Lucene search
K

8 matches found

RedHat Linux
RedHat Linux
added 2017/06/07 5:54 p.m.210 views

Important: Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.23 Service Pack 1 for RHEL 6

An update is now available for Red Hat JBoss Core Services on RHEL 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.8CVSS7AI score0.7907EPSS
Exploits11References10
OpenSSL
OpenSSL
added 2016/09/21 12:0 a.m.41 views

Vulnerability in OpenSSL - Excessive allocation of memory in tls_get_message_header()

A TLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being...

7.4AI score0.13837EPSS
Exploits0Affected Software1
OpenSSL
OpenSSL
added 2016/09/21 12:0 a.m.68 views

Vulnerability in OpenSSL - Certificate message OOB reads

In OpenSSL 1.0.2 and earlier some missing message length checks can result in OOB reads of up to 2 bytes beyond an allocated buffer. There is a theoretical DoS risk but this has not been observed in practice on common platforms. The messages affected are client certificate, client certificate...

7.8AI score0.41683EPSS
Exploits1Affected Software1
OpenSSL
OpenSSL
added 2016/09/21 12:0 a.m.41 views

Vulnerability in OpenSSL - Excessive allocation of memory in dtls1_preprocess_fragment()

A DTLS message includes 3 bytes for its length in the header for the message. This would allow for messages up to 16Mb in length. Messages of this length are excessive and OpenSSL includes a check to ensure that a peer is sending reasonably sized messages in order to avoid too much memory being...

7.4AI score0.14067EPSS
Exploits0Affected Software1
OpenSSL
OpenSSL
added 2016/08/24 12:0 a.m.55 views

Vulnerability in OpenSSL - OOB write in MDC2_Update()

An overflow can occur in MDC2Update either if called directly or through the EVPDigestUpdate function using MDC2. If an attacker is able to supply very large amounts of input data after a previous call to EVPEncryptUpdate with a partial block then a length check can overflow resulting in a heap...

8.1AI score0.31985EPSS
Exploits1Affected Software1
OpenSSL
OpenSSL
added 2016/08/23 12:0 a.m.92 views

Vulnerability in OpenSSL - Malformed SHA512 ticket DoS

If a server uses SHA512 for TLS session ticket HMAC it is vulnerable to a DoS attack where a malformed ticket will result in an OOB read which will ultimately crash. The use of SHA512 in TLS session tickets is comparatively rare as it requires a custom server callback and ticket lookup mechanism...

7.7AI score0.26441EPSS
Exploits1Affected Software1
OpenSSL
OpenSSL
added 2016/08/16 12:0 a.m.48 views

Vulnerability in OpenSSL - OOB write in BN_bn2dec()

The function BNbn2dec does not check the return value of BNdivword. This can cause an OOB write if an application uses this function with an overly large BIGNUM. This could be a problem if an overly large certificate or CRL is printed out from an untrusted source. TLS is not affected because reco...

8.8AI score0.44218EPSS
Exploits1Affected Software1
OpenSSL
OpenSSL
added 2016/07/22 12:0 a.m.43 views

Vulnerability in OpenSSL - OOB read in TS_OBJ_print_bio()

The function TSOBJprintbio misuses OBJobj2txt: the return value is the total length the OID text representation would use and not the amount of data written. This will result in OOB reads when large OIDs are presented. Found by Shi Lei Gear Team, Qihoo 360 Inc...

7.7AI score0.28533EPSS
Exploits1Affected Software1
Rows per page
Query Builder