Lucene search
K

59 matches found

OSV
OSV
added 2023/02/10 10:39 a.m.6 views

CLSA-2023-1676025596 openssl: Fix of 2 CVEs

CVE-2023-0215: Fix a UAF resulting from a bug in BIOnewNDEF - CVE-2023-0286: Fix GENERALNAMEcmp for x400Address...

7.5CVSS7AI score0.59501EPSS
Exploits0References1
OSV
OSV
added 2023/02/08 8:15 p.m.3 views

AZL-13352 CVE-2023-0215 affecting package openssl for versions less than 1.1.1k-21

The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the...

7.5CVSS6.6AI score0.04494EPSS
Exploits0References1
OSV
OSV
added 2023/02/08 8:15 p.m.15 views

AZL-13301 CVE-2023-0215 affecting package cloud-hypervisor for versions less than 30.0-2

The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the...

7.5CVSS6.6AI score0.04494EPSS
Exploits0References1
Prion
Prion
added 2023/02/08 8:15 p.m.47 views

Design/Logic Flaw

The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the...

5CVSS7.7AI score0.04494EPSS
Exploits0References7Affected Software2
Tenable Nessus
Tenable Nessus
added 2023/02/08 12:0 a.m.40 views

SUSE SLED15: libopenssl-3-devel / libopenssl-3-devel-32bit / libopenssl3 / etc (SUSE-SU-2023:0312-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0312-1 advisory. Security fixes: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERALNAMEcmp for...

7.5CVSS7.1AI score0.59501EPSS
Exploits0References27
OSV
OSV
added 2023/02/07 12:0 a.m.2 views

UBUNTU-CVE-2023-0215

The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the...

7.5CVSS6.7AI score0.04494EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2022/11/29 12:0 a.m.7 views

PT-2022-6260

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified MySQL Server versions 5.7.41 and earlier, 8.0.32 and earlier Description The public API function BIO new NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally...

10CVSS7.8AI score0.95764EPSS
Exploits22References860
OSV
OSV
added 2021/07/01 12:0 a.m.26 views

ASB-A-176445224

In onCreate of ConfirmConnectActivity, there is a possible remote bypass of user consent due to improper input validation. This could lead to remote proximal, NFC escalation of privilege allowing an attacker to deceive a user into allowing a Bluetooth connection with no additional execution...

8CVSS8.1AI score0.01393EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.25 views

SUSE: Security Advisory (SUSE-SU-2016:2305-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6AI score0.04198EPSS
Exploits0References8
OSV
OSV
added 2020/06/11 3:15 p.m.5 views

CVE-2020-0143

In nfadmndeffindnexthandler of nfadmndef.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of heap data via compromised device firmware with System execution privileges needed. User interaction is not needed for...

4.4CVSS6.5AI score0.00143EPSS
Exploits0References1
OSV
OSV
added 2020/06/11 3:15 p.m.3 views

CVE-2020-0139

In NDEFMsgValidate of ndefutils.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure if a malformed NFC tag is provided by the firmware. System execution privileges are needed and user interaction is not needed for...

4.4CVSS6.6AI score0.00143EPSS
Exploits0References1
OSV
OSV
added 2020/04/17 7:15 p.m.4 views

CVE-2020-0071

In rwt2textractdefaultlocksinfo of rwt2tndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

9.8CVSS6.3AI score0.01338EPSS
Exploits0References1
OSV
OSV
added 2020/03/10 8:15 p.m.2 views

CVE-2020-0038

In rwi93smupdatendef of rwi93.cc, there is a possible read of uninitialized data due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0...

7.5CVSS7.2AI score0.01145EPSS
Exploits0References1
OSV
OSV
added 2019/09/05 10:15 p.m.2 views

CVE-2019-2179

In NDEFMsgValidate of ndefutils in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

5.5CVSS6.5AI score0.00449EPSS
Exploits0References1
CVE
CVE
added 2019/09/05 9:39 p.m.151 views

CVE-2019-2179

CVE-2019-2179 affects Android 7.1.1–9, with the flaw in NDEF_MsgValidate of ndef_utils that causes an out-of-bounds read due to an integer overflow. This may lead to local information disclosure without execution privileges; exploitation requires user interaction. The issue is documented across m...

5.5CVSS5.1AI score0.00449EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/09/26 12:0 a.m.27 views

openSUSE Security Update : wpa_supplicant (openSUSE-2016-1104)

This update for wpasupplicant fixes the following issues : - CVE-2015-4141: WPS UPnP vulnerability with HTTP chunked transfer encoding. bnc930077 - CVE-2015-4142: Integer underflow in AP mode WMM Action frame processing. bnc930078 - CVE-2015-4143: EAP-pwd missing payload length validation...

5CVSS5.9AI score0.04198EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2016/09/15 12:0 a.m.37 views

SUSE SLED12 / SLES12 Security Update : wpa_supplicant (SUSE-SU-2016:2305-1)

This update for wpasupplicant fixes the following issues : - CVE-2015-4141: WPS UPnP vulnerability with HTTP chunked transfer encoding. bnc930077 - CVE-2015-4142: Integer underflow in AP mode WMM Action frame processing. bnc930078 - CVE-2015-4143: EAP-pwd missing payload length validation...

5CVSS6AI score0.04198EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2015/11/11 12:0 a.m.40 views

Debian DSA-3397-1 : wpa - security update

Several vulnerabilities have been discovered in wpasupplicant and hostapd. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2015-4141 Kostya Kortchinsky of the Google Security Team discovered a vulnerability in the WPS UPnP function with HTTP chunked...

5.9CVSS6.1AI score0.04198EPSS
Exploits0References36
OpenVAS
OpenVAS
added 2015/11/10 12:0 a.m.48 views

Debian Security Advisory DSA 3397-1 (wpa - security update)

Several vulnerabilities have been discovered in wpasupplicant and hostapd. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-4141 Kostya Kortchinsky of the Google Security Team discovered a vulnerability in the WPS UPnP function with HTTP chunked transfe...

5CVSS0.2AI score0.04198EPSS
Exploits0References1
NVD
NVD
added 2015/11/09 4:59 p.m.27 views

CVE-2015-8041

Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpasupplicant before 2.5 allow remote attackers to cause a denial of service process crash or infinite loop via a large payload length field value in an 1 WPS or 2 P2P NFC NDEF record, which triggers an out-of-bounds...

5CVSS5.7AI score0.03409EPSS
Exploits0References8
Rows per page
Query Builder