Page 14 of 81 results (0.026 seconds)

CVSS: 5.0EPSS: 5%CPEs: 67EXPL: 0

The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client. El motor GOST en OpenSSL antes de v1.0.0f no controla correctamente los parámetros válidos para el cifrado de bloques GOST, lo que permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de datos de un cliente TLS específicamente modificados. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html http://osvdb.org/78191 http://secunia.com/advisories/57353 http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564 http://www.mandriva.com/security/advisories?name=MDVSA-2012:007 http://www.openssl.org/news/secadv_20120104.txt • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 18%CPEs: 64EXPL: 0

The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. La implementación del servidor de criptografía SGC en OpenSSL antes de v0.9.8s y en v1.x antes de v1.0.0f no controla correctamente los reinicios de 'handshake' (apretón de manos), lo que permite a atacantes remotos provocar una denegación de servicio a través de vectores no especificados. • http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html http://marc.info/?l=bugtraq&m=132750648501816&w=2 • CWE-399: Resource Management Errors •

CVSS: 4.3EPSS: 0%CPEs: 64EXPL: 0

The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. La implementación DTLS en OpenSSL antes de v0.9.8s y v1.x antes de v1.0.0f realiza una comprobación de MAC sólo si determinado relleno es válida, lo que facilita a los atacantes remotos a la hora de recuperar texto a través de un ataque de relleno. • http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html http://lists.opensuse.org/opensuse-security-announce/201 • CWE-310: Cryptographic Issues •

CVSS: 5.0EPSS: 30%CPEs: 30EXPL: 0

The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol. La efímera funcionalidad de cifrado ECDH en OpenSSL versiones v0.9.8 a v0.9.8s y v1.0.x antes de v1.0.0e no garantiza la seguridad de los subprocesos durante el procesamiento de los mensajes de 'handshake', lo que permite provocar una denegación de servicio (por caída de la aplicación) a atacantes remotos a través de mensajes 'desordenados' que violan el protocolo TLS. • http://cvs.openssl.org/chngview?cn=21337 http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://marc.info/?l=bugtraq&m=132750648501816&w=2 http://marc.info/?l=bugtraq&m=133226187115472&w=2 http://openssl.org/news/secadv_20110906.txt http://secunia.com/advisories/57353 http://support.apple.com/kb/HT5784 http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564 http://www.mandriva.com/security/advisories? • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 1%CPEs: 10EXPL: 0

crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value corresponding to a time in the past. crypto/x509/x509_vfy.c en OpenSSL v1.0.x antes de v1.0.0e no inicializa algunos miembros de una estructura, lo que facilita a los atacantes remotos a la hora de evitar la validación de la CRL utilizando un valor nextUpdate que corresponde a un momento en el pasado. • http://cvs.openssl.org/chngview?cn=21349 http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065712.html http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065744.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html http://marc.info/?l=bugtraq&m=133226187115472&w=2 http://openssl.org/news/secadv_20110906.txt http://secunia.com/advisories/45956 http • CWE-264: Permissions, Privileges, and Access Controls •