EUVD-2023-43053

Malicious code in bioql PyPI...

EUVD-2014-3511

Malicious code in bioql PyPI...

EUVD-2023-43054

Malicious code in bioql PyPI...

golang: crypto/tls: panic when processing post-handshake message on QUIC connections

A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic...

CVE-2021-42143

An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. An infinite loop bug exists during the handling of a ClientHello handshake message. This bug allows remote attackers to cause a denial of service by sending a malformed ClientHello handshake message with an odd length o...

golang: crypto/tls: panic when processing post-handshake message on QUIC connections

A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic...

golang: crypto/tls: panic when processing post-handshake message on QUIC connections

A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic...

golang: crypto/tls: panic when processing post-handshake message on QUIC connections

A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic...

golang: crypto/tls: panic when processing post-handshake message on QUIC connections

A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic...

Important: Red Hat Security Advisory: Cryostat security update

An update is now available for Cryostat 2 on RHEL 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in th...

CVE-2023-39321

Processing an incomplete post-handshake message for a QUIC connection can cause a panic...

CVE-2023-39321

Removed by vendor...

OSV-2020-920 Heap-buffer-overflow in pcpp::SSLServerHelloMessage::getSessionIDLength

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22523 Crash type: Heap-buffer-overflow READ 1 Crash state: pcpp::SSLServerHelloMessage::getSessionIDLength pcpp::SSLServerHelloMessage::SSLServerHelloMessage pcpp::SSLHandshakeMessage::createHandhakeMessage...

CVE-2019-9689

processcertificate in tls1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow via a crafted TLS certificate handshake message with zero certificates...

Buffer overflow

processcertificate in tls1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow via a crafted TLS certificate handshake message with zero certificates...

CVE-2019-9689

processcertificate in tls1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow via a crafted TLS certificate handshake message with zero certificates...

nss: Use-after-free in NSS during SSL connections in low memory (MFSA 2016-15)

A use-after-free flaw was found in the way NSS handled DHE Diffie–Hellman key exchange and ECDHE Elliptic Curve Diffie-Hellman key exchange handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause th...

nss: Use-after-free in NSS during SSL connections in low memory (MFSA 2016-15)

A use-after-free flaw was found in the way NSS handled DHE Diffie–Hellman key exchange and ECDHE Elliptic Curve Diffie-Hellman key exchange handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause th...

OpenSSL DHE Client Key Exchange Denial of Service (CVE-2015-1787)

A denial of service vulnerability exists in OpenSSL. The vulnerability is due to a null pointer dereference that occurs when an OpenSSL application receives and processes a Client Certificate and a crafted Client Key Exchange handshake message.A remote, unauthenticated attacker can exploit this...

DEBIAN-CVE-2014-3513

Memory leak in d1srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service memory consumption via a crafted handshake message...