Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7826 | 1 Botan Project | 1 Botan | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified impact via a valid X.509 certificate, as demonstrated by accepting *.example.com as a match for bar.foo.example.com. | |||||
| CVE-2015-7825 | 1 Botan Project | 1 Botan | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| botan before 1.11.22 improperly validates certificate paths, which allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a certificate with a loop in the certificate chain. | |||||
| CVE-2015-7824 | 1 Botan Project | 1 Botan | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| botan 1.11.x before 1.11.22 makes it easier for remote attackers to decrypt TLS ciphertext data via a padding-oracle attack against TLS CBC ciphersuites. | |||||
| CVE-2015-5727 | 2 Botan Project, Debian | 2 Botan, Debian Linux | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, related to a length field. | |||||
| CVE-2015-5726 | 2 Botan Project, Debian | 2 Botan, Debian Linux | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (application crash) via an empty BIT STRING in ASN.1 data. | |||||
| CVE-2014-9742 | 1 Botan Project | 1 Botan | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x before 1.11.9 improperly uses a single random base, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a DH group. | |||||