Page 2 of 9 results (0.008 seconds)

CVSS: 4.6EPSS: 0%CPEs: 23EXPL: 1

Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor returned by listen(), which allows local users to hijack the Stunnel server. • https://www.exploit-db.com/exploits/91 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000736 http://marc.info/?l=bugtraq&m=106260760211958&w=2 http://www.mandriva.com/security/advisories?name=MDKSA-2003:108 http://www.redhat.com/support/errata/RHSA-2003-297.html https://access.redhat.com/security/cve/CVE-2003-0740 https://bugzilla.redhat.com/show_bug.cgi?id=1617077 •

CVSS: 5.0EPSS: 0%CPEs: 35EXPL: 0

OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal). • ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625 http://marc.info/?l=bugtraq&m=104766550528628&w=2 http://marc.info/?l=bugtraq&m=104792570615648&w=2 http://marc.info/?l=bugtraq&m=104819602408063&w=2 •

CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 1

Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code. Vulnerabilidad en el formateado de cadenas en stunnel anterior a la 3.22 cuando se usa en modo cliente para smtp, pop o nntp permite que servidores remotos maliciosos ejecuten código arbitrario. • https://www.exploit-db.com/exploits/21192 http://marc.info/?l=stunnel-users&m=100869449828705&w=2 http://online.securityfocus.com/archive/1/247427 http://online.securityfocus.com/archive/1/248149 http://stunnel.mirt.net/news.html http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-004.php3 http://www.redhat.com/support/errata/RHSA-2002-002.html http://www.securityfocus.com/bid/3748 https://exchange.xforce.ibmcloud.com/vulnerabilities/7741 •

CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0

Format string vulnerability in stunnel 3.8 and earlier allows attackers to execute arbitrary commands via a malformed ident username. • http://archives.neohapsis.com/archives/bugtraq/2000-12/0337.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000363 http://www.debian.org/security/2001/dsa-009 http://www.redhat.com/support/errata/RHSA-2000-129.html http://www.securityfocus.com/archive/1/151719 http://www.securityfocus.com/bid/2128 https://exchange.xforce.ibmcloud.com/vulnerabilities/5807 •