717 matches found
DEBIAN-CVE-2014-1490
Race condition in libssl in Mozilla Network Security Services NSS before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service use-after-free or possibl...
CVE-2014-1490
Race condition in libssl in Mozilla Network Security Services NSS before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service use-after-free or possibl...
CVE-2014-1490
Race condition in libssl in Mozilla Network Security Services NSS before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service use-after-free or possibl...
Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : gnutls13, gnutls26 vulnerabilities (USN-1418-1)
Alban Crequy discovered that the GnuTLS library incorrectly checked array bounds when copying TLS session data. A remote attacker could crash a client application, leading to a denial of service, as the client application prepared for TLS session resumption. CVE-2011-4128 Matthew Hall discovered...
gnutls: buffer overflow in gnutls_session_get_data() (GNUTLS-SA-2011-2)
Buffer overflow in the gnutlssessiongetdata function in lib/gnutlssession.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service application crash via a large SessionTicket...
gnutls: buffer overflow in gnutls_session_get_data() (GNUTLS-SA-2011-2)
Buffer overflow in the gnutlssessiongetdata function in lib/gnutlssession.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service application crash via a large SessionTicket...
FreeBSD Ports: gnutls
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 7462)
Malicious clients could have downgraded a connection to a low strength cipher suite on session resumption if the server offers such ciphers CVE-2010-4180. This has been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...
CVE-2011-4128
CVE-2011-4128 affects GnuTLS: a buffer overflow in gnutls_session_get_data in lib/gnutls_session.c can be triggered when a client uses nonstandard session resumption. A remote TLS server can cause an application crash (DoS) by sending a large SessionTicket. Affected are GnuTLS 2.12.x prior to 2.1...
FreeBSD : gnutls -- client session resumption vulnerability (bdec8dc2-0b3b-11e1-b722-001cc0476564)
The GnuTLS team reports : GNUTLS-SA-2011-2 Possible buffer overflow/Denial of service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018 Jacques Vidrine and contributors...
gnutls -- client session resumption vulnerability
The GnuTLS team reports: GNUTLS-SA-2011-2 Possible buffer overflow/Denial of service...
SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 7463)
Malicious clients could have downgraded a connection to a low strength cipher suite on session resumption if the server offers such ciphers CVE-2010-4180. This has been fixed. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...
Anonymous Vs Sony : Word By Word Q/A b/w Reporters and Sony during Conference !
Anonymous Vs Sony : Word By Word Q/A b/w Reporters and Sony during Conference ! Q. The accuracy of approximately 10 million credit flow A. There is no firm evidence of leakage. Cannot say wether a leak or not. There is no report so far. Q. prospect of resuming services. A. We want to restart the...
OpenSSL SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG Session Resume Ciphersuite Downgrade Issue
The version of OpenSSL on the remote host has been shown to allow resuming session with a weaker cipher than was used when the session was initiated. This means that an attacker that sees i.e., by sniffing the start of an SSL connection can manipulate the OpenSSL session cache to cause subsequent...
CVE-2008-1948
CVE-2008-1948 affects GnuTLS before 2.2.4. The _gnutls_server_name_recv_params function in libext_server_name.c within libgnutls/gnutls-serv mishandles the Server Names count in TLS 1.0 Client Hello extensions, causing a buffer overflow in session resumption data and potentially a crash or arbitr...
GNUTLS-SA-2008-1-1 GnuTLS buffer overflow
The gnutlsservernamerecvparams function in lib/extservername.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service crash or...
GNUTLS-SA-2008-1-1 GnuTLS buffer overflow
The gnutlsservernamerecvparams function in lib/extservername.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service crash or...