Lucene search
K

13 matches found

Cloud Foundry
Cloud Foundry
added 2016/03/24 12:0 a.m.70 views

USN-2914-1 OpenSSL vulnerabilities | Cloud Foundry

USN-2914-1 OpenSSL vulnerabilities Low Vendor Ubuntu, OpenSSL Versions Affected Ubuntu 14.04 LTS SSLv1 Description Several security issues were fixed in OpenSSL. Yuval Yarom, Daniel Genkin, and Nadia Heninger discovered that OpenSSL was vulnerable to a side-channel attack on modular exponentiatio...

10CVSS8.9AI score0.32414EPSS
Exploits1
OpenSSL
OpenSSL
added 2015/12/03 12:0 a.m.54 views

Vulnerability in OpenSSL - X509_ATTRIBUTE memory leak

When presented with a malformed X509ATTRIBUTE structure OpenSSL will leak memory. This structure is used by the PKCS7 and CMS routines so any application which reads PKCS7 or CMS data from untrusted sources is affected. SSL/TLS is not affected. Found by Adam Langley Google/BoringSSL using libFuzz...

6.4AI score0.38709EPSS
Exploits1Affected Software1
OpenSSL
OpenSSL
added 2014/08/06 12:0 a.m.56 views

Vulnerability in OpenSSL - OpenSSL TLS protocol downgrade attack

A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate TLS 1.0 instead of higher protocol versions when the ClientHello message is badly fragmented. This allows a man-in-the-middle attacker to force a downgrade to TLS 1.0 even if both the server and the client support a higher...

5.6AI score0.13327EPSS
Exploits0Affected Software1
OpenSSL
OpenSSL
added 2014/08/06 12:0 a.m.43 views

Vulnerability in OpenSSL - DTLS memory exhaustion

A DTLS flaw leading to memory exhaustion was found. An attacker can force openssl to consume large amounts of memory whilst processing DTLS handshake messages. This could lead to a Denial of Service attack. Found by Adam Langley Google...

5.7AI score0.44247EPSS
Exploits0Affected Software1
OpenSSL
OpenSSL
added 2014/08/06 12:0 a.m.46 views

Vulnerability in OpenSSL - DTLS memory leak from zero-length fragments

A DTLS memory leak from zero-length fragments was found. By sending carefully crafted DTLS packets an attacker could cause OpenSSL to leak memory. This could lead to a Denial of Service attack. Found by Adam Langley Google...

5.6AI score0.51436EPSS
Exploits0Affected Software1
GithubExploit
GithubExploit
added 2014/07/15 10:3 a.m.6 views

Exploit for Inadequate Encryption Strength in Openssl

Adam Langley's tool for testing for OpenSSL CVE-2014-0224, origi...

7.4CVSS8.4AI score0.95326EPSS
Exploits9
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

OpenSSL - Remote DoS

No description provided by source. / hoagieopensslrecordofdeath.c OPENSSL REMOTE DENIAL-OF-SERVICE EXPLOIT - OpenSSL 0.9.8m short = 16 bit - OpenSSL 0.9.8f through 0.9.8m short != 16 bit CVE-2010-0740 Bug discovered by: Bodo Moeller and Adam Langley Google Philip Olausson [email protected]...

5CVSS7.7AI score0.2035EPSS
Exploits5
Hacker One
Hacker One
added 2014/04/05 11:51 p.m.178 views

Internet Bug Bounty: TLS heartbeat read overrun

A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including 1.0.1f and 1.0.2-beta1. Thanks for Neel Mehta of Google Security for discovering th...

5CVSS7.6AI score0.99999EPSS
Exploits87
The Hacker News
The Hacker News
added 2014/02/25 6:45 a.m.45 views

Apple's SSL Vulnerability might allow NSA to hack iOS Devices Remotely

Just two days before Apple has disclosed a critical Security flaw in the SSL implementation on the iOS software that would allow man-in-the-middle attacks to intercept the SSL data by spoofing SSL servers. Dubbed as CVE-2014-1266, the so-called ‘goto fail;’ vulnerability in which the secure...

5.8CVSS6.2AI score0.05715EPSS
Exploits6
OpenSSL
OpenSSL
added 2013/02/05 12:0 a.m.31 views

Vulnerability in OpenSSL - TLS 1.1 and 1.2 AES-NI crash

A flaw in the OpenSSL handling of CBC ciphersuites in TLS 1.1 and TLS 1.2 on AES-NI supporting platforms can be exploited in a DoS attack. Found by Adam Langley and Wolfgang Ettlinger...

7.3AI score0.39593EPSS
Exploits2Affected Software1
0day.today
0day.today
added 2012/04/21 12:0 a.m.74 views

OpenSSL 1.0.1 ASN1 BIO Vulnerability

Exploit for multiple platform in category remote exploits OpenSSL Security Advisory 19 Apr 2012 ======================================= ASN1 BIO vulnerability CVE-2012-2110 ======================================= A potentially exploitable vulnerability has been discovered in the OpenSSL function...

7.1AI score0.48298EPSS
Exploits8
OpenSSL
OpenSSL
added 2012/01/04 12:0 a.m.45 views

Vulnerability in OpenSSL - Uninitialized SSL 3.0 Padding

OpenSSL failed to clear the bytes used as block cipher padding in SSL 3.0 records which could leak the contents of memory in some circumstances. Found by Adam Langley...

7.3AI score0.14523EPSS
Exploits0Affected Software1
OpenSSL
OpenSSL
added 2010/03/24 12:0 a.m.56 views

Vulnerability in OpenSSL CVE-2010-0740

In TLS connections, certain incorrectly formatted records can cause an OpenSSL client or server to crash due to a read attempt at NULL. Found by Bodo Moeller and Adam Langley Google...

7.2AI score0.2035EPSS
Exploits5Affected Software1
Rows per page
Query Builder