Lucene search
K

633 matches found

FreeBSD
FreeBSD
added 2011/10/21 12:0 a.m.48 views

tomcat -- Denial of Service

The Tomcat security team reports: Analysis of the recent hash collision vulnerability identified unrelated inefficiencies with Apache Tomcat's handling of large numbers of parameters and parameter values. These inefficiencies could allow an attacker, via a specially crafted request, to cause larg...

5CVSS6.1AI score0.1086EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2011/10/17 9:49 p.m.7 views

crypt_blowfish: 8-bit character mishandling allows different password pairs to produce the same hash

cryptblowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash...

5CVSS5.8AI score0.04972EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2011/10/17 9:42 p.m.7 views

crypt_blowfish: 8-bit character mishandling allows different password pairs to produce the same hash

cryptblowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash...

5CVSS5.8AI score0.04972EPSS
Exploits0References5
OSV
OSV
added 2011/02/10 6:0 p.m.8 views

CVE-2011-0539

The keycertify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct...

6.6AI score
Exploits0References11
NVD
NVD
added 2011/02/10 6:0 p.m.33 views

CVE-2011-0539

The keycertify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct...

7.5CVSS6.3AI score0.01797EPSS
Exploits0References10
Prion
Prion
added 2011/02/10 6:0 p.m.19 views

Design/Logic Flaw

The keycertify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct...

5CVSS6.9AI score0.01797EPSS
Exploits0References10Affected Software1
UbuntuCve
UbuntuCve
added 2011/02/10 6:0 p.m.37 views

CVE-2011-0539

The keycertify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct...

7.5CVSS7.1AI score0.01797EPSS
Exploits0References2
Cvelist
Cvelist
added 2011/02/10 5:0 p.m.36 views

CVE-2011-0539

The keycertify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct...

6.3AI score0.01797EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2011/02/10 5:0 p.m.5 views

CVE-2011-0539

The keycertify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct...

7.2AI score0.01797EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2011/02/10 12:0 a.m.9 views

PT-2011-2432

Name of the Vulnerable Software and Affected Versions OpenSSH versions 5.6 through 5.7 Description The issue is related to the key certify function in OpenSSH, specifically when generating legacy certificates using the -t command-line option in ssh-keygen. This function does not initialize the...

7.5CVSS7.2AI score0.01797EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2010/06/01 12:0 a.m.47 views

VMSA-2010-0009 : ESXi ntp and ESX Service Console third-party updates

a. Service Console update for COS kernel Updated COS package 'kernel' addresses the security issues that are fixed through versions 2.6.18-164.11.1. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the names CVE-2009-2695, CVE-2009-2908, CVE-2009-3228, CVE-2009-3286,...

10CVSS7.4AI score0.80134EPSS
Exploits61References44
RedHat Linux
RedHat Linux
added 2010/01/20 12:23 a.m.10 views

deprecate MD2 in SSL cert validation (Kaminsky)

The Network Security Services NSS library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash...

5.1CVSS6.6AI score0.04506EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2010/01/19 12:0 a.m.3 views

PT-2010-1342 · Red Hat +1 · Red Hat +1

Name of the Vulnerable Software and Affected Versions: Linux kernel version 2.6.18 on Red Hat Enterprise Linux RHEL 5 Description: The issue allows remote attackers to cause a denial of service deadlock via crafted packets that force collisions in the IPv4 routing hash table, triggering a routing...

7.8CVSS6.1AI score0.11051EPSS
Exploits14References39
seebug.org
seebug.org
added 2009/12/17 12:0 a.m.21 views

PHP 5.2.1 哈希表覆盖导致任意代码执行漏洞

No description provided by source...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2009/12/11 1:42 p.m.3 views

deprecate MD2 in SSL cert validation (Kaminsky)

The Network Security Services NSS library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash...

5.1CVSS6.6AI score0.04506EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2009/11/10 7:30 p.m.6 views

deprecate MD2 in SSL cert validation (Kaminsky)

The Network Security Services NSS library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash...

5.1CVSS6.6AI score0.04506EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2009/11/09 3:4 p.m.8 views

deprecate MD2 in SSL cert validation (Kaminsky)

The Network Security Services NSS library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash...

5.1CVSS6.6AI score0.04506EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2009/09/28 12:0 a.m.31 views

Mandrake Security Advisory MDVSA-2009:239 (openssl)

The remote host is missing an update to openssl announced via advisory MDVSA-2009:239. OpenVAS Vulnerability Test $Id: mdksa2009239.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:239 openssl Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft...

5.1CVSS0.18241EPSS
Exploits3
OpenVAS
OpenVAS
added 2009/09/28 12:0 a.m.39 views

Mandrake Security Advisory MDVSA-2009:237 (openssl)

The remote host is missing an update to openssl announced via advisory MDVSA-2009:237. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

5.1CVSS6.5AI score0.80134EPSS
Exploits9References1
Tenable Nessus
Tenable Nessus
added 2009/09/22 12:0 a.m.51 views

Mandriva Linux Security Advisory : openssl (MDVSA-2009:238)

Multiple vulnerabilities was discovered and corrected in openssl : Use-after-free vulnerability in the dtls1retrievebufferedfragment function in ssl/d1both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service openssl sclient crash and possibly have unspecified other impa...

5.1CVSS7.2AI score0.80134EPSS
Exploits12References4
Rows per page
Query Builder