35 matches found
CVE-2015-2320
The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback...
CVE-2015-2318
The CVE-2015-2318 entry concerns the Mono TLS stack prior to version 3.12.1. The issue, called SMACK SKIP-TLS, arises from missing handshake state validation, enabling man-in-the-middle attackers to exploit message skipping and impersonate clients. Affected software: Mono’s TLS implementation (pr...
CVE-2015-2318
The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue...
CVE-2015-2320
The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback...
CVE-2015-2319
The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORTRSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204...
CVE-2015-2320
CVE-2015-2320 affects the Mono TLS stack prior to 3.12.1, where the vulnerability arises from client-side SSLv2 fallback. The description specifies that remote attackers can cause unspecified impact. The included metrics show a base score of 7.5 (CVSSv2) and a 9.8 (CVSSv3) with network access and...
CVE-2015-2320
The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback...
CVE-2017-15118
A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requir...
Finding Ticketbleed
Ticketbleed CVE-2016-9244 is a software vulnerability in the TLS stack of certain F5 products that allows a remote attacker to extract up to 31 bytes of uninitialized memory at a time, which can contain any kind of random sensitive information, like in Heartbleed. If you suspect you might be...
Finding Ticketbleed
Ticketbleed CVE-2016-9244 is a software vulnerability in the TLS stack of certain F5 products that allows a remote attacker to extract up to 31 bytes of uninitialized memory at a time, which can contain any kind of random sensitive information, like in Heartbleed. If you suspect you might be...
Debian DLA-176-1 : mono security update
Three issues with Mono's TLS stack are addressed. CVE-2015-2318 Mono's implementation of the SSL/TLS stack failed to check the order of the handshake messages. Which would allow various attacks on the protocol to succeed. 'SKIP-TLS' CVE-2015-2319 Mono's implementation of SSL/TLS also contained...
DSA-3202-1 mono - security update
Bulletin has no description...
DLA-176-1 mono - security update
Bulletin has no description...
CVE-2015-2318
The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue...
CVE-2015-2319
The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORTRSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204...