CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2015-3193
https://notcve.org/view.php?id=CVE-2015-3193
The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite. La implementación de exponenciación al cuadrado de Montgomery en crypto/bn/asm/x86_64-mont5.pl en OpenSSL 1.0.2 en versiones anteriores a 1.0.2e en la plataforma x86_64, como se utiliza por la función BN_mod_exp, no maneja correctamente la propagación de acarreo y produce una salida incorrecta, lo que hace más fácil para atacantes remotos obtener información sensible de las claves privadas a través de un ataque contra el uso de una suite de cifrado (1) Diffie-Hellman (DH) o (2) Diffie-Hellman Ephemeral (DHE). • http://fortiguard.com/advisory/openssl-advisory-december-2015 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://openssl.org/news/secadv/20151203.txt http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151204-openssl http://www.fortiguard.com/advisory/openssl-advisory-december-2015 http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html http://www.oracle.com/technetwork/security • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 93%CPEs: 32EXPL: 0CVE-2015-3194 – OpenSSL: Certificate verify crash with missing PSS parameter
https://notcve.org/view.php?id=CVE-2015-3194
crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter. crypto/rsa/rsa_ameth.c en OpenSSL 1.0.1 en versiones anteriores a 1.0.1q y 1.0.2 en versiones anteriores a 1.0.2e permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída de aplicación) a través de una firma RSA PSS ASN.1 que carece de un parámetro de función de generación de máscara. A NULL pointer dereference flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacker could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication. • http://fortiguard.com/advisory/openssl-advisory-december-2015 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00053.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html http://lists.opensus • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 1%CPEs: 56EXPL: 0CVE-2015-3195 – OpenSSL: X509_ATTRIBUTE memory leak
https://notcve.org/view.php?id=CVE-2015-3195
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. La implementación ASN1_TFLG_COMBINE en crypto/asn1/tasn_dec.c en OpenSSL en versiones anteriores a 0.9.8zh, 1.0.0 en versiones anteriores a 1.0.0t, 1.0.1 en versiones anteriores a 1.0.1q y 1.0.2 en versiones anteriores a 1.0.2e no maneja correctamente los errores provocados por datos X509_ATTRIBUTE malformados, lo que permite a atacantes remotos obtener información sensible de memoria de proceso desencadenando un fallo de decodificación en una aplicación PKCS#7 o CMS. A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. • http://fortiguard.com/advisory/openssl-advisory-december-2015 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00009.html http://lists.opensuse& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 13%CPEs: 52EXPL: 0CVE-2015-0860
https://notcve.org/view.php?id=CVE-2015-0860
Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via the archive magic version number in an "old-style" Debian binary package, which triggers a stack-based buffer overflow. Error por un paso en la función extracthalf en dpkg-deb/extract.c en el componente dpkg-deb en Debian dpkg 1.16.x en versiones anteriores a 1.16.17 y 1.17.x en versiones anteriores a 1.17.26 permite a atacantes remotos ejecutar código arbitrario a través del número mágico de versión del archivo en un paquete binario de Debian 'old-style', lo que desencadena un desbordamiento de buffer basado en pila. • http://www.debian.org/security/2015/dsa-3407 http://www.ubuntu.com/usn/USN-2820-1 https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/dpkg-deb/extract.c?id=e65aa3db04eb908c9507d5d356a95cedb890814d https://blog.fuzzing-project.org/30-Stack-overflows-and-out-of-bounds-read-in-dpkg-Debian.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798324 https://security.gentoo.org/glsa/201612-07 • CWE-189: Numeric Errors •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 1CVE-2014-9756
https://notcve.org/view.php?id=CVE-2014-9756
The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable. La función psf_fwrite en file_io.c en libsndfile permite a atacantes causar una denegación de servicio (error de división por cero y caída de aplicación) a través de vectores no especificados relacionados con la variable headindex. • http://lists.opensuse.org/opensuse-updates/2015-11/msg00077.html http://lists.opensuse.org/opensuse-updates/2015-11/msg00145.html http://www.openwall.com/lists/oss-security/2014/12/24/3 http://www.openwall.com/lists/oss-security/2015/11/03/9 http://www.ubuntu.com/usn/USN-2832-1 https://github.com/erikd/libsndfile/commit/725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6 https://github.com/erikd/libsndfile/issues/92 • CWE-369: Divide By Zero •