5 results (0.016 seconds)

CVSS: 7.5EPSS: 97%CPEs: 54EXPL: 16

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. Las implementaciones de (1) TLS y (2) DTLS en OpenSSL 1.0.1 en versiones anteriores a 1.0.1g no manejan adecuadamente paquetes Heartbeat Extension, lo que permite a atacantes remotos obtener información sensible desde la memoria de proceso a través de paquetes manipulados que desencadenan una sobrelectura del buffer, según lo demostrado mediante la lectura de claves privadas, relacionado con d1_both.c y t1_lib.c, también conocido como bug Heartbleed. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. • https://www.exploit-db.com/exploits/32764 https://www.exploit-db.com/exploits/32791 https://www.exploit-db.com/exploits/32998 https://www.exploit-db.com/exploits/32745 https://github.com/0x90/CVE-2014-0160 https://github.com/jdauphant/patch-openssl-CVE-2014-0160 https://github.com/caiqiqi/OpenSSL-HeartBleed-CVE-2014-0160-PoC https://github.com/obayesshelton/CVE-2014-0160-Scanner https://github.com/MrE-Fog/CVE-2014-0160-Chrome-Plugin https://github.com/Xyl2k/CVE-2014&# • CWE-125: Out-of-bounds Read CWE-201: Insertion of Sensitive Information Into Sent Data •

CVSS: 5.0EPSS: 6%CPEs: 135EXPL: 0

Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 Build 220_16 and 1.11 Build 29_20, as used in multiple CA products, allows remote attackers to cause a denial of service via a crafted message to TCP port 4105. • http://secunia.com/advisories/18681 http://securitytracker.com/id?1015571 http://supportconnectw.ca.com/public/ca_common_docs/camessagsecurity_notice.asp http://www.osvdb.org/21146 http://www.securityfocus.com/archive/1/423785/100/0/threaded http://www.securityfocus.com/bid/16475 http://www.vupen.com/english/advisories/2006/0414 http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33581 https://exchange.xforce.ibmcloud.com/vulnerabilities/24448 •

CVSS: 5.0EPSS: 6%CPEs: 136EXPL: 0

Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 Build 220_16 and 1.11 Build 29_20, as used in multiple CA products, allows remote attackers to cause a denial of service via spoofed CAM control messages. • http://secunia.com/advisories/18681 http://securityreason.com/securityalert/404 http://securitytracker.com/id?1015571 http://www.securityfocus.com/archive/1/423785/100/0/threaded http://www.securityfocus.com/bid/16475 http://www.vupen.com/english/advisories/2006/0414 http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33581 https://exchange.xforce.ibmcloud.com/vulnerabilities/24449 •

CVSS: 10.0EPSS: 1%CPEs: 62EXPL: 0

Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows remote attackers to execute arbitrary commands via spoofed CAFT packets. • http://secunia.com/advisories/16513 http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_notice.asp http://www.osvdb.org/18917 http://www.securityfocus.com/bid/14623 http://www.vupen.com/english/advisories/2005/1482 http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32919 •

CVSS: 10.0EPSS: 95%CPEs: 62EXPL: 1

Multiple buffer overflows in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allow remote attackers to execute arbitrary code via unknown vectors. • https://www.exploit-db.com/exploits/16825 http://secunia.com/advisories/16513 http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_notice.asp http://www.kb.cert.org/vuls/id/619988 http://www.osvdb.org/18916 http://www.securityfocus.com/bid/14622 http://www.vupen.com/english/advisories/2005/1482 http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32919 - •