CVE-2021-23840 – Integer overflow in CipherUpdate
https://notcve.org/view.php?id=CVE-2021-23840
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1 https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2 https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44846 https://kc.mcafee.com/corporate/index?page=content&id=SB10366 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https:/ • CWE-190: Integer Overflow or Wraparound •
CVE-2019-1559 – 0-byte record padding oracle
https://notcve.org/view.php?id=CVE-2019-1559
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html http://www.securityfocus.com/bid/107174 https://access. • CWE-203: Observable Discrepancy CWE-325: Missing Cryptographic Step •
CVE-2007-2584 – McAfee Security Center IsOldAppInstalled - ActiveX Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-2584
Buffer overflow in the IsOldAppInstalled function in the McSubMgr.McSubMgr Subscription Manager ActiveX control (MCSUBMGR.DLL) in McAfee SecurityCenter before 6.0.25 and 7.x before 7.2.147 allows remote attackers to execute arbitrary code via a crafted argument. Desbordamiento de búfer en la función IsOldAppInstalled del control ActiveX McSubMgr.McSubMgr Subscription Manager (MCSUBMGR.DLL) en McAfee SecurityCenter anterior a 6.0.25 y 7.x anterior a 7.2.147 permite a atacantes remotos ejecutar código de su elección mediante un argumento manipulado. • https://www.exploit-db.com/exploits/3893 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=528 http://osvdb.org/35874 http://secunia.com/advisories/25173 http://ts.mcafeehelp.com/faq3.asp?docid=419189 http://www.securityfocus.com/bid/23888 http://www.securityfocus.com/bid/23909 http://www.securitytracker.com/id?1018028 http://www.vupen.com/english/advisories/2007/1717 https://exchange.xforce.ibmcloud.com/vulnerabilities/34179 •
CVE-2006-3961 – McAfee Subscription Manager - Remote Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-3961
Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf. Desbordamiento de búfer en control ActiveX McSubMgr (mcsubmgr.dll) en McAfee Security Center 6.0.23 para Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, y QuickClean permite a atacantes con la intervención del usuario ejecutar comandos de su elección a través de paráametros string, los cuales son posteriormente usados en vsprintf. • https://www.exploit-db.com/exploits/16510 http://secunia.com/advisories/21264 http://securitytracker.com/id?1016614 http://ts.mcafeehelp.com/faq3.asp?docid=407052 http://www.eeye.com/html/research/advisories/AD2006807.html http://www.eeye.com/html/research/upcoming/20060719.html http://www.kb.cert.org/vuls/id/481212 http://www.osvdb.org/27698 http://www.securityfocus.com/archive/1/442495/100/100/threaded http://www.securityfocus.com/bid/19265 http://www.vupen. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2005-3657
https://notcve.org/view.php?id=CVE-2005-3657
The ActiveX control in MCINSCTL.DLL for McAfee VirusScan Security Center does not use the IObjectSafetySiteLock API to restrict access to required domains, which allows remote attackers to create or append to arbitrary files via the StartLog and AddLog methods in the MCINSTALL.McLog object. • http://secunia.com/advisories/18169 http://securityreason.com/securityalert/279 http://securitytracker.com/id?1015390 http://www.idefense.com/intelligence/vulnerabilities/display.php?id=358 http://www.securityfocus.com/bid/15986 http://www.vupen.com/english/advisories/2005/3006 •