Lucene search
K

154 matches found

Slackware Linux
Slackware Linux
added 2014/10/15 5:58 p.m.77 views

[slackware-security] openssl

New openssl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/openssl-solibs-1.0.1j-i486-1slack14.1.txz: Upgraded. Security fix...

7.1CVSS5.3AI score0.99999EPSS
Exploits7
UbuntuCve
UbuntuCve
added 2014/10/15 12:0 a.m.55 views

CVE-2014-3567

Memory leak in the tlsdecryptticket function in t1lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service memory consumption via a crafted session ticket that triggers an integrity-check failure...

7.1CVSS6.8AI score0.23598EPSS
Exploits0References3
Amazon
Amazon
added 2014/10/15 12:0 a.m.66 views

Important: openssl

Issue Overview: A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol SRTP extension data. A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server. CVE-2014-3513 A memory...

7.1CVSS7.7AI score0.37072EPSS
Exploits0
Cent OS
Cent OS
added 2014/09/30 11:21 a.m.99 views

nss security update

CentOS Errata and Security Advisory CESA-2014:1246 Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Commo...

10CVSS7.1AI score0.06381EPSS
Exploits5References7
OSV
OSV
added 2014/09/17 12:0 a.m.7 views

UBUNTU-CVE-2014-3616

nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...

4.3CVSS5.8AI score0.05654EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/09/16 5:39 a.m.4 views

nss: TOCTOU, potential use-after-free in libssl's session ticket processing (MFSA 2014-12)

A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application...

9.3CVSS7.1AI score0.0399EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2014/07/22 5:59 p.m.5 views

nss: TOCTOU, potential use-after-free in libssl's session ticket processing (MFSA 2014-12)

A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application...

9.3CVSS7.1AI score0.0399EPSS
Exploits1References5
OSV
OSV
added 2014/02/06 5:44 a.m.2 views

DEBIAN-CVE-2014-1490

Race condition in libssl in Mozilla Network Security Services NSS before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service use-after-free or possibl...

9.3CVSS7.8AI score0.0399EPSS
Exploits1References1
Prion
Prion
added 2014/02/06 5:44 a.m.25 views

Race condition

Race condition in libssl in Mozilla Network Security Services NSS before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service use-after-free or possibl...

9.3CVSS7.9AI score0.0399EPSS
Exploits1References36Affected Software14
ATTACKERKB
ATTACKERKB
added 2014/02/06 5:44 a.m.6 views

CVE-2014-1490

Race condition in libssl in Mozilla Network Security Services NSS before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service use-after-free or possibl...

9.3CVSS7.7AI score0.0399EPSS
Exploits1References38
Debian CVE
Debian CVE
added 2014/02/06 2:0 a.m.30 views

CVE-2014-1490

Race condition in libssl in Mozilla Network Security Services NSS before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service use-after-free or possibl...

9.3CVSS9AI score0.0399EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2014/02/05 12:0 a.m.34 views

Firefox ESR 24.x < 24.3 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox ESR 24.x is earlier than 24.3 and is, therefore, potentially affected by the following vulnerabilities : - Memory issues exist in the browser engine that could result in a denial of service or arbitrary code execution. CVE-2014-1477 - An error exists related to...

10CVSS7.2AI score0.07072EPSS
Exploits9References16
RedHat Linux
RedHat Linux
added 2012/03/27 10:51 p.m.16 views

gnutls: buffer overflow in gnutls_session_get_data() (GNUTLS-SA-2011-2)

Buffer overflow in the gnutlssessiongetdata function in lib/gnutlssession.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service application crash via a large SessionTicket...

4.3CVSS7.5AI score0.02386EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2012/03/27 10:49 p.m.7 views

gnutls: buffer overflow in gnutls_session_get_data() (GNUTLS-SA-2011-2)

Buffer overflow in the gnutlssessiongetdata function in lib/gnutlssession.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service application crash via a large SessionTicket...

4.3CVSS7.5AI score0.02386EPSS
Exploits0References4
Rows per page
Query Builder