3 matches found
CVE-2015-3194
OpenSSL vulnerability CVE-2015-3194 affects OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e, where an RSA PSS ASN.1 signature missing a mask generation function parameter can allow a remote attacker to cause a denial of service (NULL pointer dereference and crash). Mitigation is to upgrade to...
CVE-2015-3193
CVE-2015-3193 affects OpenSSL 1.0.2 on x86_64 where the Montgomery squaring implementation (BN_mod_exp path) mishandles carry propagation, potentially exposing private-key information via DH/DHE ciphersuites. OpenSSL versions 1.0.2 before 1.0.2e are vulnerable; fixed in 1.0.2e. Affected component...
CVE-2015-6764
CVE-2015-6764 is an out-of-bounds read in Google V8’s BasicJsonStringifier::SerializeJSArray used by Chrome up to version 47.0.2526.73. The issue allows remote denial-of-service or other impact via crafted JavaScript; Debian advisory confirms the flaw and provides fixed package version 47.0.2526....