Lucene search
K

145 matches found

OpenVAS
OpenVAS
added 2015/09/29 12:0 a.m.32 views

Gentoo Security Advisory GLSA 201502-06

Gentoo Linux Local Security Checks GLSA 201502-06 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

4.3CVSS5AI score0.05654EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2015/09/08 12:0 a.m.18 views

Amazon Linux: Security Advisory (ALAS-2015-545)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS9.6AI score0.08565EPSS
Exploits0References2
seebug.org
seebug.org
added 2015/09/06 12:0 a.m.24 views

nginx 0.5.6 - 1.7.4 SSL session vulnerable

No description provided by source...

7.1AI score
Exploits0
Mageia
Mageia
added 2015/07/01 12:40 p.m.45 views

Updated postgresql package fixes security vulnerability

Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service crash by closing an SSL session at a time when the authentication timeout will expire during the session...

9.8CVSS9.1AI score0.08565EPSS
Exploits0References5
Amazon
Amazon
added 2015/06/16 12:0 a.m.30 views

Medium: postgresql92

Issue Overview: Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service crash by closing an SSL session at a time when the authentication timeout will expire...

4.3CVSS9.1AI score0.08565EPSS
Exploits0
OSV
OSV
added 2015/05/22 12:0 a.m.2 views

UBUNTU-CVE-2015-3165

Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service crash by closing an SSL session at a time when the authentication timeout will expire during the session...

4.3CVSS7.3AI score0.08565EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2015/03/30 12:0 a.m.25 views

Mandriva Linux Security Advisory : nginx (MDVSA-2015:094)

Updated nginx package fixes security vulnerabilities : A bug in the experimental SPDY implementation in nginx was found, which might allow an attacker to cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentially resulting in arbitrary code execution...

7.5CVSS9.1AI score0.09293EPSS
Exploits1References4
Gentoo Linux
Gentoo Linux
added 2015/02/07 12:0 a.m.35 views

nginx: Information disclosure

Background nginx is a robust, small, and high performance HTTP and reverse proxy server. Description An SSL session fixation vulnerability has been found in nginx when multiple servers use the same shared sslsessioncache or sslsessionticketkey. Impact A remote attacker may be able to obtain...

4.3CVSS6.2AI score0.05654EPSS
Exploits0
OpenVAS
OpenVAS
added 2015/01/23 12:0 a.m.53 views

Juniper Networks Junos OS SSL Session Injection Vulnerability

Junos OS is prone to a OpenSSL session injection and denial of service vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

4CVSS7.2AI score0.34132EPSS
Exploits0References2
OSV
OSV
added 2015/01/10 2:59 a.m.6 views

CVE-2015-0564

Buffer underflow in the ssldecryptrecord function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service application crash via a crafted packet that is improperly handled during decryption of an SSL...

5.2AI score
Exploits0References12
UbuntuCve
UbuntuCve
added 2015/01/10 2:59 a.m.28 views

CVE-2015-0564

Buffer underflow in the ssldecryptrecord function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service application crash via a crafted packet that is improperly handled during decryption of an SSL...

5CVSS6.5AI score0.02775EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2015/01/10 2:0 a.m.40 views

CVE-2015-0564

Buffer underflow in the ssldecryptrecord function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service application crash via a crafted packet that is improperly handled during decryption of an SSL...

5CVSS5.2AI score0.02775EPSS
Exploits0
Cvelist
Cvelist
added 2015/01/10 2:0 a.m.23 views

CVE-2015-0564

Buffer underflow in the ssldecryptrecord function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service application crash via a crafted packet that is improperly handled during decryption of an SSL...

5.2AI score0.02775EPSS
Exploits0References12
NVD
NVD
added 2014/12/08 11:59 a.m.17 views

CVE-2014-3616

nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...

4.3CVSS6.5AI score0.05654EPSS
Exploits0References2
OSV
OSV
added 2014/12/08 11:59 a.m.9 views

CVE-2014-3616

nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...

6.4AI score
Exploits0References2
Prion
Prion
added 2014/12/08 11:59 a.m.22 views

Type confusion

nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...

4.3CVSS7.1AI score0.05654EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2014/12/08 11:0 a.m.23 views

CVE-2014-3616

nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...

6.3AI score0.05654EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2014/12/08 11:0 a.m.42 views

CVE-2014-3616

nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...

4.3CVSS6.4AI score0.05654EPSS
Exploits0
OSV
OSV
added 2014/10/28 11:33 a.m.11 views

MGASA-2014-0427 Updated nginx packages fix CVE-2014-3616

Updated nginx package fixes security vulnerability: Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that it was possible to reuse cached SSL sessions in unrelated contexts, allowing virtual host confusion attacks in some configurations by an attacker in a privileged network position...

4.3CVSS6.2AI score0.05654EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2014/09/22 4:32 p.m.54 views

USN-2351-1: nginx vulnerability

Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that nginx incorrectly reused cached SSL sessions. An attacker could possibly use this issue in certain configurations to obtain access to information from a different virtual host...

4.3CVSS5.4AI score0.05654EPSS
Exploits0
Rows per page
Query Builder