. - Western Australia daylight savin...

5CVSS6.2AI score0.02427EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2007/12/13 12:0 a.m.35 views

SuSE 10 Security Update : gnutls (ZYPP Patch Number 2117)

A security problem was fixed in the GNU TLS library, where excess data was not checked during signature checking with RSA keys with exponent 3. This problem could be used to fake those RSA signatures. CVE-2006-4790 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this...

5CVSS6.2AI score0.02427EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2007/02/18 12:0 a.m.14 views

Solaris 10 (x86) : 123939-05 (deprecated)

GNOME 2.6.0x86: GNU Transport Layer Security Library Patch. Date this patch was last updated by Sun : Oct/17/16 This plugin has been deprecated and either replaced with individual 123939 patch-revision plugins, or deemed non-security related. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

7.1AI score0.02427EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2006/10/14 12:0 a.m.31 views

Debian DSA-1182-1 : gnutls11 - cryptographic weakness

Daniel Bleichenbacher discovered a flaw in GNU TLS cryptographic package that could allow an attacker to generate a forged signature that GNU TLS will accept as valid. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

5CVSS6.2AI score0.02427EPSS
Exploits0References2
Debian
Debian
added 2006/09/22 3:34 p.m.33 views

[SECURITY] [DSA 1182-1] New gnutls11 packages fix RSA signature forgery cryptographic weakness

-------------------------------------------------------------------------- Debian Security Advisory DSA 1182-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff September 22nd, 2006 http://www.debian.org/security/faq -...

5CVSS6.1AI score0.02427EPSS
Exploits0
CVE
CVE
added 2006/09/14 7:0 p.m.125 views

CVE-2006-4790

CVE-2018-16253 (and related CVEs) describe a variant of CVE-2006-4790 where PKCS#1 v1.5 signature verification fails to reject excess data in digestAlgorithm.parameters, enabling remote forgery of signatures when small public exponents are used. Affected: axTLS (sig_verify in x509.c) up to versio...

5CVSS6.6AI score0.02427EPSS
Exploits0References30Affected Software1
Rows per page
Query Builder