CVSS: 7.5EPSS: 1%CPEs: 45EXPL: 0CVE-2014-2899 – Gentoo Linux Security Advisory 201612-53
https://notcve.org/view.php?id=CVE-2014-2899
22 Apr 2014 — wolfSSL CyaSSL before 2.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a request for the peer certificate when a certificate parsing failure occurs or (2) a client_key_exchange message when the ephemeral key is not found. wolfSSL CyaSSL anterior a 2.9.4 permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo) a través de (1) una solicitud para el certificado de par cuando sucede un fallo de análisis sintáctico de certificado o (2)... • http://seclists.org/oss-sec/2014/q2/126 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 45EXPL: 0CVE-2014-2900 – Gentoo Linux Security Advisory 201612-53
https://notcve.org/view.php?id=CVE-2014-2900
22 Apr 2014 — wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle attackers to spoof servers via crafted X.509 certificate. wolfSSL CyaSSL anterior a 2.9.4 no valida debidamente certificados X.509 con extensiones críticas desconocidas, lo que permite a atacantes man-in-the-middle falsificar servidores a través de certificado X.509 manipulado. Multiple vulnerabilities have been found in CyaSSL, the worst of which may allow attackers to ... • http://seclists.org/oss-sec/2014/q2/126 • CWE-310: Cryptographic Issues •
CVSS: 5.9EPSS: 0%CPEs: 40EXPL: 0CVE-2013-1623 – Gentoo Linux Security Advisory 201308-06-02
https://notcve.org/view.php?id=CVE-2013-1623
08 Feb 2013 — The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. Las implementaciones de TLS y DTLS de wolfSSL CyaSSL antes de v2.5.0 no cosnidera el tiempo de canal lateral ataques a ... • http://openwall.com/lists/oss-security/2013/02/05/24 • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 35EXPL: 0CVE-2012-1558
https://notcve.org/view.php?id=CVE-2012-1558
12 Mar 2012 — yaSSL CyaSSL before 2.0.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted X.509 certificate. yaSSL CyaSSL anteriores a 2.0.8 permite a atacantes remotos provocar una denegación de servicio (resolución de puntero NULL y caída de la aplicación) a través de un certificado X.509 modificado. • http://secunia.com/advisories/48634 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 43%CPEs: 3EXPL: 2CVE-2011-2900 – Simple HTTPd 1.42 - Denial of Servive
https://notcve.org/view.php?id=CVE-2011-2900
05 Aug 2011 — Stack-based buffer overflow in the (1) put_dir function in mongoose.c in Mongoose 3.0, (2) put_dir function in yasslEWS.c in yaSSL Embedded Web Server (yasslEWS) 0.2, and (3) _shttpd_put_dir function in io_dir.c in Simple HTTPD (shttpd) 1.42 allows remote attackers to execute arbitrary code via an HTTP PUT request, as exploited in the wild in 2011. Desbordamiento de buffer de pila en (1) la función put_dir de mongoose.c de Mongoose 3.0, (2) la función put_dir de yasslEWS.c de yaSSL Embedded Web Server (yass... • https://www.exploit-db.com/exploits/17658 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 1CVE-2008-0227
https://notcve.org/view.php?id=CVE-2008-0227
10 Jan 2008 — yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allows remote attackers to cause a denial of service (crash) via a Hello packet containing a large size value, which triggers a buffer over-read in the HASHwithTransform::Update function in hash.cpp. yaSSL 1.7.5 y anteriores, como el utilizado en MySQL y posiblemente otros productos, permite a atacantes remotos provocar una denegación de servicio (caída) mediante un paquete Hello que contiene un valor de tamaño grande, lo cual provoca un... • http://bugs.mysql.com/33814 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 92%CPEs: 75EXPL: 3CVE-2008-0226 – MySQL 6.0 yaSSL 1.7.5 - Hello Message Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-0226
10 Jan 2008 — Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp. Múltiples desbordamientos de búfer en yaSSL 1.7.5 y anteriores, como el utilizado en MySQL y posiblemente otros productos, permite a atacantes remotos ejecutar código de su elección mediante (1) la función ProcessOldClientHello en handshake.cpp o (2) ... • https://www.exploit-db.com/exploits/9953 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 19EXPL: 0CVE-2005-3731
https://notcve.org/view.php?id=CVE-2005-3731
21 Nov 2005 — Unspecified vulnerability in yaSSL before 1.0.6 has unknown impact and attack vectors, related to "certificate chain processing." • http://secunia.com/advisories/17619 •