Page 39 of 237 results (0.016 seconds)

CVSS: 4.3EPSS: 10%CPEs: 64EXPL: 0

CVE-2011-4577 – openssl: malformed RFC 3779 data can cause assertion failures

https://notcve.org/view.php?id=CVE-2011-4577

OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomous System (AS) identifiers. OpenSSL antes de v0.9.8s y v1.x antes de v1.0.0f, cuando el soporte al RFC 3779 está habilitado, permite a atacantes remotos provocar una denegación de servicio (error de aserción) a través de un certificado X.509 que contiene la extensión de certificados de datos asociados con identificados de (1) bloques de direcciones IP o (2) Sistema Autónomo (AS). • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html http://marc.info/?l=bugtraq&m=132750648501816&w=2 http://marc.info/?l=bugtraq&m=134039053214295&w=2 http://s • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 5%CPEs: 67EXPL: 0

CVE-2012-0027

https://notcve.org/view.php?id=CVE-2012-0027

The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client. El motor GOST en OpenSSL antes de v1.0.0f no controla correctamente los parámetros válidos para el cifrado de bloques GOST, lo que permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de datos de un cliente TLS específicamente modificados. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html http://osvdb.org/78191 http://secunia.com/advisories/57353 http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564 http://www.mandriva.com/security/advisories?name=MDVSA-2012:007 http://www.openssl.org/news/secadv_20120104.txt • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 3%CPEs: 19EXPL: 0

CVE-2011-4109 – openssl: double-free in policy checks

https://notcve.org/view.php?id=CVE-2011-4109

Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check. Una vulnerabilidad de doble liberación en OpenSSL v0.9.8 antes de v0.9.8s, cuando la opción X509_V_FLAG_POLICY_CHECK está activada, permite a atacantes remotos tener un impacto no especificado al provocar el fallo de un control de la política. • http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html http://marc.info/?l=bugtraq&m=132750648501816&w=2 http://marc.info/?l=bugtraq&m=134039053214295&w=2 http://rhn.redhat.com/errata/RHSA-2012-1306.html http://rhn.redhat.com/errata/RHSA-2012-1307.html http://rhn.redhat.com/errata/RHSA-2012-1308.html http:/ • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 18%CPEs: 64EXPL: 0

CVE-2011-4619 – openssl: SGC restart DoS attack

https://notcve.org/view.php?id=CVE-2011-4619

The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. La implementación del servidor de criptografía SGC en OpenSSL antes de v0.9.8s y en v1.x antes de v1.0.0f no controla correctamente los reinicios de 'handshake' (apretón de manos), lo que permite a atacantes remotos provocar una denegación de servicio a través de vectores no especificados. • http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html http://marc.info/?l=bugtraq&m=132750648501816&w=2 • CWE-399: Resource Management Errors •

CVSS: 4.3EPSS: 0%CPEs: 64EXPL: 0

CVE-2011-4108 – openssl: DTLS plaintext recovery attack

https://notcve.org/view.php?id=CVE-2011-4108

The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack. La implementación DTLS en OpenSSL antes de v0.9.8s y v1.x antes de v1.0.0f realiza una comprobación de MAC sólo si determinado relleno es válida, lo que facilita a los atacantes remotos a la hora de recuperar texto a través de un ataque de relleno. • http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html http://lists.opensuse.org/opensuse-security-announce/201 • CWE-310: Cryptographic Issues •