CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1463 matches found

OSV•added 2019/11/09 1:15 p.m.•3 views

DEBIAN-CVE-2019-18840

In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer overflow inside the DecodedCert structure in GetName in wolfcrypt/src/asn.c because the domain name location...

7.5CVSS7.6AI score0.01972EPSS

Exploits1References1

NVD•added 2019/11/09 1:15 p.m.•9 views

CVE-2019-18840

7.5CVSS7.8AI score0.01972EPSS

Exploits1References1

OSV•added 2019/11/09 1:15 p.m.•10 views

CVE-2019-18840

7.5CVSS7.3AI score

Exploits0References1

Prion•added 2019/11/09 1:15 p.m.•13 views

Heap overflow

5CVSS7.7AI score0.01972EPSS

Exploits1References1Affected Software1

UbuntuCve•added 2019/11/09 1:15 p.m.•19 views

CVE-2019-18840

7.5CVSS7.3AI score0.01972EPSS

Exploits1References2

OSV•added 2019/11/09 1:15 p.m.•2 views

UBUNTU-CVE-2019-18840

7.5CVSS6.1AI score0.01972EPSS

Exploits1References3

CVE•added 2019/11/09 12:58 p.m.•151 views

CVE-2019-18840

WolfSSL (wolfSSL 4.1.0–4.2.0c) is affected by a buffer overflow in the GetName path of the ASN.1 certificate parser (DecodedCert in wolfcrypt/src/asn.c). The root cause is missing sanity checks during memory access, where the domain name location index is mishandled, allowing a one-byte heap-base...

7.5CVSS7.7AI score0.01972EPSS

Exploits1References1Affected Software1

Cvelist•added 2019/11/09 12:58 p.m.•16 views

CVE-2019-18840

7.5CVSS7.8AI score0.01972EPSS

Exploits1References1

Debian CVE•added 2019/11/09 12:58 p.m.•14 views

CVE-2019-18840

7.5CVSS4.2AI score0.01972EPSS

Exploits1

OSV•added 2019/10/03 2:15 p.m.•3 views

DEBIAN-CVE-2019-13628

wolfSSL and wolfCrypt 4.0.0 and earlier when configured without --enable-fpecc, --enable-sp, or --enable-sp-math contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to precisely measure the duration of signature operations, to infer information about th...

4.7CVSS4.9AI score0.00362EPSS

Exploits0References1

UbuntuCve•added 2019/10/03 2:15 p.m.•21 views

CVE-2019-13628

4.7CVSS5.8AI score0.00362EPSS

Exploits0References2

Prion•added 2019/10/03 2:15 p.m.•12 views

Design/Logic Flaw

1.2CVSS4.5AI score0.00362EPSS

Exploits0References4Affected Software1

OSV•added 2019/10/03 2:15 p.m.•2 views

UBUNTU-CVE-2019-13628

4.7CVSS5.7AI score0.00362EPSS

Exploits0References3

Cvelist•added 2019/10/03 1:20 p.m.•17 views

CVE-2019-13628

4.4AI score0.00362EPSS

Exploits0References4

CVE•added 2019/10/03 1:20 p.m.•67 views

CVE-2019-13628

CVE-2019-13628 affects wolfSSL/wolfCrypt 4.0.0 and earlier when built without --enable-fpecc, --enable-sp, or --enable-sp-math. The issue is a timing side-channel in ECDSA signature generation caused by ecc.c scalar multiplication leaking bit-length information. This may allow a local attacker wh...

4.7CVSS4.4AI score0.00362EPSS

Exploits0References4Affected Software1

Debian CVE•added 2019/10/03 1:20 p.m.•18 views

CVE-2019-13628

4.7CVSS2.4AI score0.00362EPSS

Exploits0

OSV•added 2019/09/24 1:15 p.m.•10 views

CVE-2019-16748

In wolfSSL through 4.1.0, there is a missing sanity check of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer over-read in CheckCertSignatureex in wolfcrypt/src/asn.c...

9.8CVSS7AI score

Exploits0References1

NVD•added 2019/09/24 1:15 p.m.•21 views

CVE-2019-16748

9.8CVSS9.6AI score0.01154EPSS

Exploits0References1

OSV•added 2019/09/24 1:15 p.m.•3 views

DEBIAN-CVE-2019-16748

9.8CVSS7.4AI score0.01154EPSS

Exploits0References1

UbuntuCve•added 2019/09/24 1:15 p.m.•20 views

CVE-2019-16748