16 matches found
EUVD-2016-4968
Malware in sbrugna...
EUVD-2018-1994
Malware in sbrugna...
CVE-2018-1000664
daneren2005 DSub for Subsonic Android client version 5.4.1 contains a CWE-295: Improper Certificate Validation vulnerability in HTTPS Client that can result in Any non-CA signed server certificate, including self signed and expired, are accepted by the client. This attack appear to be exploitable...
USN-6641-1: curl vulnerability
Harry Sintonen discovered that curl incorrectly handled mixed case cookie domains. A remote attacker could possibly use this issue to set cookies that get sent to different and unrelated sites and domains...
GO-2022-0166 Denial of service due to unchecked parameters in crypto/dsa
The Verify function in crypto/dsa passed certain parameters unchecked to the underlying big integer library, possibly leading to extremely long-running computations, which in turn makes Go programs vulnerable to remote denial of service attacks. Programs using HTTPS client certificates or the Go...
Mageia: Security Advisory (MGASA-2016-0207)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for netdata (moderate)
openSUSE Security Update: Security update for netdata Announcement ID: openSUSE-SU-2021:1603-1 Rating: moderate References: 1139094 1139095 1139098 Cross-References: CVE-2018-18836 CVE-2018-18837 CVE-2018-18838 CVE-2018-18839 CVSS scores: CVE-2018-18836 NVD : 6.5...
CVE-2018-1000664
daneren2005 DSub for Subsonic Android client version 5.4.1 contains a CWE-295: Improper Certificate Validation vulnerability in HTTPS Client that can result in Any non-CA signed server certificate, including self signed and expired, are accepted by the client. This attack appear to be exploitable...
Input validation
daneren2005 DSub for Subsonic Android client version 5.4.1 contains a CWE-295: Improper Certificate Validation vulnerability in HTTPS Client that can result in Any non-CA signed server certificate, including self signed and expired, are accepted by the client. This attack appear to be exploitable...
CVE-2018-1000664
CVE-2018-1000664 affects daneren2005 DSub for Subsonic (Android client) v5.4.1. The vulnerability is CWE-295: Improper Certificate Validation in the HTTPS client, causing acceptance of any non-CA signed server certificate (including self-signed and expired). Exploitation requires the victim to co...
MGASA-2016-0207 Updated golang package fixes CVE-2016-3959
Updated golang packages fix security vulnerability: Go has an infinite loop in several big integer routines that makes Go programs vulnerable to remote denial of service attacks. Programs using HTTPS client authentication or the Go ssh server libraries are both exposed to this vulnerability...
CVE-2016-3959
The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service infinite loop via a crafted public key to a program that uses HTTPS client...
Design/Logic Flaw
The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service infinite loop via a crafted public key to a program that uses HTTPS client...
UBUNTU-CVE-2016-3959
The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service infinite loop via a crafted public key to a program that uses HTTPS client...
Medium: golang
Issue Overview: An infinite loop in several big integer routines was discovered that makes Go programs vulnerable to remote denial of service attacks. Programs using HTTPS client authentication or the Go ssh server libraries are both exposed to this vulnerability. Affected Packages: golang Issue...
go -- remote denial of service
Jason Buberel reports: Go has an infinite loop in several big integer routines that makes Go programs vulnerable to remote denial of service attacks. Programs using HTTPS client authentication or the Go ssh server libraries are both exposed to this vulnerability...