Page 17 of 90 results (0.005 seconds)

CVSS: 7.5EPSS: 52%CPEs: 87EXPL: 1

CVE-2016-8610 – SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS

https://notcve.org/view.php?id=CVE-2016-8610

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. Se ha encontrado un fallo de denegación de servicio en OpenSSL en las versiones 0.9.8, 1.0.1, 1.0.2 hasta la 1.0.2h y la 1.1.0 en la forma en la que el protocolo TLS/SSL definió el procesamiento de paquetes ALERT durante una negociación de conexión. Un atacante remoto podría emplear este fallo para hacer que un servidor TLS/SSL consuma una cantidad excesiva de recursos de CPU y fracase a la hora de aceptar conexiones de otros clientes. A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. • https://github.com/cujanovic/CVE-2016-8610-PoC http://rhn.redhat.com/errata/RHSA-2017-0286.html http://rhn.redhat.com/errata/RHSA-2017-0574.html http://rhn.redhat.com/errata/RHSA-2017-1415.html http://rhn.redhat.com/errata/RHSA-2017-1659.html http://seclists.org/oss-sec/2016/q4/224 http://www.securityfocus.com/bid/93841 http://www.securitytracker.com/id/1037084 https://access.redhat.com/errata/RHSA-2017:1413 https://access.redhat.com/errata/RHSA-2017:1414 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-3315

https://notcve.org/view.php?id=CVE-2017-3315

Vulnerability in the PeopleSoft Enterprise HCM ePerformance component of Oracle PeopleSoft Products (subcomponent: Security). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM ePerformance. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM ePerformance accessible data. CVSS v3.0 Base Score 4.3 (Confidentiality impacts). • http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html http://www.securityfocus.com/bid/95510 http://www.securitytracker.com/id/1037634 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-8285

https://notcve.org/view.php?id=CVE-2016-8285

Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote administrators to affect confidentiality and integrity via vectors related to Candidate Gateway. Vulnerabilidad no especificada en el componente PeopleSoft Enterprise HCM en Oracle PeopleSoft Products 9.2 permite a administradores remotos afectar la confidencialidad y la integridad a través de vectores relacionados con Candidate Gateway. • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.securityfocus.com/bid/93723 http://www.securitytracker.com/id/1037046 • CWE-284: Improper Access Control •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-8295

https://notcve.org/view.php?id=CVE-2016-8295

Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via unknown vectors. Vulnerabilidad no especificada en el componente PeopleSoft Enterprise HCM en Oracle PeopleSoft Products 9.2 permite a usuarios remotos autenticados afectar la confidencialidad a través de vectores desconocidos. • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.securityfocus.com/bid/93712 http://www.securitytracker.com/id/1037046 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2016-5600

https://notcve.org/view.php?id=CVE-2016-5600

Unspecified vulnerability in the PeopleSoft Enterprise SCM Services Procurement component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. Vulnerabilidad no especificada en el componente PeopleSoft Enterprise SCM Services Procurement en Oracle PeopleSoft Products 9.1 y 9.2 permite a usuarios remotos autenticados afectar la confidencialidad y la integridad a través de vectores desconocidos. • http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.securityfocus.com/bid/93688 http://www.securitytracker.com/id/1037046 • CWE-284: Improper Access Control •