Lucene search
K

651 matches found

CVE
CVE
added 2011/03/16 10:0 p.m.79 views

CVE-2011-1431

The CVE concerns STARTTLS in qmail-smtpd.c within qmail-smtpd (netqmail-1.06-tls patch for netqmail 1.06). The root cause is incomplete I/O buffering restrictions, enabling MITM attackers to insert a plaintext command after TLS is established in encrypted SMTP sessions (plaintext command injectio...

6.8CVSS6.7AI score0.04593EPSS
Exploits1References9Affected Software1
RedHat Linux
RedHat Linux
added 2009/09/02 8:0 a.m.6 views

OpenSSL: DTLS epoch record buffer memory DoS

The dtls1bufferrecord function in ssl/d1pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service memory consumption via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."...

5CVSS7.1AI score0.11274EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2009/05/28 12:0 a.m.56 views

OpenSSL DTLS Packets Multiple DoS Vulnerabilities - Windows

OpenSSL is prone to multiple Denial of Service DoS vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5CVSS8.8AI score0.18241EPSS
Exploits14References4
OSV
OSV
added 2009/05/19 7:30 p.m.3 views

DEBIAN-CVE-2009-1377

The dtls1bufferrecord function in ssl/d1pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service memory consumption via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug."...

5CVSS9.1AI score0.11274EPSS
Exploits1References1
NVD
NVD
added 2009/02/10 10:30 p.m.21 views

CVE-2009-0433

Unspecified vulnerability in IBM WebSphere Application Server WAS 5.1.x before 5.1.1.19, 6.0.x before 6.0.2.29, and 6.1.x before 6.1.0.19, when Web Server plug-in content buffering is enabled, allows attackers to cause a denial of service daemon crash via unknown vectors, related to a mishandling...

2.6CVSS6.3AI score0.01643EPSS
Exploits0References7
CVE
CVE
added 2009/02/10 10:13 p.m.47 views

CVE-2009-0433

CVE-2009-0433 affects IBM WebSphere Application Server (WAS) 5.1.x before 5.1.1.19, 6.0.x before 6.0.2.29, and 6.1.x before 6.1.0.19. The issue arises when the Web Server plug-in content buffering is enabled, due to mishandling of client read failures. This can cause a denial of service (daemon c...

2.6CVSS6.5AI score0.01643EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2007/03/31 10:19 a.m.19 views

Authentication flaw

Flyspray 0.9.9, when outputbuffering is disabled or "set to a low value," allows remote attackers to bypass authentication via a crafted post request...

6.8CVSS7AI score0.0126EPSS
Exploits0References4Affected Software1
FreeBSD
FreeBSD
added 2007/03/13 12:0 a.m.36 views

flyspray -- authentication bypass

The Flyspray Project reports: Flyspray authentication system can be bypassed by sending a carefully crafted post request. To be vulnerable, PHP configuration directive outputbuffering has to be disabled or set to a low value...

6.8CVSS6.7AI score0.0126EPSS
Exploits0References1
Symantec
Symantec
added 2005/12/13 12:0 a.m.17 views

Microsoft Internet Explorer Dialog Manipulation Vulnerability

Description Internet Explorer is prone to a remote code-execution vulnerability through manipulation of custom dialog boxes. Keystrokes entered while one of these dialogs is displayed may be buffered and passed to a download dialog, allowing attacker-supplied code to be executed. Technologies...

1.2AI score
Exploits0References3Affected Software2
Apache Httpd
Apache Httpd
added 2005/07/07 12:0 a.m.37 views

Apache Httpd < 2.0.55 : Byterange filter DoS

A flaw in the byterange filter would cause some responses to be buffered into memory. If a server has a dynamic resource such as a CGI script or PHP script which generates a large amount of data, an attacker could send carefully crafted requests in order to consume resources, potentially leading ...

5CVSS0.8AI score0.10976EPSS
Exploits0Affected Software1
securityvulns
securityvulns
added 2002/09/28 12:0 a.m.19 views

*sigh* Trillian multiple DoS&#39;s flaws.

I'm beginning to wonder if the makers of the instant messaging client Trillian, have done any bounds checking in their code. Personally I like trillian, its a nice peice of software, on the outside. Here's three more DoS attacks on trillian, exploitable via a server. I've included some code which...

1.4AI score
Exploits0
Rows per page
Query Builder