4742 matches found
DEBIAN-CVE-2019-14853
An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions or no exceptions at all, which could lead to a denial of service...
CVE-2019-14853
An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions or no exceptions at all, which could lead to a denial of service...
Denial of service
An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions or no exceptions at all, which could lead to a denial of service...
PYSEC-2019-177
An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions or no exceptions at all, which could lead to a denial of service...
PYSEC-2019-177
An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions or no exceptions at all, which could lead to a denial of service...
httpd: mod_session_cookie does not respect expiry time
In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...
httpd: mod_session_cookie does not respect expiry time
In Apache HTTP Server 2.4 release 2.4.37 and prior, modsession checks the session expiry time before decoding the session. This causes session expiry time to be ignored for modsessioncookie sessions since the expiry time is loaded when the session is decoded...
Security update for python-ecdsa (moderate)
openSUSE Security Update: Security update for python-ecdsa Announcement ID: openSUSE-SU-2019:2474-1 Rating: moderate References: 1153165 1154217 Cross-References: CVE-2019-14853 CVE-2019-14859 Affected Products: openSUSE Leap 15.1 An update that fixes two vulnerabilities is now...
Security update for python-ecdsa (moderate)
openSUSE Security Update: Security update for python-ecdsa Announcement ID: openSUSE-SU-2019:2472-1 Rating: moderate References: 1153165 1154217 Cross-References: CVE-2019-14853 CVE-2019-14859 Affected Products: openSUSE Leap 15.0 An update that fixes two vulnerabilities is now...
OPENSUSE-SU-2019:2474-1 Security update for python-ecdsa
This update for python-ecdsa to version 0.13.3 fixes the following issues: Security issues fixed: - CVE-2019-14853: Fixed unexpected exceptions during signature decoding bsc1153165. - CVE-2019-14859: Fixed a signature malleability caused by insufficient checks of DER encoding bsc1154217. This...
Investintech Able2Extract professional JPEG decoding code execution vulnerability
Summary An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional. A specially crafted JPEG file can cause an out-of-bounds memory write, allowing an attacker to execute arbitrary code on the victim machine. An attacker could exploit a vulnerability by...
CVE-2017-7482
Keberos 5 tickets being decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation...
CVE-2019-17393
The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP in cleartext that can be sniffed by unauthorized actors. Basic authentication is used for the authentication, making it possible to base64 decode the sniffed credentials and discover the username and...
UBUNTU-CVE-2019-14853
An error-handling flaw was found in python-ecdsa before version 0.13.3. During signature decoding, malformed DER signatures could raise unexpected exceptions or no exceptions at all, which could lead to a denial of service...
Google Android Information Disclosure Vulnerability (CNVD-2019-36406)
Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An information disclosure vulnerability exists in Google Android 7.1.1, 7.1.2, 8.0, 8.1, 9, and 10. The vulnerability stems from an out-of-bounds read issue caused ...
CVE-2017-5482
Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode without -w which...
CVE-2017-5204
Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode without -w which...
CVE-2016-7937
Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode without -w which...
CVE-2017-5483
Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode without -w which...
CVE-2016-7929
Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode without -w which...