11 matches found
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the wceccimportx963ex function when handling EC public key points in the KCAPI ECC code path. An attacker can cause memory corruption and potentially execute arbitrary code by sending a crafted oversized EC...
CVE-2026-4395
Heap-based buffer overflow in the KCAPI ECC code path of wceccimportx963ex in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkeyraw buffer via a crafted oversized EC public key point. The WOLFSSLKCAPIECC code path copies the input to...
CVE-2026-4395 Heap-based buffer overflow in wc_ecc_import_x963_ex KCAPI path
Heap-based buffer overflow in the KCAPI ECC code path of wceccimportx963ex in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkeyraw buffer via a crafted oversized EC public key point. The WOLFSSLKCAPIECC code path copies the input to...
CVE-2026-4395
Heap-based buffer overflow in the KCAPI ECC code path of wceccimportx963ex in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkeyraw buffer via a crafted oversized EC public key point. The WOLFSSLKCAPIECC code path copies the input to...
OpenSSL 3.6.0 < 3.6.2 Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 3.6.2. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.6.2 advisory. - Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group...
MiracleLinux 9 : gnutls-3.7.6-18.el9 (AXSA:2023-5214:01)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5214:01 advisory. gnutls: timing side-channel in the TLS RSA key exchange code CVE-2023-0361 Tenable has extracted the preceding description block directly from the MiracleLin...
EUVD-2016-7021
Malware in sbrugna...
RHCOS 4 : OpenShift Container Platform 4.15.0 (RHSA-2023:7201)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7201 advisory. - golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-44487 CVE-2023-39325 - golang:...
AlmaLinux 8 : container-tools:4.0 (ALSA-2024:0748)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0748 advisory. runc: file descriptor leak Leaky Vessels CVE-2024-21626 A AlmaLinux Security Bulletin which addresses further details about the Leaky Vessels flaw is...
PT-2023-29487
Name of the Vulnerable Software and Affected Versions Go versions prior to 1.20 Description The issue concerns the RSA-based TLS key exchanges in Go, which used the math/big library that is not constant time. Although RSA blinding was applied to prevent timing attacks, analysis suggests this may...
CVE-2016-6087
IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. IBM X-Force ID: 117918...