Undefined Behavior for Input to API

Overview Affected versions of this package are vulnerable to Undefined Behavior for Input to API in the comparator function responsible for ordering Datagram Transport Layer Security DTLS packets by sequence numbers. An attacker can cause unstable packet ordering or undefined behavior by sending...

CVE-2013-6686

The SSL VPN implementation in Cisco IOS 15.31T2 and earlier allows remote authenticated users to cause a denial of service interface queue wedge via crafted DTLS packets in an SSL session, aka Bug IDs CSCuh97409 and CSCud90568...

K16124: OpenSSL vulnerability CVE-2015-0206

Security Advisory Description Memory leak in the dtls1bufferrecord function in d1pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service memory consumption by sending many duplicate records for the next epoch, leading to failure of replay...

Security Bulletin: Multiple vulnerabilities in OpenSSL affect Flex System FC3171 8Gb SAN Switch and Flex System FC3171 8Gb SAN Pass-thru

Summary There are multiple vulnerabilities in OpenSSL that is used by the Flex System FC3171 8Gb SAN Switch and the Flex System FC3171 8Gb SAN Pass-thru. These issues were disclosed on August 6, 2014 by the OpenSSL Project. Vulnerability Details Summary There are multiple vulnerabilities in OpenS...

Security Bulletin: Multiple vulnerabilities in OpenSSL affect Upward Integration Modules (UIM) (CVE-2014-3508, CVE-2014-5139, CVE-2014-3509, CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512)

Summary There are multiple vulnerabilities in OpenSSL that is used by Upward Integration Modules UIM. These issues were disclosed on August 6, 2014 by the OpenSSL Project. Vulnerability Details Summary There are multiple vulnerabilities in OpenSSL that is used by Upward Integration Modules UIM...

VMware vCenter Converter 5.1.x < 5.1.2 / 5.5.x < 5.5.3 Multiple Vulnerabilities (VMSA-2014-0010) (Shellshock)

The version of VMware vCenter Converter installed on the remote Windows host is 5.1.x prior to 5.1.2 or 5.5.x prior to 5.5.3. It is, therefore, affected by the following vulnerabilities : - A command injection vulnerability exists in GNU Bash known as Shellshock, which is due to the processing of...

CVE-2014-3505

Double free vulnerability in d1both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service application crash via crafted DTLS packets that trigger an error condition...

Ubuntu 14.04 LTS : OpenSSL vulnerabilities (USN-2308-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2308-1 advisory. Adam Langley and Wan-Teh Chang discovered that OpenSSL incorrectly handled certain DTLS packets. A remote attacker could use this issue to cause OpenSSL ...

Design/Logic Flaw

The SSL VPN implementation in Cisco IOS 15.31T2 and earlier allows remote authenticated users to cause a denial of service interface queue wedge via crafted DTLS packets in an SSL session, aka Bug IDs CSCuh97409 and CSCud90568...