CVE-2015-3196 – OpenSSL: Race condition handling PSK identify hint
https://notcve.org/view.php?id=CVE-2015-3196
ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message. ssl/s3_clnt.c en OpenSSL 1.0.0 en versiones anteriores a 1.0.0t, 1.0.1 en versiones anteriores a 1.0.1p y 1.0.2 en versiones anteriores a 1.0.2d, cuando es utilizado por un cliente multi hilo, escribe la pista de identidad PSK en una estructura de datos incorrecta, lo que permite a servidores remotos provocar una denegación de servicio (condición de carrera y liberación doble) a través de un mensaje ServerKeyExchange manipulado. A race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key (PSK) identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL. • http://fortiguard.com/advisory/openssl-advisory-december-2015 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173801.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00070.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00071.html http://marc.info/?l=bugtraq&m=145382583417444&w=2 http://openssl.org/news/secadv/20151203.txt • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2014-2604
https://notcve.org/view.php?id=CVE-2014-2604
Unspecified vulnerability in HP IceWall SSO 10.0 Dfw and IceWall MCRP 2.1 and 3.0 allows remote attackers to cause a denial of service via unknown vectors. Vulnerabilidad no especificada en HP IceWall SSO 10.0 Dfw y IceWall MCRP 2.1 y 3.0 permite a atacantes remotos causar una denegación de servicio a través de vectores desconocidos. • http://www.securitytracker.com/id/1030264 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04278900 •
CVE-2014-2600
https://notcve.org/view.php?id=CVE-2014-2600
Unspecified vulnerability in HP IceWall Identity Manager 4.0 through SP1 and 5.0 and IceWall SSO 10.0 Password Reset Option, when Apache Commons FileUpload is used, allows remote authenticated users to cause a denial of service via unknown vectors. Vulnerabilidad no especificada en HP IceWall Identity Manager 4.0 hasta SP1 y 5.0 y la opción de restablecimiento de contraseña de IceWall SSO 10.0, cuando Apache Commons FileUpload es utilizado, permite a usuarios remotos autenticados causar una denegación de servicio a través de vectores desconocidos. • http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c04214298 •
CVE-2013-4817
https://notcve.org/view.php?id=CVE-2013-4817
Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote attackers to obtain sensitive information via unknown vectors. Vulnerabilidad no especificada en HP IceWall SSO Agent Option 8.0 a 10.0 permite a atacantes remotos obtener información sensible a través de vectores no especificados. • https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03918632 •
CVE-2013-4819
https://notcve.org/view.php?id=CVE-2013-4819
Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote authenticated users to obtain sensitive information via unknown vectors. Vulnerabilidad no especificada en HP IceWall SSO Agent Option 8.0 a 10.0 permite a usuarios autenticados remotamente obtener información sensible a través de vectores no especificados. • https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03918632 •