Page 16 of 95 results (0.013 seconds)

CVSS: 7.4EPSS: 97%CPEs: 28EXPL: 3

CVE-2014-0224 – openssl: SSL/TLS MITM vulnerability

https://notcve.org/view.php?id=CVE-2014-0224

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. OpenSSL anterior a 0.9.8za, 1.0.0 anterior a 1.0.0m y 1.0.1 anterior a 1.0.1h no restringe debidamente el procesamiento de mensajes ChangeCipherSpec, lo que permite a atacantes man-in-the-middle provocar el uso de una clave maestra de longitud cero en ciertas comunicaciones OpenSSL-a-OpenSSL, y como consecuencia secuestrar sesiones u obtener información sensible, a través de una negociación TLS manipulada, también conocido como la vulnerabilidad de 'inyección CCS'. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. • https://github.com/secretnonempty/CVE-2014-0224 https://github.com/iph0n3/CVE-2014-0224 http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc http://ccsinjection.lepidum.co.jp http://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-1-7.html http://esupport.trendmicro.com/solution/en-US/1103813.aspx http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629 http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195 http://kb.juniper.net/InfoCenter/ • CWE-326: Inadequate Encryption Strength CWE-841: Improper Enforcement of Behavioral Workflow •

CVSS: 4.3EPSS: 0%CPEs: 42EXPL: 0

CVE-2013-7040

https://notcve.org/view.php?id=CVE-2013-7040

Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150. Python 2.7 anterior a 3.4 solamente utiliza las últimas ocho partes del prefijo para asignar valores de hash de forma aleatoria, lo que causa que calcule valores de hash sin restringir la habilidad de provocar colisiones de hash de forma previsible y facilita a atacantes dependientes de contexto causar una denegación de servicio (consumo de CPU) a través de entradas manipuladas hacia una aplicación que mantiene una tabla de hash. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2012-1150. • http://bugs.python.org/issue14621 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://www.openwall.com/lists/oss-security/2013/12/09/13 http://www.openwall.com/lists/oss-security/2013/12/09/3 http://www.securityfocus.com/bid/64194 https://support.apple.com/kb/HT205031 • CWE-310: Cryptographic Issues •

CVSS: 7.1EPSS: 0%CPEs: 17EXPL: 2

CVE-2013-7338

https://notcve.org/view.php?id=CVE-2013-7338

Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines, (4) ZipFile.extract, or (5) ZipFile.extractall function. Python anterior a 3.3.4 RC1 permite a atacantes remotos causar una denegación de servicio (bucle infinito y consumo de CPU) a través de un valor de tamaño de archivo más grande que el tamaño del archivo zip hacia la función (1) ZipExtFile.read, (2) ZipExtFile.read(n), (3) ZipExtFile.readlines, (4) ZipFile.extract o (5) ZipFile.extractall. • http://bugs.python.org/issue20078 http://hg.python.org/cpython/rev/79ea4ce431b1 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00008.html http://seclists.org/oss-sec/2014/q1/592 http://seclists.org/oss-sec/2014/q1/595 http://www.securityfocus.com/bid/65179 http://www.securitytracker.com/id/1029973 https://docs.python.org/3.3/whatsnew/changelog.html https://security.gentoo.org/glsa/201503& • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 60%CPEs: 52EXPL: 4

CVE-2014-1912 – Python - 'socket.recvfrom_into()' Remote Buffer Overflow

https://notcve.org/view.php?id=CVE-2014-1912

Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. Desbordamiento de buffer en la función socket.recvfrom_into en Modules/socketmodule.c en Python 2.5 anterior a 2.7.7, 3.x anterior a 3.3.4 y 3.4.x anterior a 3.4rc1 permite a atacantes remotos ejecutar código arbitrario a través de una cadena manipulada. It was discovered that the socket.recvfrom_into() function failed to check the size of the supplied buffer. This could lead to a buffer overflow when the function was called with an insufficiently sized buffer. • https://www.exploit-db.com/exploits/31875 http://bugs.python.org/issue20246 http://hg.python.org/cpython/rev/87673659d8f7 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-04/msg00035.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00008.html http://pastebin.com/raw.php?i=GHXSmNEg http://rhn.redhat.com/errata/RHSA-2015-1064.html http://rhn.redhat.com/errata/RHSA-2015-1330.html http://www&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 6.8EPSS: 0%CPEs: 10EXPL: 1

CVE-2013-0340

https://notcve.org/view.php?id=CVE-2013-0340

expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE. expat 2.1.0 y anteriores no maneja adecuadamente entidades de expansión a menos que un desarrollador de aplicaciones use la función XML_SetEntityDeclHandler, esto permite a atacantes remotos provocar una denegación de servicio (consumo de recursos), enviar peticiones HTTP a los servidores de la intranet, o leer archivos arbitrarios a través de un documento XML manipulado, también conocido como problema XML External Entity (XXE) NOTA: se podría argumentar que debido a que expat ya ofrece la posibilidad de desactivar la expansión entidad externa, la responsabilidad de la solución de este problema se encuentra con los desarrolladores de aplicaciones, de acuerdo con este argumento, esta entrada debe ser rechazada, y cada aplicación afectada tendría su propio CVE . • http://openwall.com/lists/oss-security/2013/02/22/3 http://seclists.org/fulldisclosure/2021/Oct/61 http://seclists.org/fulldisclosure/2021/Oct/62 http://seclists.org/fulldisclosure/2021/Oct/63 http://seclists.org/fulldisclosure/2021/Sep/33 http://seclists.org/fulldisclosure/2021/Sep/34 http://seclists.org/fulldisclosure/2021/Sep/35 http://seclists.org/fulldisclosure/2021/Sep/38 http://seclists.org/fulldisclosure/2021/Sep/39 http://seclists.org/fulldisclosure/2021/Sep • CWE-611: Improper Restriction of XML External Entity Reference •