CVSS: 5.9EPSS: 5%CPEs: 180EXPL: 0CVE-2019-1559 – 0-byte record padding oracle
https://notcve.org/view.php?id=CVE-2019-1559
26 Feb 2019 — If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order ... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html • CWE-203: Observable Discrepancy CWE-325: Missing Cryptographic Step •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2018-20657 – libiberty: Memory leak in demangle_template function resulting in a denial of service
https://notcve.org/view.php?id=CVE-2018-20657
02 Jan 2019 — The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698. La función demangle_template en cplus-dem.c en GNU libiberty, como se distribuyó en la versión 2.31.1, tiene una fuga de memoria mediante una cadena manipulada, provocando una denegación de servicio (consumo de memoria), tal y como queda demostrado con ... • http://www.securityfocus.com/bid/106444 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2018-20002 – Ubuntu Security Notice USN-4336-2
https://notcve.org/view.php?id=CVE-2018-20002
10 Dec 2018 — The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm. La función _bfd_generic_read_minisymbols en syms.c en la biblioteca Binary File Descriptor (BFD), también conocida como libbfd, tal y como se distribuye en GNU Binutils 2.31, tiene una fuga de memoria mediante un archivo ELF manipulado, que condu... • http://www.securityfocus.com/bid/106142 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.8EPSS: 6%CPEs: 127EXPL: 0CVE-2018-5390 – Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service
https://notcve.org/view.php?id=CVE-2018-5390
06 Aug 2018 — Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. El kernel de Linux en versiones 4.9 y siguientes pueden forzarse a realizar llamadas muy caras a tcp_collapse_ofo_queue() y tcp_prune_ofo_queue() para cada paquete entrante, lo que puede conducir a una denegación de servicio. A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP pac... • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2015-5738
https://notcve.org/view.php?id=CVE-2015-5738
26 Jul 2016 — The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS), makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack. La implementación de RSA-CRT en Cavium Software Development Kit (SDK) 2.x cuando es utilizada en Hardware OCTEON II CN6xxx en Linux para soporte TLS con Perfect Forward Secrecy (PFS), facilita a atacantes remotos obtener claves... • http://fortiguard.com/advisory/rsa-crt-key-leak-under-certain-conditions • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •