Vulnerability & Exploit Database

Displaying all 7 entries

Results for: CVE-2018-0461 Back to search

SUSE: CVE-2017-3731: SUSE Linux Security Advisory Vulnerability

  • Severity: 5
  • Published: January 26, 2017

If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1....

SUSE: CVE-2016-7056: SUSE Linux Security Advisory Vulnerability

  • Severity: 2
  • Published: January 10, 2017

A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.

SUSE: CVE-2016-8610: SUSE Linux Security Advisory Vulnerability

  • Severity: 5
  • Published: November 02, 2016

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients....

SUSE: CVE-2016-2108: SUSE Linux Security Advisory Vulnerability

  • Severity: 10
  • Published: May 03, 2016

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.

Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 7 Vulnerability

  • Severity: 1
  • Published: June 10, 2014

This is a placeholder for all CVEs that are not relevant for one reason or another on Red Hat Enterprise Linux 7. Oftentimes Red Hat makes this determination because the affected software was shipped, built or configured in a manner that it made it invulnerable to a given vulnerability.

Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 6 Vulnerability

  • Severity: 1
  • Published: November 10, 2010

This is a placeholder for all CVEs that are not relevant for one reason or another on Red Hat Enterprise Linux 6. Oftentimes Red Hat makes this determination because the affected software was shipped, built or configured in a manner that it made it invulnerable to a given vulnerability.

Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 5 Vulnerability

  • Severity: 1
  • Published: March 15, 2007

This is a placeholder for all CVEs that are not relevant for one reason or another on Red Hat Enterprise Linux 5. Oftentimes Red Hat makes this determination because the affected software was shipped, built or configured in a manner that it made it invulnerable to a given vulnerability.