18 matches found
CVE-2024-54846
An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obtain the EC private key and access sensitive data or execute a man-in-the-middle attack...
CVE-2024-54846
An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obtain the EC private key and access sensitive data or execute a man-in-the-middle attack...
SUSE CVE-2015-0209
Use-after-free vulnerability in the d2iECPrivateKey function in crypto/ec/ecasn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service memory corruption and application crash or possibly have...
OpenSSL 0.9.8 < 0.9.8zf / 1.0.0 < 1.0.0r / 1.0.1 < 1.0.1m Multiple Vulnerabilities
Binary data 8662.prm...
Debian DLA-177-1 : openssl security update
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues : CVE-2015-0209 It was discovered that a malformed EC private key might result in memory corruption. CVE-2015-0286 Stephen...
[SECURITY] [DSA 3197-2] openssl regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-3197-2 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 24, 2015 http://www.debian.org/security/faq -...
Ubuntu 14.04 LTS : OpenSSL vulnerabilities (USN-2537-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2537-1 advisory. It was discovered that OpenSSL incorrectly handled malformed EC private key files. A remote attacker could possibly use this issue to cause OpenSSL to...
Debian DSA-3197-1 : openssl - security update
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2015-0286 Stephen Henson discovered that the ASN1TYPEcmp function can be crashed, resulting in denial of service. -...
OpenSSL 'd2i_ECPrivateKey' Memory Misreference Vulnerability
OpenSSL is an open source implementation of SSL used to enable strong encryption of network communications and is now widely used in a variety of web applications. A memory misreference vulnerability exists in 'd2iECPrivateKey' in OpenSSL 'crypto/ec/ecasn1.c'. An attacker could exploit the...
Ubuntu: Security Advisory (USN-2537-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-2537-1: OpenSSL vulnerabilities
It was discovered that OpenSSL incorrectly handled malformed EC private key files. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or execute arbitrary code. CVE-2015-0209 Stephen Henson discovered that OpenSSL incorrectly handled...
Updated openssl packages fix security vulnerabilities
Updated openssl packages fix security vulnerabilities: The function ASN1TYPEcmp will crash with an invalid read if an attempt is made to compare ASN.1 boolean types. Since ASN1TYPEcmp is used to check certificate signature algorithm consistency this can be used to crash any certificate verificati...
CVE-2015-0209
Use-after-free vulnerability in the d2iECPrivateKey function in crypto/ec/ecasn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service memory corruption and application crash or possibly have...
CVE-2015-0209
Use-after-free vulnerability in the d2iECPrivateKey function in crypto/ec/ecasn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service memory corruption and application crash or possibly have...
DSA-3197-1 openssl - security update
Bulletin has no description...
Debian Security Advisory DSA 3197-1 (openssl - security update)
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-0286 Stephen Henson discovered that the ASN1TYPEcmp function can be crashed, resulting in denial of service...
lib32-openssl: multiple issues
CVE-2015-1787 denial of service If client auth is used then a server can segfault in the event of a DHE ciphersuite being selected and a zero length ClientKeyExchange message being sent by the client. This could be exploited in a DoS attack. - CVE-2015-0207 denial of service The DTLSv1listen...
Vulnerability in OpenSSL - Use After Free following d2i_ECPrivatekey error
Use After Free following d2iECPrivatekey error. A malformed EC private key file consumed via the d2iECPrivateKey function could cause a use after free condition. This, in turn, could cause a double free in several private key parsing functions such as d2iPrivateKey or EVPPKCS82PKEY and could lead...