CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2004-0220
https://notcve.org/view.php?id=CVE-2004-0220
isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service via an ISAKMP packet with a malformed Cert Request payload, which causes an integer underflow that is used in a malloc operation that is not properly handled, as demonstrated by the Striker ISAKMP Protocol Test Suite. isakmpd en OpenBSD 3.4 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio a través de un paquete ISAKMP con una carga útil Cert Request malformada, lo que provoca un desbordamiento inferior de entero que es usado en una operación malloc que no se maneja adecuadamente, según lo demonstrado por el Striker ISAKMP Protocol Test Suite. • http://marc.info/?l=bugtraq&m=108008530028019&w=2 http://www.kb.cert.org/vuls/id/223273 http://www.openbsd.org/errata.html http://www.rapid7.com/advisories/R7-0018.html http://www.securityfocus.com/bid/9907 http://www.securitytracker.com/alerts/2004/Mar/1009468.html https://exchange.xforce.ibmcloud.com/vulnerabilities/15629 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2004-0221
https://notcve.org/view.php?id=CVE-2004-0221
isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a delete payload containing a large number of SPIs, which triggers an out-of-bounds read error, as demonstrated by the Striker ISAKMP Protocol Test Suite. isakmpd en OpenBSD 3.4 y anteriores permite a atacantes remotos causar una denegación de servicio (caída) mediante un paquete ISAKMP con una carga útil de borrado conteniendo un gran número de SPIs, lo que dispara un error de lectura fuera de límites, como se ha demostrado por el paquete de pruebas de protocolo ISAKMP Striker. • http://marc.info/?l=bugtraq&m=108008530028019&w=2 http://www.kb.cert.org/vuls/id/524497 http://www.openbsd.org/errata.html http://www.rapid7.com/advisories/R7-0018.html http://www.securityfocus.com/bid/9907 http://www.securitytracker.com/alerts/2004/Mar/1009468.html https://exchange.xforce.ibmcloud.com/vulnerabilities/15630 • CWE-125: Out-of-bounds Read •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2004-0222
https://notcve.org/view.php?id=CVE-2004-0222
Multiple memory leaks in isakmpd in OpenBSD 3.4 and earlier allow remote attackers to cause a denial of service (memory exhaustion) via certain ISAKMP packets, as demonstrated by the Striker ISAKMP Protocol Test Suite. Múltiples fugas de memoria en isakmpd en OpenBSD 3.4 y anteriores permite a atacantes remotos causar una denegación de servicio (consumición de memoria) mediante ciertos paquetes ISAKMP, como se ha demostrado por el paquete de pruebas de protocolos ISAKMP Striker. • http://marc.info/?l=bugtraq&m=108008530028019&w=2 http://www.kb.cert.org/vuls/id/996177 http://www.openbsd.org/errata.html http://www.rapid7.com/advisories/R7-0018.html http://www.securityfocus.com/bid/10032 http://www.securitytracker.com/alerts/2004/Mar/1009468.html https://exchange.xforce.ibmcloud.com/vulnerabilities/15519 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.0EPSS: 0%CPEs: 252EXPL: 0CVE-2004-0081
https://notcve.org/view.php?id=CVE-2004-0081
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. OpenSSL 0.9.6 anteriores a la 0.9.6d no manejan adecuadamente los tipos de mensajes desconocidos, lo que permite a atacantes remotos causar una denegación de servicios (por bucle infinito), como se demuestra utilizando la herramienta de testeo Codenomicon TLS. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834 http://fedoranews.org/updates/FEDORA-2004-095.shtml http://marc.info/?l=bugtraq&m=107955049331965&w=2 http://marc.info/?l=bugtraq&m=108403850228012&w=2 http://rhn.redhat.com/errata/RHSA-2004-119.html http://secunia.com/advisories/11139 http://security.gen •
CVSS: 7.5EPSS: 0%CPEs: 252EXPL: 0CVE-2004-0079
https://notcve.org/view.php?id=CVE-2004-0079
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. La función do_change_cipher_spec en OpenSSL 0.9.6c hasta 0.9.6.k y 0.9.7a hasta 0.9.7c permite que atacantes remotos provoquen una denegación de servicio (caída) mediante una hábil unión SSL/TLS que provoca un puntero nulo. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:05.openssl.asc ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-005.txt.asc ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.10/SCOSA-2004.10.txt http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000834 http://docs.info.apple.com/article.html?artnum=61798 http://fedoranews.org/updates/FEDORA-2004-095.shtml http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http&# • CWE-476: NULL Pointer Dereference •