Page 94 of 580 results (0.021 seconds)

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0

CVE-2015-8804 – nettle: miscalculations on secp384 curve

https://notcve.org/view.php?id=CVE-2015-8804

x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors. x86_64/ecc-384-modp.asm en Nettle en versiones anteriores a 3.2 no maneja correctamente la propagación de acarreo y produce una salida incorrecta en su implementación de la curva elíptica P-384 NIST, lo que permite a atacantes tener un impacto no especificado a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-updates/2016-02/msg00091.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00093.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00100.html http://rhn.redhat.com/errata/RHSA-2016-2582.html http://www.openwall.com/lists/oss-security/2016/02/02/2 http://www.openwall.com/lists/oss-security/2016/02/03/1 http://www.ubuntu.com/usn/USN-2897-1 https://blog.fuzzing-project.org/38-Miscomputations-of-elliptic-curve-scalar-mult • CWE-254: 7PK - Security Features CWE-310: Cryptographic Issues CWE-358: Improperly Implemented Security Check for Standard •

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0

CVE-2015-8805 – nettle: secp256 calculation bug

https://notcve.org/view.php?id=CVE-2015-8805

The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803. La función ecc_256_modq en ecc-256.c en Nettle en versiones anteriores a 3.2 no maneja correctamente la propagación de acarreo y produce una salida incorrecta en su implementación de la curva elíptica P-256 NIST, lo que permite a atacantes tener un impacto no especificado a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2015-8803. • http://lists.opensuse.org/opensuse-updates/2016-02/msg00091.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00093.html http://lists.opensuse.org/opensuse-updates/2016-02/msg00100.html http://rhn.redhat.com/errata/RHSA-2016-2582.html http://www.openwall.com/lists/oss-security/2016/02/02/2 http://www.openwall.com/lists/oss-security/2016/02/03/1 http://www.securityfocus.com/bid/84272 http://www.ubuntu.com/usn/USN-2897-1 https://blog.fuzzing-project.org&#x • CWE-310: Cryptographic Issues CWE-358: Improperly Implemented Security Check for Standard •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2016-2329

https://notcve.org/view.php?id=CVE-2016-2329

libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate RowsPerStrip values and YCbCr chrominance subsampling factors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted TIFF file, related to the tiff_decode_tag and decode_frame functions. libavcodec/tiff.c en FFmpeg en versiones anteriores a 2.8.6 no valida correctamente valores RowsPerStrip y factores de submuestreo de crominancia YCbCr, lo que podría permitir a atacantes remotos provocar una denegación de servicio (acceso a array fuera de rango) o posiblemente tener otro impacto no especificado a través de un archivo TIFF manipulado, relacionado con las funciones tiff_decode_tag y decode_frame. • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=89f464e9c229006e16f6bb5403c5529fdd0a9edd http://lists.opensuse.org/opensuse-updates/2016-02/msg00129.html http://www.securityfocus.com/bid/84212 http://www.securitytracker.com/id/1035010 https://security.gentoo.org/glsa/201606-09 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.3EPSS: 1%CPEs: 10EXPL: 0

CVE-2016-0747 – nginx: Insufficient limits of CNAME resolution in resolver

https://notcve.org/view.php?id=CVE-2016-0747

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution. El traductor de direcciones en nginx en versiones anteriores a 1.8.1 y 1.9.x en versiones anteriores a 1.9.10 no limita correctamente la resolución CNAME, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de recursos por el proceso trabajador) a través de vectores relacionados con la resolución de nombre arbitrario. It was discovered that nginx did not limit recursion when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to use an excessive amount of resources if nginx enabled the resolver in its configuration. • http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html http://seclists.org/fulldisclosure/2021/Sep/36 http://www.debian.org/security/2016/dsa-3473 http://www.securitytracker.com/id/1034869 http://www.ubuntu.com/usn/USN-2892-1 https://access.redhat.com/errata/RHSA-2016:1425 https://bto.bluecoat.com/security-advisory/sa115 https://bugzilla.redhat.com/show_bug.cgi?id=1302589 https://security.gentoo • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.5EPSS: 87%CPEs: 10EXPL: 0

CVE-2016-0742 – nginx: invalid pointer dereference in resolver

https://notcve.org/view.php?id=CVE-2016-0742

The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response. El traductor de direcciones en nginx en versiones anteriores a 1.8.1 y 1.9.x en versiones anteriores a 1.9.10 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero no válido y caída del proceso trabajador) a través de una respuesta UDP DNS manipulada. It was discovered that nginx could perform an out of bound read and dereference an invalid pointer when resolving CNAME DNS records. An attacker able to manipulate DNS responses received by nginx could use this flaw to cause a worker process to crash if nginx enabled the resolver in its configuration. • http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html http://seclists.org/fulldisclosure/2021/Sep/36 http://www.debian.org/security/2016/dsa-3473 http://www.securitytracker.com/id/1034869 http://www.ubuntu.com/usn/USN-2892-1 https://access.redhat.com/errata/RHSA-2016:1425 https://bto.bluecoat.com/security-advisory/sa115 https://bugzilla.redhat.com/show_bug.cgi?id=1302587 https://security.gentoo • CWE-125: Out-of-bounds Read CWE-476: NULL Pointer Dereference •