Lucene search
K

44 matches found

Gitee
Gitee
added 2025/09/14 11:52 a.m.95 views

Exploit for Out-of-bounds Read in Openssl

This is an exploit module/toolkit targeting the Heartbleed vulnerability CVE-2014-0160. The target product/service is OpenSSL, and the vulnerability class/vector is a buffer overflow in the TLS heartbeat extension, allowing for memory disclosure. The probable entry point is the ssl3writebytes...

7.5CVSS8.4AI score0.99999EPSS
Exploits87
F5 Networks
F5 Networks
added 2023/02/21 7:4 p.m.168 views

K15159: OpenSSL vulnerability CVE-2014-0160

Security Advisory Description The 1 TLS and 2 DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as...

7.5CVSS8.6AI score0.99999EPSS
Exploits87Affected Software11
SUSE CVE
SUSE CVE
added 2023/02/15 5:32 a.m.11 views

SUSE CVE-2014-0160

The 1 TLS and 2 DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys,...

7.5CVSS6.8AI score0.99999EPSS
Exploits87References32
CISA KEV Catalog
CISA KEV Catalog
added 2022/05/04 12:0 a.m.27 views

OpenSSL Information Disclosure Vulnerability

The TLS and DTLS implementations in OpenSSL do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information...

7.5CVSS7.8AI score0.99999EPSS
In wildExploits87
Veracode
Veracode
added 2019/01/15 9:0 a.m.40 views

Information Disclosure Through Buffer Over-read

OpenSSL is vulnerable to information disclosure. OpenSSL does not correctly handle Heartbeat Extension packets, attackers can leverage this flaw to read sensitive information by triggering a buffer over-read. This is also known as Heartbleed...

7.5CVSS7.2AI score0.99999EPSS
Exploits87References135Affected Software1
OpenVAS
OpenVAS
added 2015/09/08 12:0 a.m.49 views

Amazon Linux: Security Advisory (ALAS-2014-320)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.99999EPSS
Exploits87References4
Tenable Nessus
Tenable Nessus
added 2015/03/30 12:0 a.m.56 views

Mandriva Linux Security Advisory : openssl (MDVSA-2015:062)

Multiple vulnerabilities has been discovered and corrected in openssl : Race condition in the ssl3readbytes function in s3pkt.c in OpenSSL through 1.0.1g, when SSLMODERELEASEBUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service use-after-free and...

7.5CVSS8.2AI score0.99999EPSS
Exploits105References27
Tenable Nessus
Tenable Nessus
added 2014/10/17 12:0 a.m.269 views

Oracle Linux 6 / 7 : openssl (ELSA-2014-1652)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1652 advisory. - fix CVE-2014-3567 - memory leak when handling session tickets - fix CVE-2014-3513 - memory leak in srtp support - add support for fallback SCSV t...

7.5CVSS8AI score0.99999EPSS
Exploits105References3
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.99 views

OpenSSL 1.0.1f TLS Heartbeat Extension - Memory Disclosure (Multiple SSL/TLS versions)

No description provided by source. Exploit Title: OpenSSL TLS Heartbeat Extension - Memory Disclosure - Multiple SSL/TLS versions Date: 2014-04-09 Exploit Author: Csaba Fitzl Vendor Homepage: http://www.openssl.org/ Software Link: http://www.openssl.org/source/openssl-1.0.1f.tar.gz Version: 1.0.1...

5CVSS8.2AI score0.99999EPSS
Exploits87
The Hacker News
The Hacker News
added 2014/05/28 6:25 a.m.28 views

Beware Of Fake 'HeartBleed Bug Remover Tool', Hijacks System with Malware

I am considering that you all must have read my last article on OpenSSL Heartbleed, a critical bug in the OpenSSL's implementation of the TLS/DTLS heartbeat extension that allows attackers to read portions of the affected server’s memory, potentially revealing users data, that the server did not...

6.8AI score
Exploits0
ThreatPost
ThreatPost
added 2014/05/09 9:56 a.m.11 views

Digi International Gateways Vulnerable to Heartbleed

Wireless Web mesh gateways used everywhere from industrial control environments to home area networks are vulnerable to the Heartbleed OpenSSL vulnerability. The Industrial Control System Computer Emergency Response Team ICS-CERT issued an advisory Thursday warning SCADA and ICS managers with Dig...

7.2AI score
Exploits0References8
securityvulns
securityvulns
added 2014/05/04 12:0 a.m.165 views

APPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3 AirPort Base Station Firmware Update 7.7.3 is now available and addresses the following: Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An...

5CVSS7.5AI score0.99999EPSS
Exploits87
RedHat Linux
RedHat Linux
added 2014/04/17 12:23 p.m.6 views

openssl: information disclosure in handling of TLS heartbeat extension packets

An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server...

7.5CVSS6.8AI score0.99999EPSS
Exploits87References7
Check Point Advisories
Check Point Advisories
added 2014/04/12 12:0 a.m.1 views

TLS and DTLS Heartbeat Extension

The Heartbeat Extension allows keep-alive functionality for TLS/DTLS protocols. Heartbeat consists of two message types, HeartbeatRequest and HeartbeatResponse...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/04/11 12:0 a.m.69 views

AIX OpenSSL Advisory : openssl_advisory7.doc (Heartbleed)

The version of OpenSSL running on the remote host is affected by an information disclosure vulnerability. OpenSSL incorrectly handles memory in the TLS heartbeat extension, potentially allowing a remote attacker to read the contents of up to 64KB of server memory, potentially exposing passwords,...

7.5CVSS8.1AI score0.99999EPSS
Exploits87References5
RedHat Linux
RedHat Linux
added 2014/04/10 7:52 p.m.3 views

openssl: information disclosure in handling of TLS heartbeat extension packets

An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server...

7.5CVSS6.8AI score0.99999EPSS
Exploits87References7
Cisco
Cisco
added 2014/04/09 3:0 a.m.110 views

OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products

Multiple Cisco products incorporate a version of the OpenSSL package affected by a vulnerability that could allow an unauthenticated, remote attacker to retrieve memory in chunks of 64 kilobytes from a connected client or server. The vulnerability is due to a missing bounds check in the handling ...

5CVSS8AI score0.99999EPSS
Exploits87References1
0day.today
0day.today
added 2014/04/09 12:0 a.m.156 views

OpenSSL 1.0.1f TLS Heartbeat Extension - Memory Disclosure (Multiple SSL/TLS versions)

Exploit for multiple platform in category remote exploits Exploit Title: OpenSSL TLS Heartbeat Extension - Memory Disclosure - Multiple SSL/TLS versions Date: 2014-04-09 Exploit Author: Csaba Fitzl Vendor Homepage: http://www.openssl.org/ Software Link:...

5CVSS8.2AI score0.99999EPSS
Exploits87
myhack58
myhack58
added 2014/04/09 12:0 a.m.28 views

heartbleeder automatically detecting OpenSSL heartbleed with repair guide-vulnerability warning-the black bar safety net

heartbleeder can detect your server whether the presence of the OpenSSL CVE-2 0 1 4-0 1 6 0 vulnerability, the heartbleed vulnerability is. What is the heartbleed vulnerability? CVE-2 0 1 4-0 1 6 0, the heartbleed vulnerability is a very serious OpenSSL vulnerability. This vulnerability so that...

0.8AI score
Exploits0
Exploit DB
Exploit DB
added 2014/04/09 12:0 a.m.102 views

OpenSSL 1.0.1f TLS Heartbeat Extension - 'Heartbleed' Memory Disclosure (Multiple SSL/TLS Versions)

Exploit Title: OpenSSL TLS Heartbeat Extension - Memory Disclosure - Multiple SSL/TLS versions Date: 2014-04-09 Exploit Author: Csaba Fitzl Vendor Homepage: http://www.openssl.org/ Software Link: http://www.openssl.org/source/openssl-1.0.1f.tar.gz Version: 1.0.1f Tested on: N/A CVE : 2014-0160...

7.5CVSS8.2AI score0.99999EPSS
Exploits87
Rows per page
Query Builder