Lucene search
K

203 matches found

Tenable Nessus
Tenable Nessus
added 2016/09/23 12:0 a.m.49 views

Debian DSA-3673-1 : openssl - security update

Several vulnerabilities were discovered in OpenSSL : - CVE-2016-2177 Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-p ointer-arithmetic/ - CVE-2016-2178 Cesar Pereida, Billy...

9.8CVSS7.4AI score0.95707EPSS
Exploits8References25
Ubuntu
Ubuntu
added 2016/09/22 8:25 p.m.88 views

USN-3087-1: OpenSSL vulnerabilities

Shi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request extension. A remote attacker could possibly use this issue to cause memory consumption, resulting in a denial of service. CVE-2016-6304 Guido Vranken discovered that OpenSSL used undefined behaviour when performing pointe...

9.8CVSS7.3AI score0.95707EPSS
Exploits8
OSV
OSV
added 2016/09/22 12:0 a.m.55 views

DSA-3673-1 openssl - security update

Bulletin has no description...

9.8CVSS6.9AI score0.63029EPSS
Exploits2
Oracle linux
Oracle linux
added 2016/05/12 12:0 a.m.77 views

kernel security and bug fix update

3.10.0-327.18.2.OL7 - Oracle Linux certificates Alexey Petrenko 3.10.0-327.18.2 - lib keys: Fix ASN.1 indefinite length object parsing David Howells 1308814 1308815 CVE-2016-0758 3.10.0-327.18.1 - scsi bnx2fc: Fix FCP RSP residual parsing Maurizio Lombardi 1322279 1306342 - mm madvise: fix...

7.2CVSS0.4AI score0.00397EPSS
Exploits0
CNVD
CNVD
added 2016/01/16 12:0 a.m.6 views

FreeRadius EAP-PWD module buffer overflow vulnerability

FreeRadius is a suite of software that implements the RADIUS protocol from the FreeRADIUS Server project. The EAP-PWD module of FreeRadius fails to validate the length of the commit message load, allowing remote attackers to exploit the vulnerability to submit special requests for denial-of-servi...

8.1CVSS9.2AI score0.01235EPSS
Exploits0References1
exploitpack
exploitpack
added 2015/07/20 12:0 a.m.27 views

TcpDump - rpki_rtr_pdu_print Out-of-Bounds Denial of Service

TcpDump - rpkirtrpduprint Out-of-Bounds Denial of Service Exploit Title: TcpDump rpkirtrpduprint Out-of-Bounds Denial of Service Date: 7.18.2015 Exploit Author: Luke Arntson [email protected] Vendor Homepage: http://www.tcpdump.org/ Software Link: http://www.tcpdump.org/ Version: 4.6.2, 4.5.1,...

5CVSS0.19028EPSS
Exploits5
OSV
OSV
added 2014/11/30 1:59 a.m.2 views

DEBIAN-CVE-2014-8884

Stack-based buffer overflow in the ttusbdecfedvbsdiseqcsendmastercmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial of service system crash or possibly gain privileges via a large message length in an ioctl call...

6.1CVSS6.4AI score0.00638EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2012/11/26 12:0 a.m.44 views

FreeBSD : FreeBSD -- Insufficient message length validation for EAP-TLS messages (f115f693-36b2-11e2-a633-902b343deec9)

Problem description : The internal authentication server of hostapd does not sufficiently validate the message length field of EAP-TLS messages. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML databa...

4.3CVSS5.2AI score0.0422EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2012/11/26 12:0 a.m.27 views

FreeBSD Ports: FreeBSD

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

4.3CVSS6.3AI score0.0422EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2012/10/18 12:0 a.m.31 views

Fedora 16 : hostapd-0.7.3-10.fc16 (2012-15748)

EAP-TLS server: Fix TLS Message Length validation Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

4.3CVSS5.3AI score0.0422EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2012/10/18 12:0 a.m.20 views

Fedora 17 : hostapd-0.7.3-10.fc17 (2012-15759)

EAP-TLS server: Fix TLS Message Length validation Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

4.3CVSS5.3AI score0.0422EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2012/10/15 12:0 a.m.20 views

Fedora 18 : hostapd-1.0-3.fc18 (2012-15680)

EAP-TLS server: Fix TLS Message Length validation Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

4.3CVSS5.3AI score0.0422EPSS
Exploits0References3
OSV
OSV
added 2012/10/10 6:55 p.m.7 views

CVE-2012-4445

Heap-based buffer overflow in the eapservertlsprocessfragment function in eapservertlscommon.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service crash or abort via a small "TLS Message Length" value in an EAP-TLS message with the "Mor...

7AI score
Exploits0References12
Cvelist
Cvelist
added 2012/10/10 6:0 p.m.26 views

CVE-2012-4445

Heap-based buffer overflow in the eapservertlsprocessfragment function in eapservertlscommon.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service crash or abort via a small "TLS Message Length" value in an EAP-TLS message with the "Mor...

6.9AI score0.0422EPSS
Exploits0References12
Check Point Advisories
Check Point Advisories
added 2011/11/08 12:0 a.m.17 views

Microsoft Windows Messenger Service Buffer Overrun Code Execution (CVE-2003-0717)

A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to improper validation of message length. A remote attacker may exploit this vulnerability by sending an overly long message to the target service. Successful exploitation may allow the attacker...

7.5CVSS7.4AI score0.63464EPSS
Exploits2
NVD
NVD
added 2005/01/10 5:0 a.m.18 views

CVE-2004-0893

The Local Procedure Call LPC interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability."...

7.2CVSS6.6AI score0.01514EPSS
Exploits0References10
securityvulns
securityvulns
added 2003/10/20 12:0 a.m.31 views

[Full-Disclosure] Proof of concept for Windows Messenger Service overflow

/ DoS Proof of Concept for MS03-043 - exploitation shouldn't be too hard. Launching it one or two times against the target should make the machine reboot. Tested against a Win2K SP4. "The vulnerability results because the Messenger Service does not properly validate the length of a message before...

7.3AI score
Exploits0
Exploit DB
Exploit DB
added 2003/08/05 12:0 a.m.20 views

EveryBuddy 0.4.3 - Long Message Denial of Service

source: https://www.securityfocus.com/bid/8343/info EveryBuddy is prone to a denial of service vulnerability when handling instant messages of excessive length. This could be exploited with a malicious instant messaging client. This condition may be due to a buffer overflow, though this has not...

7AI score
Exploits0
NVD
NVD
added 2003/05/05 4:0 a.m.17 views

CVE-2003-0163

decryptmsg for the Gaim-Encryption GAIM plugin 1.15 and earlier does not properly validate a message length parameter, which allows remote attackers to cause a denial of service crash via a negative length, which overwrites arbitrary heap memory with a zero byte...

5CVSS6.9AI score0.01039EPSS
Exploits0References3
Cvelist
Cvelist
added 2003/04/15 4:0 a.m.26 views

CVE-2003-0163

decryptmsg for the Gaim-Encryption GAIM plugin 1.15 and earlier does not properly validate a message length parameter, which allows remote attackers to cause a denial of service crash via a negative length, which overwrites arbitrary heap memory with a zero byte...

6.9AI score0.01039EPSS
Exploits0References3
Rows per page
Query Builder