274 matches found
ALPINE-CVE-2023-0401
A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail...
CVE-2023-0401
A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail...
DEBIAN-CVE-2023-0401
A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail...
Null pointer dereference
A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail...
CVE-2023-0401
A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail...
CVE-2023-0401 NULL dereference during PKCS7 data verification
A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail...
CVE-2023-0401
A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail...
CVE-2023-0401
CVE-2023-0401 describes a NULL pointer dereference during PKCS7 data verification in OpenSSL. The digest initialization can fail when the signature hash algorithm is known but the implementation is unavailable, due to a missing check on the initialization return value. This can lead to invalid di...
jenkins-plugin/script-security: Whole-script approval in Script Security Plugin vulnerable to SHA-1 collisions
A flaw was found in the script-security Jenkins Plugin. SHA-1 no longer meets the security standards for producing a cryptographically secure message digest. The affected version of the script-security Plugin stores whole-script approvals as the SHA-1 hash of the approved script...
CVE-2023-0401
A NULL pointer vulnerability was found in OpenSSL, which can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not...
`NULL` dereference during PKCS7 data verification
A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail...
RUSTSEC-2023-0013 `NULL` dereference during PKCS7 data verification
A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail...
Vulnerability in OpenSSL - NULL dereference during PKCS7 data verification
A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail...
CVE-2023-0401
A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail...
CVE-2023-0452
Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for encrypting privileged user credentials. A configuration file that is accessible without authentication uses MD5 hashes for encrypting credentials, including those of administrators and technicians...
CVE-2023-0452
Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for encrypting privileged user credentials. A configuration file that is accessible without authentication uses MD5 hashes for encrypting credentials, including those of administrators and technicians...
CVE-2023-0452
Summary of CVE-2023-0452 : Econolite EOS before 3.2.23 uses a weak hash (MD5) to encrypt privileged credentials in a configuration file that is accessible without authentication. This can expose administrator/technician credentials and related data. The issue is documented in multiple connected s...
PT-2023-16281 · Econolite · Econolite Eos
Name of the Vulnerable Software and Affected Versions: Econolite EOS versions prior to 3.2.23 Description: The issue concerns the use of a weak hash algorithm for encrypting privileged user credentials. A configuration file, accessible without authentication, utilizes MD5 hashes for credential...
openSUSE 15 Security Update : apptainer (openSUSE-SU-2023:0018-1)
The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0018-1 advisory. - net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via...
GO-2022-1045 Improper validation of signature hash algorithms in github.com/sylabs/sif/v2
The Singularity Image Format SIF reference implementation does not verify that the hash algorithms used are cryptographically secure when verifying digital signatures...