Lucene search
K

65 matches found

Tenable Nessus
Tenable Nessus
added 2022/04/28 12:0 a.m.31 views

Cisco Adaptive Security Appliance Software AnyConnect SSL VPN DoS (cisco-sa-vpndtls-dos-TunzLEV)

According to its self-reported version, Cisco ASA Software is affected by a vulnerability in the implementation of the Datagram TLS DTLS protocol that could allow an unauthenticated, remote attacker to cause high CPU utilization, resulting in a denial of service DoS condition. This vulnerability ...

7.5CVSS7.3AI score0.00685EPSS
Exploits0References3
OSV
OSV
added 2022/04/21 7:15 p.m.3 views

CVE-2022-20795

A vulnerability in the implementation of the Datagram TLS DTLS protocol in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause high CPU utilization, resulting in a denial of service DoS condition...

7.5CVSS5.8AI score0.00685EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/04/20 4:0 p.m.5 views

CVE-2022-20795

A vulnerability in the implementation of the Datagram TLS DTLS protocol in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause high CPU utilization, resulting in a denial of service DoS condition...

7.5CVSS7.2AI score0.00685EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/11/02 12:0 a.m.7 views

PT-2021-7020 · Cisco · Cisco Ftd +1

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Cisco Firepower Threat Defense FTD Software affected versions not specified Description: A vulnerability in the implementation of the Datagram TLS DTLS protocol...

7.5CVSS7.4AI score0.00685EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2021/10/27 12:0 a.m.3 views

PT-2021-4604 · Cisco · Cisco Asa +1

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software affected versions not specified Description: A vulnerability in the software-based SSL/TLS message handler could allow an unauthenticated, remote attacke...

8.6CVSS7.3AI score0.0155EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2016/12/15 10:11 p.m.7 views

OpenSSL: Invalid free in DTLS

An invalid-free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could send a specially crafted message to the peer, which could cause the application to crash or potentially result in arbitrary code execution...

7.5CVSS7.1AI score0.16587EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2016/09/27 1:46 p.m.4 views

openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer

It was discovered that the Datagram TLS DTLS implementation could fail to release memory in certain cases. A malicious DTLS client could cause a DTLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory...

7.5CVSS7.2AI score0.26559EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2016/09/27 1:46 p.m.8 views

openssl: DTLS replay protection bypass allows DoS against DTLS connection

A flaw was found in the Datagram TLS DTLS replay protection implementation in OpenSSL. A remote attacker could possibly use this flaw to make a DTLS server using OpenSSL to reject further packets sent from a DTLS client over an established DTLS connection...

7.5CVSS7.2AI score0.22634EPSS
Exploits1References5
OSV
OSV
added 2016/09/16 5:59 a.m.5 views

ALPINE-CVE-2016-2181

The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service false-positive packet drops via spoofed DTLS records, related to reclayerd1...

7.5CVSS6.8AI score0.22634EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2016/08/23 3:19 p.m.36 views

CVE-2016-2179

It was discovered that the Datagram TLS DTLS implementation could fail to release memory in certain cases. A malicious DTLS client could cause a DTLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory...

7.5CVSS2.1AI score0.26559EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2015/01/21 9:28 p.m.3 views

openssl: DTLS segmentation fault in dtls1_get_record

A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash...

5CVSS6.7AI score0.22964EPSS
Exploits0References5
CNVD
CNVD
added 2015/01/04 12:0 a.m.2 views

LibreSSL Double Release Vulnerability

LibreSSL is a fork of the OpenSSL cryptographic software library developed by the OpenBSD project and an open source implementation of the Secure Sockets Layer SSL and Transport Layer Security TLS protocols. A double-release vulnerability exists in the 'sslparseclienthellousesrtpext' function in...

7.5CVSS6.8AI score0.01796EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2014/09/24 4:53 p.m.4 views

openssl: DTLS packet processing double free

A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory...

5CVSS6.8AI score0.4334EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2014/08/21 3:30 p.m.5 views

openssl: DoS when sending invalid DTLS handshake

A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash...

4.3CVSS6.6AI score0.87892EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2014/08/14 4:44 a.m.3 views

openssl: DTLS memory exhaustion

A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory...

5CVSS6.8AI score0.44247EPSS
Exploits0References5
0day.today
0day.today
added 2014/07/01 12:0 a.m.115 views

OpenSSL DTLS Fragment Buffer Overflow DoS Exploit

This module performs a Denial of Service Attack against Datagram TLS in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h. This occurs when a DTLS ClientHello message has multiple fragments and the fragment lengths of later fragments are larger than that of the first, a buffer...

7.4AI score0.99977EPSS
Exploits4
Metasploit
Metasploit
added 2014/06/07 7:56 p.m.40 views

OpenSSL DTLS Fragment Buffer Overflow DoS

This module performs a Denial of Service Attack against Datagram TLS in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h. This occurs when a DTLS ClientHello message has multiple fragments and the fragment lengths of later fragments are larger than that of the first, a buffer...

6.8CVSS7.8AI score0.99977EPSS
Exploits4
RedHat Linux
RedHat Linux
added 2014/06/05 12:12 p.m.5 views

openssl: DoS when sending invalid DTLS handshake

A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash...

4.3CVSS6.6AI score0.87892EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2014/06/05 11:50 a.m.7 views

openssl: DoS when sending invalid DTLS handshake

A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash...

4.3CVSS6.6AI score0.87892EPSS
Exploits0References5
ThreatPost
ThreatPost
added 2013/02/11 4:57 p.m.27 views

Theoretical Lucky Thirteen TLS Attacks Could Turn Practical

For now, the Lucky Thirteen attacks described in a paper last week by researchers at Royal Holloway, University of London, are largely theoretical. But the potential exists to adapt techniques used in the BEAST attacks against TLS/SSL to improve the feasibility of Lucky Thirteen, a researcher sai...

7.1AI score
Exploits0References4
Rows per page
Query Builder