2060 matches found
CVE-2006-4409
The Online Certificate Status Protocol OCSP service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists CRL when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked...
CVE-2006-4409
The CVE-2006-4409 issue is concrete: OCSP in Apple Mac OS X Security Framework could fail to retrieve CRLs when a system uses an HTTP proxy (affecting Mac OS X 10.4 to 10.4.8). This could allow revoked certificates to be accepted by the system. The vulnerability pertains to the OCSP service, and ...
CVE-2006-4410
The CVE-2006-4410 entry affects Apple Mac OS X where the Security Framework in 10.3.9 and 10.4.x (before 10.4.7) does not properly search certificate revocation lists (CRLs). This allows remote attackers to authenticate with revoked certificates, potentially compromising system access. Public ref...
CORE-2006-0124: Cross-Site Scripting in Verisign’s haydn.exe CGI script
Core Security Technologies - Corelabs Advisory http://www.coresecurity.com/corelabs/ Cross-Site Scripting in Verisign’s haydn.exe CGI script Date Published: 2006-03-20 Last Update: 2006-03-20 Advisory ID: CORE-2006-0124 Bugtraq ID: None currently assigned CVE Name: None currently assigned Title:...
Apache Httpd < 2.0.55 : Malicious CRL off-by-one
An off-by-one stack overflow was discovered in the modssl CRL verification callback. In order to exploit this issue the Apache server would need to be configured to use a malicious certificate revocation list CRL...
DEBIAN-CVE-2005-1268
Off-by-one error in the modssl Certificate Revocation List CRL verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service child process crash via a CRL that causes a buffer overflow of one null byte...
CVE-2005-1268
Off-by-one error in the modssl Certificate Revocation List CRL verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service child process crash via a CRL that causes a buffer overflow of one null byte...
security flaw
Off-by-one error in the modssl Certificate Revocation List CRL verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service child process crash via a CRL that causes a buffer overflow of one null byte...
CVE-2005-0203
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate has been revoked by its Candidate Numbering Authority CNA because it was initially assigned to a problem that was not a security issue. Notes: none...
PT-2005-2275 · Apache +1 · Apache Mod Ssl +2
Name of the Vulnerable Software and Affected Versions: Apache mod ssl affected versions not specified Description: The issue is related to an off-by-one error in the mod ssl Certificate Revocation List CRL verification callback, which can cause a denial of service child process crash via a CRL th...
[AppSecInc Team SHATTER Security Advisory] SQL Injection in CREATE_SCN_CHANGE_SET procedure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SQL Injection in CREATESCNCHANGESET procedure AppSecInc Team SHATTER Security Advisory http://www.appsecinc.com/resources/alerts/oracle/2005-05.html April 18, 2005 Affected versions: Oracle Database Server version 10g Risk level: High Credits: This...
Fedora Core 1 : gnupg-1.2.3-2 (2003-025)
Phong Nguyen identified a severe bug in the way GnuPG creates and uses ElGamal keys, when those keys are used both to sign and encrypt data. This vulnerability can be used to trivially recover the private key. While the default behavior of GnuPG when generating keys does not lead to the creation ...
GnuPG creates ElGamal keys for signing using insufficient entropy
Overview Gnu Privacy Guard GnuPG is a cryptographic utility used to generate cryptographic keys and perform other cryptographic functions. A vulnerability in the way GnuPG generates ElGamal keys has been discovered. This vulnerability renders ElGamal signing key untrustworthy. Description A...
Important: Red Hat Security Advisory: : Updated gnupg packages disable ElGamal keys
Updated gnupg packages are now available for Red Hat Linux. These updates disable the ability to generate ElGamal keys used for both signing and encrypting and disable the ability to use ElGamal public keys for encrypting data. GnuPG is a utility for encrypting data and creating digital signature...
[Full-Disclosure] GnuPG's ElGamal signing keys compromised
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 GnuPG's ElGamal signing keys compromised ========================================== Summary ======= Phong Nguyen identified a severe bug in the way GnuPG creates and uses ElGamal keys for signing. This is a significant security failure which can lead ...
CVE-2001-0338
Internet Explorer 5.5 and earlier does not properly validate digital certificates when Certificate Revocation List CRL checking is enabled, which could allow remote attackers to spoof trusted web sites, aka the "Server certificate validation vulnerability."...
CVE-2001-0338
The CVE-2001-0338 entry corresponds to Internet Explorer 5.5 and earlier failing to properly validate digital certificates when Certificate Revocation List (CRL) checking is enabled. The underlying issue is that, during CRL checking, IE does not consistently perform essential validity checks (e.g...
TrendMicro InterScan WebManager contains buffer overflow in RegGo.dll
Overview A remotely exploitable buffer overflow exists in Trend Micro InterScan WebManager. Description InterScan WebManager is an application that inspects http traffic flowing into a network for known malicious code. This application also has the capability to restrict access to...
Unauthentic "Microsoft Corporation" certificates issued by Verisign to an unidentifed person
Overview On January 29 and 30, 2001, VeriSign, Inc. issued two certificates to an individual fraudulently claiming to be an employee of Microsoft Corporation. Any code signed by these certificates will appear to be legitimately signed by Microsoft when, in fact, it is not. Although users who try ...
Security update 1970-01-01
...