Lucene search
K

249 matches found

OSV
OSV
added 2024/06/27 10:15 p.m.4 views

UBUNTU-CVE-2023-52892

In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions such as a + wildcard, leading to name confusion in X.509 certificate host...

7.5CVSS5.8AI score0.00376EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2024/06/27 12:0 a.m.14 views

CVE-2023-52892

In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions such as a + wildcard, leading to name confusion in X.509 certificate host...

6.7AI score0.00376EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/06/27 12:0 a.m.24 views

CVE-2023-52892

In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions such as a + wildcard, leading to name confusion in X.509 certificate host...

0.00376EPSS
Exploits1References4
OSV
OSV
added 2024/06/27 12:0 a.m.26 views

CVE-2023-52892

In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions such as a + wildcard, leading to name confusion in X.509 certificate host...

7.5CVSS6.7AI score0.00376EPSS
Exploits1References6
CVE
CVE
added 2024/06/27 12:0 a.m.81 views

CVE-2023-52892

The CVE-2023-52892 issue in phpseclib affects TLS hostname verification: in phpseclib versions before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, certain characters in Subject Alternative Name fields can be interpreted with special regex meaning (e.g., a + wildcard), causing name confusion ...

7.5CVSS6.9AI score0.00376EPSS
Exploits1References4Affected Software1
Debian CVE
Debian CVE
added 2024/06/27 12:0 a.m.16 views

CVE-2023-52892

In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions such as a + wildcard, leading to name confusion in X.509 certificate host...

7.5CVSS5.8AI score0.00376EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2024/06/27 12:0 a.m.6 views

PT-2024-14775 · Phpseclib +4 · Phpseclib +4

Name of the Vulnerable Software and Affected Versions: phpseclib versions 1.0.0 through 1.0.21 phpseclib versions 2.0.0 through 2.0.45 phpseclib versions 3.0.0 through 3.0.32 Description: The issue arises from the incorrect handling of certain characters in Subject Alternative Name fields within...

8.7CVSS7.4AI score0.01055EPSS
Exploits1References31
OpenVAS
OpenVAS
added 2024/03/06 12:0 a.m.12 views

Debian: Security Advisory (DLA-3749-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.00601EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2024/03/06 12:0 a.m.92 views

Debian: Security Advisory (DLA-3750-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.00601EPSS
Exploits0References2
Debian
Debian
added 2024/03/05 1:57 p.m.15 views

[SECURITY] [DLA 3749-1] phpseclib security update

Debian LTS Advisory DLA-3749-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin March 05, 2024 https://wiki.debian.org/LTS Package : phpseclib Version : 1.0.19-3deb10u3 CVE ID : CVE-2024-27354 CVE-2024-27355 Security issues were discovered in phpseclib, a PHP librar...

7.5CVSS7AI score0.00815EPSS
Exploits0
OSV
OSV
added 2024/03/05 12:0 a.m.24 views

DLA-3749-1 phpseclib - security update

Bulletin has no description...

7.5CVSS7.4AI score0.00601EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/03/05 12:0 a.m.24 views

Debian dla-3750 : php-phpseclib - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3750 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3750-1 [email protected]...

7.5CVSS7.2AI score0.00815EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2024/03/05 12:0 a.m.24 views

Debian dla-3749 : php-seclib - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3749 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3749-1 [email protected]...

7.5CVSS7.2AI score0.00815EPSS
Exploits0References8
Veracode
Veracode
added 2024/03/04 8:15 a.m.19 views

Denial Of Service (DoS)

phpseclib/phpseclib is vulnerable to a Denial Of Service DoS. The vulnerability is due to a flaw in handling malformed certificates in the phpseclib/Math/BigInteger.php file by using the method isPrime. It allows an attacker to trigger excessive CPU consumption during the isPrime primality check...

7.5CVSS6.9AI score0.00601EPSS
Exploits0References6Affected Software1
Veracode
Veracode
added 2024/03/03 3:11 p.m.10 views

Denial Of Service (DoS)

phpseclib/phpseclib is vulnerable to a Denial Of Service DoS. The vulnerability is due to a flaw in handling malformed certificates in the phpseclib/Math/BigInteger.php file by using the method isPrime. It allows an attacker to trigger excessive CPU consumption during the isPrime primality check...

7.5CVSS6.9AI score0.00601EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/03/02 12:31 a.m.40 views

GHSA-JR22-8QGM-4Q87 Duplicate Advisory: phpseclib does not properly limit the ASN1 OID length

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f2qx-66wf-wvvx. This link is maintained to preserve external references. Original Description An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the...

7.5CVSS6.9AI score0.00569EPSS
Exploits0References9
OSV
OSV
added 2024/03/02 12:31 a.m.46 views

GHSA-HG35-MP25-QF6H Duplicate Advisory: phpseclib: guardrails needed on isPrime and randomPrime

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2528-jw5q-ww88. This link is maintained to preserve external references. Original Description An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can...

8.7CVSS7AI score0.00601EPSS
Exploits0References11
Friends Of PHP
Friends Of PHP
added 2024/03/02 12:31 a.m.27 views

phpseclib a large prime can cause a denial of service

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2528-jw5q-ww88. This link is maintained to preserve external references. Original Description An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can...

7.5CVSS7AI score0.00815EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2024/03/02 12:31 a.m.29 views

phpseclib does not properly limit the ASN1 OID length

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f2qx-66wf-wvvx. This link is maintained to preserve external references. Original Description An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the...

7.5CVSS6.9AI score0.00569EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2024/03/02 12:31 a.m.23 views

Duplicate Advisory: phpseclib does not properly limit the ASN1 OID length

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f2qx-66wf-wvvx. This link is maintained to preserve external references. Original Description An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the...

7.5CVSS6.9AI score0.00569EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder