10 results (0.010 seconds)

CVSS: 7.1EPSS: 0%CPEs: 10EXPL: 0

A security vulnerability in HPE IceWall SSO Agent Option and IceWall MFA (Agent module ) could be exploited remotely to cause a denial of service. The versions and platforms of Agent Option modules that are impacted are as follows: 10.0 for Apache 2.2 on RHEL 5 and 6, 10.0 for Apache 2.4 on RHEL 7, 10.0 for Apache 2.4 on HP-UX 11i v3, 10.0 for IIS on Windows, 11.0 for Apache 2.4 on RHEL 7, MFA Proxy 4.0 (Agent module only) for Apache 2.4 on RHEL 7. Una vulnerabilidad de seguridad en IceWall SSO Agent Option y IceWall MFA (módulo Agent) de HPE podría ser explotada remotamente para causar una denegación de servicio. Las versiones y plataformas de los módulos Agent Option que están afectadas son las siguientes: versión 10.0 para Apache versión 2.2 en RHEL versiones 5 y 6.0, versión 10.0 para Apache versión 2.4 en RHEL versión 7, versión 10.0 para Apache versión 2.4 en HP-UX 11i versión v3, versión 10.0 para IIS en Windows, versión 11.0 para Apache versión 2.4 en RHEL versión 7, MFA Proxy versión 4.0 (solo módulo Agent) para Apache versión 2.4 en RHEL versión 7. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03941en_us •

CVSS: 5.9EPSS: 19%CPEs: 51EXPL: 0

The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c. El analizador certificado en OpenSSL en versiones anteriores a 1.0.1u y 1.0.2 en versiones anteriores a 1.0.2i podría permitir a atacantes remotos provocar una denegación de servicio (lectura fuera de rango) a través de operaciones certificadas manipuladas, relacionado con s3_clnt.c y s3_srvr.c. Multiple out of bounds read flaws were found in the way OpenSSL handled certain TLS/SSL protocol handshake messages. A remote attacker could possibly use these flaws to crash a TLS/SSL server or client using OpenSSL. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.h • CWE-125: Out-of-bounds Read •

CVSS: 9.8EPSS: 52%CPEs: 38EXPL: 0

The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. La función BN_bn2dec en crypto/bn/bn_print.c en OpenSSL en versiones anteriores a 1.1.0 no valida adecuadamente resultados de la división, lo que permite a atacantes remotos provocar una denegación de servicio (escritura fuera de límites y caída de la aplicación) o tener otro posible impacto no especificado a través de vectores desconocidos. An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec() function. An attacker able to make an application using OpenSSL to process a large BIGNUM could cause the application to crash or, possibly, execute arbitrary code. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.h • CWE-391: Unchecked Error Condition CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 5%CPEs: 94EXPL: 0

The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string. La clase MultipartStream en Apache Commons Fileupload en versiones anteriores a 1.3.2, tal como se utiliza en Apache Tomcat 7.x en versiones anteriores a 7.0.70, 8.x en versiones anteriores a 8.0.36, 8.5.x en versiones anteriores a 8.5.3 y 9.x en versiones anteriores a 9.0.0.M7 y otros productos, permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) a través de una cadena de límite largo. A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. • http://jvn.jp/en/jp/JVN89379547/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000121 http://lists.opensuse.org/opensuse-updates/2016-09/msg00025.html http://mail-archives.apache.org/mod_mbox/commons-dev/201606.mbox/%3CCAF8HOZ%2BPq2QH8RnxBuJyoK1dOz6jrTiQypAC%2BH8g6oZkBg%2BCxg%40mail.gmail.com%3E http://rhn.redhat.com/errata/RHSA-2016-2068.html http://rhn.redhat.com/errata/RHSA-2016-2069.html http://rhn.redhat.com/errata/RHSA-2016-2070.html http://rhn.redhat.com/errata/RHSA-2016 • CWE-20: Improper Input Validation •

CVSS: 9.8EPSS: 15%CPEs: 39EXPL: 0

OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c. OpenSSL hasta la versión 1.0.2h no utiliza correctamente la aritmética de puntero para comprobaciones de límites de buffer de memoria dinámica, lo que podría permitir a atacantes remotos provocar una denegación de servicio (desbordamiento de entero y caída de aplicación) o posiblemente tener otro impacto no especificado aprovechando un comportamiento malloc no esperado, relacionado con s3_srvr.c, ssl_sess.c, y t1_lib.c. Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.h • CWE-190: Integer Overflow or Wraparound •