Page 137 of 700 results (0.035 seconds)

CVSS: 10.0EPSS: 3%CPEs: 7EXPL: 0

Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow. Múltiples errores de sino de enteros en la función Dispatch_Write en proxy/dispatcher/idirectfbsurface_dispatcher.c en DirectFB 1.4.13 permiten a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de la interfaz Voodoo, lo que provoca un desbordamiento de buffer basado en pila. • http://advisories.mageia.org/MGASA-2015-0176.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00003.html http://mail.directfb.org/pipermail/directfb-dev/2014-March/006805.html http://secunia.com/advisories/58448 http://www.mandriva.com/security/advisories?name=MDVSA-2015:223 http://www.openwall.com/lists/oss-security/2014/05/15/9 https://security.gentoo.org/glsa/201701-55 • CWE-189: Numeric Errors •

CVSS: 4.3EPSS: 96%CPEs: 16EXPL: 0

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value. La función ssl3_send_client_key_exchange en s3_clnt.c en OpenSSL anterior a 0.9.8za, 1.0.0 anterior a 1.0.0m y 1.0.1 anterior a 1.0.1h, cuando un suite de cifrado ECDH anónimo está utilizado, permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo y caída de cliente) mediante la provocación de un valor de certificado nulo. • http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195 http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html&# • CWE-476: NULL Pointer Dereference •

CVSS: 7.4EPSS: 97%CPEs: 28EXPL: 3

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. OpenSSL anterior a 0.9.8za, 1.0.0 anterior a 1.0.0m y 1.0.1 anterior a 1.0.1h no restringe debidamente el procesamiento de mensajes ChangeCipherSpec, lo que permite a atacantes man-in-the-middle provocar el uso de una clave maestra de longitud cero en ciertas comunicaciones OpenSSL-a-OpenSSL, y como consecuencia secuestrar sesiones u obtener información sensible, a través de una negociación TLS manipulada, también conocido como la vulnerabilidad de 'inyección CCS'. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. • https://github.com/secretnonempty/CVE-2014-0224 https://github.com/iph0n3/CVE-2014-0224 http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc http://ccsinjection.lepidum.co.jp http://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-1-7.html http://esupport.trendmicro.com/solution/en-US/1103813.aspx http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195 http://kb.juniper.net/InfoCenter/ • CWE-326: Inadequate Encryption Strength CWE-841: Improper Enforcement of Behavioral Workflow •

CVSS: 4.3EPSS: 96%CPEs: 16EXPL: 0

The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake. La función dtls1_get_message_fragment en d1_both.c en OpenSSL anterior a 0.9.8za, 1.0.0 anterior a 1.0.0m y 1.0.1 anterior a 1.0.1h permite a atacantes remotos causar una denegación de servicio (recursión y caída de cliente) a través de un mensaje DTLS hello en una negociación DTLS inválida. A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash. • http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 http://linux.oracle.com/errata/ELSA-2014-1053.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136470.html http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136473.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html http: • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.5EPSS: 96%CPEs: 8EXPL: 1

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment. La función dtls1_reassemble_fragment en d1_both.c en OpenSSL anterior a 0.9.8za, 1.0.0 anterior a 1.0.0m y 1.0.1 anterior a 1.0.1h no valida debidamente longitudes de fragmentos en mensajes DTLS ClientHello, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (desbordamiento de buffer y caída de aplicación) a través de un fragmento no inicial largo. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OpenSSL. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DTLS packets. The issue lies in the assumption that all fragments specify the same message size. • https://github.com/ricedu/CVE-2014-0195 http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Once-Bled-Twice-Shy-OpenSSL-CVE-2014-0195/ba-p/6501048 http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/ZDI-14-173-CVE-2014-0195-OpenSSL-DTLS-Fragment-Out-of-Bounds/ba-p/6501002 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •