CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-6374
https://notcve.org/view.php?id=CVE-2018-6374
31 Jan 2018 — The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients before PULSE5.2R9.2 and 5.3.x before PULSE5.3R4.2 does not perform strict SSL Certificate Validation. This can lead to the manipulation of the Pulse Connection set. El componente GUI (también conocido como PulseUI) en los clientes Pulse Secure Desktop Linux, en versiones anteriores a PULSE5.2R9.2 y las versiones 5.3.x anteriores a PULSE5.3R4.2 no realiza validación de certificados SSL. Esto puede conducir a la manipulación del conjunto Pu... • http://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43620 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 138EXPL: 0CVE-2016-2408
https://notcve.org/view.php?id=CVE-2016-2408
02 Aug 2016 — Pulse Secure Desktop before 5.2R2 and Pulse Secure Installer Service before 8.2R2 and below for Windows allow restricted users to gain privileges via unspecified vectors. Pulse Secure Desktop anterior a la versión 5.2R2 y Pulse Secure Installer Service anterior a versión 8.2R2 y anteriores para Windows permiten a los usuarios restringidos obtener privilegios a través de vectores no especificados • http://www.securityfocus.com/bid/92692 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 32%CPEs: 35EXPL: 0CVE-2016-0799 – OpenSSL: Fix memory issues in BIO_*printf functions
https://notcve.org/view.php?id=CVE-2016-0799
01 Mar 2016 — The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. La función fmtstr en crypto/bio/b_print.c en OpenSSL 1.0.1 en versiones anteriores a 1.0.1s y 1.0.2 en versiones anteriores a ... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 89%CPEs: 34EXPL: 1CVE-2016-0800 – SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)
https://notcve.org/view.php?id=CVE-2016-0800
01 Mar 2016 — The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack. El protocolo SSLv2, como se utiliza en OpenSSL en versiones anteriores a 1.0.1s y 1.0.2 en versiones anteriores a 1.0.2g y otros productos requiere... • https://github.com/anthophilee/A2SV--SSL-VUL-Scan • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues •