59 matches found
CLSA-2023-1676025596 openssl: Fix of 2 CVEs
CVE-2023-0215: Fix a UAF resulting from a bug in BIOnewNDEF - CVE-2023-0286: Fix GENERALNAMEcmp for x400Address...
AZL-13352 CVE-2023-0215 affecting package openssl for versions less than 1.1.1k-21
The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the...
AZL-13301 CVE-2023-0215 affecting package cloud-hypervisor for versions less than 30.0-2
The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the...
Design/Logic Flaw
The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the...
SUSE SLED15: libopenssl-3-devel / libopenssl-3-devel-32bit / libopenssl3 / etc (SUSE-SU-2023:0312-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0312-1 advisory. Security fixes: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERALNAMEcmp for...
UBUNTU-CVE-2023-0215
The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the...
PT-2022-6260
Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified MySQL Server versions 5.7.41 and earlier, 8.0.32 and earlier Description The public API function BIO new NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally...
ASB-A-176445224
In onCreate of ConfirmConnectActivity, there is a possible remote bypass of user consent due to improper input validation. This could lead to remote proximal, NFC escalation of privilege allowing an attacker to deceive a user into allowing a Bluetooth connection with no additional execution...
SUSE: Security Advisory (SUSE-SU-2016:2305-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2020-0143
In nfadmndeffindnexthandler of nfadmndef.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of heap data via compromised device firmware with System execution privileges needed. User interaction is not needed for...
CVE-2020-0139
In NDEFMsgValidate of ndefutils.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure if a malformed NFC tag is provided by the firmware. System execution privileges are needed and user interaction is not needed for...
CVE-2020-0071
In rwt2textractdefaultlocksinfo of rwt2tndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2020-0038
In rwi93smupdatendef of rwi93.cc, there is a possible read of uninitialized data due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0...
CVE-2019-2179
In NDEFMsgValidate of ndefutils in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...
CVE-2019-2179
CVE-2019-2179 affects Android 7.1.1–9, with the flaw in NDEF_MsgValidate of ndef_utils that causes an out-of-bounds read due to an integer overflow. This may lead to local information disclosure without execution privileges; exploitation requires user interaction. The issue is documented across m...
openSUSE Security Update : wpa_supplicant (openSUSE-2016-1104)
This update for wpasupplicant fixes the following issues : - CVE-2015-4141: WPS UPnP vulnerability with HTTP chunked transfer encoding. bnc930077 - CVE-2015-4142: Integer underflow in AP mode WMM Action frame processing. bnc930078 - CVE-2015-4143: EAP-pwd missing payload length validation...
SUSE SLED12 / SLES12 Security Update : wpa_supplicant (SUSE-SU-2016:2305-1)
This update for wpasupplicant fixes the following issues : - CVE-2015-4141: WPS UPnP vulnerability with HTTP chunked transfer encoding. bnc930077 - CVE-2015-4142: Integer underflow in AP mode WMM Action frame processing. bnc930078 - CVE-2015-4143: EAP-pwd missing payload length validation...
Debian DSA-3397-1 : wpa - security update
Several vulnerabilities have been discovered in wpasupplicant and hostapd. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2015-4141 Kostya Kortchinsky of the Google Security Team discovered a vulnerability in the WPS UPnP function with HTTP chunked...
Debian Security Advisory DSA 3397-1 (wpa - security update)
Several vulnerabilities have been discovered in wpasupplicant and hostapd. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-4141 Kostya Kortchinsky of the Google Security Team discovered a vulnerability in the WPS UPnP function with HTTP chunked transfe...
CVE-2015-8041
Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpasupplicant before 2.5 allow remote attackers to cause a denial of service process crash or infinite loop via a large payload length field value in an 1 WPS or 2 P2P NFC NDEF record, which triggers an out-of-bounds...