Lucene search
K

151 matches found

RedHat Linux
RedHat Linux
added 2012/03/27 10:49 p.m.6 views

gnutls: TLS record handling issue (GNUTLS-SA-2012-2, MU-201202-01)

gnutlscipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service heap memory corruption and application crash via a crafted record, as demonstrated by a crafted...

5CVSS7.2AI score0.04202EPSS
Exploits1References4
NVD
NVD
added 2012/03/26 7:55 p.m.22 views

CVE-2012-1573

gnutlscipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service heap memory corruption and application crash via a crafted record, as demonstrated by a crafted...

5CVSS7.5AI score0.04202EPSS
Exploits1References27
OSV
OSV
added 2012/03/26 7:55 p.m.2 views

DEBIAN-CVE-2012-1573

gnutlscipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service heap memory corruption and application crash via a crafted record, as demonstrated by a crafted...

5CVSS6.8AI score0.04202EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2012/03/26 7:0 p.m.20 views

CVE-2012-1573

gnutlscipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service heap memory corruption and application crash via a crafted record, as demonstrated by a crafted...

5CVSS7.6AI score0.04202EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2012/03/26 12:0 a.m.24 views

CVE-2012-1573

gnutlscipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service heap memory corruption and application crash via a crafted record, as demonstrated by a crafted...

5CVSS7.1AI score0.04202EPSS
Exploits1References5
FreeBSD
FreeBSD
added 2012/03/20 12:0 a.m.33 views

gnutls -- possible overflow/Denial of service vulnerabilities

Mu Dynamics, Inc. reports: The block cipher decryption logic in GnuTLS assumed that a record containing any data which was a multiple of the block size was valid for further decryption processing, leading to a heap corruption vulnerability...

5CVSS8.9AI score0.04202EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2012/02/15 4:1 p.m.7 views

openssl: uninitialized SSL 3.0 padding

The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer...

5CVSS7.2AI score0.14523EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2012/02/12 12:0 a.m.47 views

FreeBSD Ports: openssl

The remote host is missing an update to the system as announced in the referenced advisory. VID 78cc8a46-3e56-11e1-89b4-001ec9578670 OpenVAS Vulnerability Test $ Description: Auto generated from VID 78cc8a46-3e56-11e1-89b4-001ec9578670 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

9.3CVSS0.17687EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2012/02/10 12:0 a.m.32 views

Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : openssl vulnerabilities (USN-1357-1)

It was discovered that the elliptic curve cryptography ECC subsystem in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm ECDSA for the ECDHEECDSA cipher suite, did not properly implement curves over binary fields. This could allow an attacker to determine private keys via a timi...

9.3CVSS7.7AI score0.17687EPSS
Exploits1References11
Oracle linux
Oracle linux
added 2012/02/01 12:0 a.m.39 views

openssl security update

0.9.7a-43.18 - CVE-2011-4576 - properly initialize SSL 3.0 block cipher padding 771775 - CVE-2011-4619 - fix SGC restart DoS attack 771780...

5CVSS2.2AI score0.16645EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2012/01/18 7:22 p.m.4 views

HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...

4.3CVSS6.7AI score0.73327EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2012/01/17 12:0 a.m.37 views

Mandriva Linux Security Advisory : openssl (MDVSA-2012:006)

Multiple vulnerabilities has been found and corrected in openssl : The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack CVE-2011-410...

9.3CVSS7.9AI score0.17687EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2012/01/16 12:0 a.m.34 views

FreeBSD : OpenSSL -- multiple vulnerabilities (78cc8a46-3e56-11e1-89b4-001ec9578670)

The OpenSSL Team reports : 6 security flaws have been fixed in OpenSSL 1.0.0f : If X509VFLAGPOLICYCHECK is set in OpenSSL 0.9.8, then a policy check failure can lead to a double-free. OpenSSL prior to 1.0.0f and 0.9.8s failed to clear the bytes used as block cipher padding in SSL 3.0 records. As ...

9.3CVSS7.9AI score0.17687EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2012/01/16 12:0 a.m.44 views

Debian DSA-2390-1 : openssl - several vulnerabilities

Several vulnerabilities were discovered in OpenSSL, an implementation of TLS and related protocols. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2011-4108 The DTLS implementation performs a MAC check only if certain padding is valid, which make...

9.3CVSS8.4AI score0.17687EPSS
Exploits0References12
OSV
OSV
added 2012/01/06 1:55 a.m.8 views

CVE-2012-0027

The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service daemon crash via crafted data from a TLS client...

9AI score0.04992EPSS
Exploits0References7
Prion
Prion
added 2012/01/06 1:55 a.m.22 views

Design/Logic Flaw

The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer...

5CVSS6.5AI score0.14523EPSS
Exploits0References22Affected Software1
OSV
OSV
added 2012/01/06 1:55 a.m.8 views

CVE-2011-4576

The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer...

7.6AI score
Exploits0References22
CVE
CVE
added 2012/01/06 1:0 a.m.9754 views

CVE-2011-4576

OpenSSL CVE-2011-4576 affects SSL 3.0 padding initialization: the implementation does not properly initialize data structures for block cipher padding, allowing a remote attacker to potentially recover plaintext by decrypting the padding data. Affected releases: OpenSSL before 0.9.8s and 1.x befo...

5CVSS8AI score0.14523EPSS
Exploits0References22Affected Software1
Cvelist
Cvelist
added 2012/01/06 1:0 a.m.24 views

CVE-2012-0027

The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service daemon crash via crafted data from a TLS client...

6.1AI score0.04992EPSS
Exploits0References7
Cvelist
Cvelist
added 2012/01/06 1:0 a.m.28 views

CVE-2011-4576

The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer...

8.1AI score0.14523EPSS
Exploits0References22
Rows per page
Query Builder