CVSS: 6.8EPSS: 1%CPEs: 54EXPL: 0CVE-2008-2420
https://notcve.org/view.php?id=CVE-2008-2420
The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists (CRL), which allows remote attackers to bypass intended access restrictions by using revoked certificates. Vulnerabilidad en la funcionalidad OCSP en stunnel anteriores a 4.24 no busca de forma adecuada la lista de revocación de certificado (CRL), que permite a atacantes remotos intentar saltarse las restricciones de acceso utilizando certificados revocados. • http://secunia.com/advisories/30335 http://secunia.com/advisories/30425 http://secunia.com/advisories/31438 http://security.gentoo.org/glsa/glsa-200808-08.xml http://stunnel.mirt.net/pipermail/stunnel-announce/2008-May/000035.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:168 http://www.securityfocus.com/bid/29309 http://www.vupen.com/english/advisories/2008/1569/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42528 https://www.redhat.com/archives/f • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 71EXPL: 0CVE-2008-2400
https://notcve.org/view.php?id=CVE-2008-2400
Unspecified vulnerability in stunnel before 4.23, when running as a service on Windows, allows local users to gain privileges via unknown attack vectors. Vulnerabilidad sin especificar en stunnel anterior a 4.23, cuando es ejecutado como un servicio en Windows, permite a usuarios locales obtener privilegios a través de vectores de ataque desconocidos. • http://secunia.com/advisories/30297 http://stunnel.mirt.net/pipermail/stunnel-announce/2008-May/000034.html http://www.securityfocus.com/bid/29285 http://www.securitytracker.com/id?1020049 http://www.vupen.com/english/advisories/2008/1568/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42526 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.6EPSS: 0%CPEs: 23EXPL: 1CVE-2003-0740 – Stunnel 3.24/4.00 - Daemon Hijacking
https://notcve.org/view.php?id=CVE-2003-0740
Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor returned by listen(), which allows local users to hijack the Stunnel server. • https://www.exploit-db.com/exploits/91 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000736 http://marc.info/?l=bugtraq&m=106260760211958&w=2 http://www.mandriva.com/security/advisories?name=MDKSA-2003:108 http://www.redhat.com/support/errata/RHSA-2003-297.html https://access.redhat.com/security/cve/CVE-2003-0740 https://bugzilla.redhat.com/show_bug.cgi?id=1617077 •
CVSS: 1.2EPSS: 0%CPEs: 1EXPL: 0CVE-2002-1563
https://notcve.org/view.php?id=CVE-2002-1563
stunnel 4.0.3 and earlier allows attackers to cause a denial of service (crash) via SIGCHLD signal handler race conditions that cause an inconsistency in the child counter. stunnerl 4.04 permite a atacantes causar una denegación de servicio (caída) debida a condiciones de carrera en el manejador de la señal SIGCHLD que causa una inconsistencia en el contador de hijos. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000736 http://marc.info/?l=bugtraq&m=104247606910598 http://marc.info/?l=bugtraq&m=106029168514511&w=2 http://marc.info/?l=stunnel-users&m=103600188215117&w=2 http://www.linuxsecurity.com/advisories/engarde_advisory-3535.html http://www.redhat.com/support/errata/RHSA-2003-221.html http://www.redhat.com/support/errata/RHSA-2003-223.html http://www.securityfocus.com/bid/6592 https://access.redhat.com/security/cve& •
CVSS: 5.0EPSS: 0%CPEs: 35EXPL: 0CVE-2003-0147
https://notcve.org/view.php?id=CVE-2003-0147
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal). • ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625 http://marc.info/?l=bugtraq&m=104766550528628&w=2 http://marc.info/?l=bugtraq&m=104792570615648&w=2 http://marc.info/?l=bugtraq&m=104819602408063&w=2 •