Lucene search
K

24 matches found

OSV
OSV
added 2024/05/21 1:56 p.m.3 views

USN-6780-1 python-idna vulnerability

Guido Vranken discovered that idna did not properly manage certain inputs, which could lead to significant resource consumption. An attacker could possibly use this issue to cause a denial of service...

7.5CVSS6.8AI score0.01386EPSS
Exploits1References2
Hacker One
Hacker One
added 2024/04/05 3:13 p.m.56 views

Internet Bug Bounty: CVE-2019-1551: rsaz_512_sqr overflow bug on x86_64

The CVE-2019-1551 vulnerability was an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli in the OpenSSL library. The vulnerability was found and reported by researchers. The issue was mitigated in the 1.1.1 and 1.0.2 versions of OpenSSL...

5.3CVSS5.9AI score0.14298EPSS
Exploits0
The Hacker News
The Hacker News
added 2020/03/24 8:6 p.m.4 views

Critical RCE Bug Affects Millions of OpenWrt-based Network Devices

A cybersecurity researcher today disclosed technical details and proof-of-concept of a critical remote code execution vulnerability affecting OpenWrt , a widely used Linux-based operating system for routers, residential gateways, and other embedded devices that route network traffic. Tracked as...

8.1CVSS8.2AI score0.01588EPSS
Exploits3
OpenVAS
OpenVAS
added 2019/12/29 12:0 a.m.32 views

Debian: Security Advisory (DSA-4594-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS6.3AI score0.14298EPSS
Exploits0References4
OpenSSL
OpenSSL
added 2019/12/06 12:0 a.m.164 views

Vulnerability in OpenSSL - rsaz_512_sqr overflow bug on x86_64

There is an overflow bug in the x8664 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are...

6AI score0.14298EPSS
Exploits0Affected Software1
OpenSSL
OpenSSL
added 2018/06/12 12:0 a.m.61 views

Vulnerability in OpenSSL - Client DoS due to large DH parameter

During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This...

7.7AI score0.49268EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/01/23 12:0 a.m.231 views

Ubuntu 14.04 LTS / 16.04 LTS : OpenSSH vulnerabilities (USN-3538-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3538-1 advisory. Jann Horn discovered that OpenSSH incorrectly loaded PKCS11 modules from untrusted directories. A remote attacker could possibly use this iss...

7.8CVSS7.3AI score0.37431EPSS
Exploits8References6
RedHat Linux
RedHat Linux
added 2017/08/01 3:45 p.m.31 views

Important: Red Hat Security Advisory: freeradius security update

An update for freeradius is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

9.8CVSS7.6AI score0.18318EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2017/06/28 12:0 a.m.36 views

Debian DSA-3900-1 : openvpn - security update

Several issues were discovered in openvpn, a virtual private network application. - CVE-2017-7479 It was discovered that openvpn did not properly handle the rollover of packet identifiers. This would allow an authenticated remote attacker to cause a denial-of-service via application crash. -...

7.5CVSS7.2AI score0.04759EPSS
Exploits0References12
OpenVAS
OpenVAS
added 2017/06/27 12:0 a.m.34 views

Debian Security Advisory DSA 3900-1 (openvpn - security update)

Several issues were discovered in openvpn, a virtual private network application. CVE-2017-7479 It was discovered that openvpn did not properly handle the rollover of packet identifiers. This would allow an authenticated remote attacker to cause a denial-of-service via application crash...

5CVSS0.3AI score0.04759EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2017/05/08 12:0 a.m.97 views

RPCBind / libtirpc Denial Of Service

!/usr/bin/ruby Source: https://raw.githubusercontent.com/guidovranken/rpcbomb/fe53048af2d4fb78c911e71a30f21afcffbbf5e1/rpcbomb.rb By Guido Vranken https://guidovranken.wordpress.com/ Thanks to Sean Verity for writing an exploit in Ruby for an earlier vulnerability:...

8.1AI score0.81921EPSS
Exploits4
Exploit DB
Exploit DB
added 2017/05/08 12:0 a.m.134 views

RPCBind / libtirpc - Denial of Service

!/usr/bin/ruby Source: https://raw.githubusercontent.com/guidovranken/rpcbomb/fe53048af2d4fb78c911e71a30f21afcffbbf5e1/rpcbomb.rb By Guido Vranken https://guidovranken.wordpress.com/ Thanks to Sean Verity for writing an exploit in Ruby for an earlier vulnerability:...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2017/05/08 12:0 a.m.20 views

RPCBind libtirpc - Denial of Service

RPCBind libtirpc - Denial of Service !/usr/bin/ruby Source: https://raw.githubusercontent.com/guidovranken/rpcbomb/fe53048af2d4fb78c911e71a30f21afcffbbf5e1/rpcbomb.rb By Guido Vranken https://guidovranken.wordpress.com/ Thanks to Sean Verity for writing an exploit in Ruby for an earlier...

7.3AI score
Exploits0
OpenSSL
OpenSSL
added 2017/01/26 12:0 a.m.44 views

Vulnerability in OpenSSL - Bad (EC)DHE parameters cause a client crash

If a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack. Found by Guido Vranken...

7.3AI score0.55294EPSS
Exploits5Affected Software1
OpenSSL
OpenSSL
added 2016/06/01 12:0 a.m.58 views

Vulnerability in OpenSSL - Pointer arithmetic undefined behaviour

Avoid some undefined pointer arithmetic A common idiom in the codebase is to check limits in the following manner: “p + len limit” Where “p” points to some malloc’d data of SIZE bytes and limit == p + SIZE “len” here could be from some externally supplied data e.g. from a TLS message. The rules o...

7.6AI score0.44505EPSS
Exploits1Affected Software1
OpenVAS
OpenVAS
added 2016/05/04 12:0 a.m.55 views

Ubuntu: Security Advisory (USN-2959-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS8.6AI score0.89058EPSS
Exploits7References2
OpenSSL
OpenSSL
added 2016/05/03 12:0 a.m.39 views

Vulnerability in OpenSSL - EBCDIC overread

ASN1 Strings that are over 1024 bytes can cause an overread in applications using the X509NAMEoneline function on EBCDIC systems. This could result in arbitrary stack data being returned in the buffer. Found by Guido Vranken...

7.9AI score0.22841EPSS
Exploits1Affected Software1
OpenSSL
OpenSSL
added 2016/05/03 12:0 a.m.86 views

Vulnerability in OpenSSL - EVP_EncodeUpdate overflow

An overflow can occur in the EVPEncodeUpdate function which is used for Base64 encoding of binary data. If an attacker is able to supply very large amounts of input data then a length check can overflow resulting in a heap corruption. Internally to OpenSSL the EVPEncodeUpdate function is primarly...

8AI score0.3965EPSS
Exploits1Affected Software1
Cloud Foundry
Cloud Foundry
added 2016/03/24 12:0 a.m.71 views

USN-2914-1 OpenSSL vulnerabilities | Cloud Foundry

USN-2914-1 OpenSSL vulnerabilities Low Vendor Ubuntu, OpenSSL Versions Affected Ubuntu 14.04 LTS SSLv1 Description Several security issues were fixed in OpenSSL. Yuval Yarom, Daniel Genkin, and Nadia Heninger discovered that OpenSSL was vulnerable to a side-channel attack on modular exponentiatio...

10CVSS8.9AI score0.32414EPSS
Exploits1
OpenSSL
OpenSSL
added 2016/03/01 12:0 a.m.70 views

Vulnerability in OpenSSL - Fix memory issues in BIO_*printf functions

The internal |fmtstr| function used in processing a “%s” format string in the BIOprintf functions could overflow while calculating the length of a string and cause an OOB read when printing very long strings. Additionally the internal |doaproutch| function can attempt to write to an OOB memory...

7AI score0.32414EPSS
Exploits1Affected Software1
Rows per page
Query Builder