Lucene search
K

1527 matches found

CVE
CVE
added 2014/04/22 2:0 p.m.44 views

CVE-2014-2900

CVE-2014-2900 affects wolfSSL’s CyaSSL prior to 2.9.4. The vulnerability stems from improper validation of X.509 certificates with unknown critical extensions, enabling MITM attackers to spoof servers via crafted certificates. Affected software: CyaSSL/wolfSSL before 2.9.4. Impact: potential serv...

5.8CVSS9.2AI score0.00965EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2014/04/22 2:0 p.m.26 views

CVE-2014-2900

wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle attackers to spoof servers via crafted X.509 certificate...

9.3AI score0.00965EPSS
Exploits0References7
NVD
NVD
added 2013/02/08 7:55 p.m.36 views

CVE-2013-1623

The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks...

4.3CVSS6.6AI score0.02424EPSS
Exploits0References5
Prion
Prion
added 2013/02/08 7:55 p.m.27 views

Design/Logic Flaw

The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks...

4.3CVSS6.8AI score0.35584EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2013/02/08 7:0 p.m.92 views

CVE-2013-1623

Technical details about CVE-2013-1623 are not provided in the connected documents. Monitoring for updates is advised; no product, impact, or remediation specifics are disclosed here.

4.3CVSS6.4AI score0.02424EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2013/02/08 7:0 p.m.37 views

CVE-2013-1623

The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks...

6.7AI score0.02424EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2013/02/08 12:0 a.m.29 views

CVE-2013-1623

The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks...

4.3CVSS5.9AI score0.02424EPSS
Exploits0References3
Rows per page
Query Builder