78 matches found
ALPINE-CVE-2021-4044
Internally libssl in OpenSSL calls X509verifycert on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error for example out of memory. Such a negative return value is mishandled by OpenSSL and will cause an IO...
USN-5168-2 thunderbird vulnerability
Tavis Ormandy discovered that NSS, included with Thunderbird, incorrectly handled verifying DSA/RSA-PSS signatures. A remote attacker could use this issue to cause Thunderbird to crash, resulting in a denial of service, or possibly execute arbitrary code...
openSUSE: Security Advisory for chromium (openSUSE-SU-2020:0093_1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
RHEL 6 : chromium-browser (RHSA-2020:0214)
The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0214 advisory. Chromium is an open-source web browser, powered by WebKit Blink. This update upgrades Chromium to version 79.0.3945.130. Security Fixes:...
OPENSUSE-SU-2020:0093-1 Security update for chromium
This update for chromium fixes the following issues: Update to version 79.0.3945.130 boo1161252: - CVE-2020-6378, CVE-2020-6379: Fixed a use-after-free in speech recognizer - CVE-2020-6380: Fixed an extension message verification error - Various fixes from audits, fuzzing and other initiatives...
KLA11647 Multiple vulnerabilities in Google Chrome
Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Use-after-free vulnerability in speech recognizer can be...
CVE-2012-6071
nuSOAP before 0.7.3-5 does not properly check the hostname of a cert...
The vulnerability of the anti-spam protection mechanism of the Cisco Email Security Appliance allows attackers to compromise the integrity of the protected information.
The vulnerability of the anti-spam protection mechanism of Cisco Email Security Appliance is related to errors in the verification of Sender Policy Framework SPF messages. Exploiting this vulnerability allows a malicious actor to compromise the integrity of the protected information by sending...
PT-2019-2331
Name of the Vulnerable Software and Affected Versions urllib3 versions prior to 1.24.2 Description The issue is related to the mishandling of certain cases where the desired set of CA certificates is different from the OS store of CA certificates, resulting in SSL connections succeeding in...
X-Pack Security 5.5.2 security update
X-Pack Security TLS certificate verification error ESA-2017-15 An error was found in the X-Pack Security TLS trust manager for versions 5.0.0 to 5.5.1. If reloading the trust material fails the trust manager will be replaced with an instance that trusts all certificates. This could allow any node...
XenMobile Apps in authentication loop or crashing when returning to Secure Hub to do authentication
Secure Hub and apps for example Secure Mail end up in an authentication loop with Secure Hub showing the error message "Verify your credentials and try again", with the following options "Sign On" or "Quit". Sign On would bring you back to Secure Hub and start the loop all over again...
CVE-2014-9424
Double free vulnerability in the sslparseclienthellousesrtpext function in d1srtp.c in LibreSSL before 2.1.2 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a certain length-verification error during processing of a DTLS handshake...
UBUNTU-CVE-2014-0092
lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate...
ImageMagick Integer Overflow Vulnerability - 03 June (Windows)
The host is installed with ImageMagick and is prone to integer overflow Vulnerability. OpenVAS Vulnerability Test $Id: gbimagemagickintegeroverflowvuln03jun13win.nasl 8173 2017-12-19 11:45:56Z cfischer $ ImageMagick Integer Overflow Vulnerability - 03 June Windows Authors: Thanga Prakash S...
IBM WebSphere Application Server 8.0 < Fix Pack 1 Multiple Vulnerabilities
IBM WebSphere Application Server 8.0 before Fix Pack 1 appears to be running on the remote host and is potentially affected by the following vulnerabilities : - An open redirect vulnerability exists related to the 'logoutExitPage' parameter. This can allow remote attackers to trick users into...
Microsoft .NET Framework Pointer Verification Error (MS09-061; CVE-2009-0090)
The Microsoft .NET Framework is a software framework that includes a large library of coded solutions to common programming problems and a virtual machine that manages the execution of programs written specifically for the framework. A remote code execution vulnerability exists in the Microsoft...
Microsoft .NET Framework Type Verification Error (MS09-061; CVE-2009-0090; CVE-2009-0091)
The Microsoft .NET Framework is a software framework that includes a large library of coded solutions to common programming problems and a virtual machine that manages the execution of programs written specifically for the framework. A remote code execution vulnerability exists in the Microsoft...
CVE-2002-1446
The error checking routine used for the CVerify call on a symmetric verification key in the nCipher PKCS11 library 1.2.0 and later returns the CKROK status even when it detects an invalid signature, which could allow remote attackers to modify or forge messages...