Search Hints

  • Try searching for a product or vendor.
  • Only vulnerabilities that match all search terms will be returned.
  • Enclose search terms in double quotes for an exact search.
  • For CVE searches, only enter the CVE-YYYY-XXXX code.

Displaying vulnerability details 1 - 10 of 54642 in total

NAT-PMP External Address Information Disclosure (R7-2014-17) Vulnerability

  • Severity: 4
  • Published: October 19, 2014

When NAT-PMP is improperly implemented or configured and it responds to queries from IP addresses not behind NAT, the "external address" can disclose internal addressing schemes which may be useful in launching further attacks.

NAT-PMP Malicious Port Mapping (R7-2014-17) Vulnerability

  • Severity: 9
  • Published: October 19, 2014

When NAT-PMP is improperly implemented or configured and it responds to queries from IP addresses not behind NAT, it possible for remote attackers to manipulate the firewall and NAT rules of the affected device to possibly:

  • Intercept network traffic destined to the internal or ext...

SUSE Linux Security Advisory: SUSE-SU-2014:1294-1 Vulnerability

  • Severity: 4
  • Published: October 16, 2014

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

USN-2385-1: OpenSSL vulnerabilities Vulnerability

  • Severity: 4
  • Published: October 15, 2014

It was discovered that OpenSSL incorrectly handled memory when parsingDTLS SRTP extension data. A remote attacker could possibly use this issueto cause OpenSSL to consume resources, resulting in a denial of service.This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.(CVE-2014-3513) It was discovered that OpenSSL incorrectly ha...

OpenSSL (CVE-2014-3567) Vulnerability

  • Severity: 4
  • Published: October 15, 2014

When an OpenSSL SSL/TLS/DTLS server receives a session ticket the integrity of that ticket is first verified. In the event of a session ticket integrity check failing, OpenSSL will fail to free memory causing a memory leak. By sending a large number of invalid session tickets an attacker could exploit this ...

ELSA-2014-1655 Moderate: Oracle Linux 7 libxml2 security update Vulnerability

  • Severity: 4
  • Published: October 15, 2014

Oracle Linux Security Advisory ELSA-2014-1655 https://access.redhat.com/errata/RHSA-2014:1655.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: libxml2-2.9.1-5.0.1.el7_0.1.i686.rpm libxml2-2.9.1-5.0.1.el7_0.1.x86_64.rpm libxml2-devel-2.9.1-5.0.1.el7_0.1.i686.rpm libxml2-de...

OpenSSL (CVE-2014-3513) Vulnerability

  • Severity: 4
  • Published: October 15, 2014

A flaw in the DTLS SRTP extension parsing code allows an attacker, who sends a carefully crafted handshake message, to cause OpenSSL to fail to free up to 64k of memory causing a memory leak. This could be exploited in a Denial Of Service attack. This issue affects OpenSSL 1.0.1 server implementations for b...

Amazon Linux AMI: Security patch for openssl (ALAS-2014-427) (multiple CVEs) Vulnerability

  • Severity: 4
  • Published: October 15, 2014

A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol (SRTP) extension data. A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server. (CVE-2014-3513 )

A memory leak flaw was found in the way an OpenSSL hand...

OpenSSL (CVE-2014-3568) Vulnerability

  • Severity: 4
  • Published: October 15, 2014

When OpenSSL is configured with "no-ssl3" as a build option, servers could accept and complete a SSL 3.0 handshake, and clients could be configured to send them.

RHSA-2014:1652: openssl security update Vulnerability

  • Severity: 4
  • Published: October 15, 2014

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to...