14 matches found
EUVD-2018-1915
Malware in sbrugna...
MGASA-2024-0297 Updated botan2 packages fix security vulnerability
An attacker could present an ECDSA X.509 certificate using explicit encoding where the parameters are very large. When parsing, the parameter is checked to be prime, causing excessive computation. This was patched in 2.19.4 and 3.3.0 to allow the prime parameter of the elliptic curve to be at mos...
golang: crypto/tls: certificate of wrong type is causing TLS client to panic
A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists or can be issued, or the client is configured with...
golang: crypto/tls: certificate of wrong type is causing TLS client to panic
A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists or can be issued, or the client is configured with...
golang: crypto/tls: certificate of wrong type is causing TLS client to panic
A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists or can be issued, or the client is configured with...
golang: crypto/tls: certificate of wrong type is causing TLS client to panic
A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists or can be issued, or the client is configured with...
golang: crypto/tls: certificate of wrong type is causing TLS client to panic
A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists or can be issued, or the client is configured with...
golang: crypto/tls: certificate of wrong type is causing TLS client to panic
A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists or can be issued, or the client is configured with...
golang: crypto/tls: certificate of wrong type is causing TLS client to panic
A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists or can be issued, or the client is configured with...
Moderate: Red Hat Security Advisory: Red Hat Certificate System 8 security, bug fix, and enhancement update
An update is now available for Red Hat Certificate System 8 with Advanced Access. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
MS KB3062760: Update for Vulnerability in Juniper Networks Windows In-Box Junos Pulse Client (FREAK)
The remote Windows host is missing KB3062760, which resolves multiple OpenSSL vulnerabilities in the Juniper Networks Windows In-Box Junos Pulse client shipped with Windows 8.1 : - A flaw exists with ECDH handshakes when using an ECDSA certificate without a ServerKeyExchange message. This allows ...
MGASA-2015-0022 Updated openssl packages fix security vulnerabilities
A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference. This could lead to a Denial Of Service attack CVE-2014-3571. A memory leak can occur in the dtls1bufferrecord function under certain conditions. In particular this could occur if an...
Updated openssl packages fix security vulnerabilities
A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference. This could lead to a Denial Of Service attack CVE-2014-3571. A memory leak can occur in the dtls1bufferrecord function under certain conditions. In particular this could occur if an...
MGASA-2014-0119 Updated libssh package fixes security vulnerability
When using libssh before 0.6.3, a libssh-based server, when accepting a new connection, forks and the child process handles the request. The RANDbytes function of openssl doesn't reset its state after the fork, but simply adds the current process id getpid to the PRNG state, which is not guarante...