Lista CVE - 2015 / Novembre
Visualizzazione 301 - 361 di 361 CVE per Novembre 2015 (Pagina 4 di 4)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2015-7773 | 2015-11-20 | Unrestricted file upload vulnerability in the Panel component in Bastian Allgeier Kirby before 2.1.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file that lacks an... |
| CVE-2009-5149 | 2015-11-21 | Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 have predictable technician passwords, which makes it easier for remote attackers to obtain access via the web management interface,... |
| CVE-2015-6375 | 2015-11-21 | The debug-logging (aka debug cns) feature in Cisco Networking Services (CNS) for IOS 15.2(2)E3 allows local users to obtain sensitive information by reading an unspecified file, aka Bug ID CSCux18010. |
| CVE-2015-6376 | 2015-11-21 | Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv72412. |
| CVE-2015-7289 | 2015-11-21 | Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 have a hardcoded administrator password derived from a serial number, which makes it easier for remote attackers to obtain... |
| CVE-2015-7290 | 2015-11-21 | Cross-site scripting (XSS) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 allows remote attackers to inject arbitrary web... |
| CVE-2015-7291 | 2015-11-21 | Cross-site request forgery (CSRF) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 allows remote attackers to hijack the... |
| CVE-2015-7777 | 2015-11-21 | Cross-site scripting (XSS) vulnerability in index.php in JosephErnest Void before 2015-10-02 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. |
| CVE-2015-7912 | 2015-11-21 | The Ice Faces servlet in ag_server_service.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows remote attackers to upload and execute arbitrary Java code via a crafted XML... |
| CVE-2015-7913 | 2015-11-21 | ag_server_service.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows local users to execute arbitrary Java code with SYSTEM privileges by using the Apache Axis AdminService deployment method... |
| CVE-2015-5787 | 2015-11-22 | The kernel in Apple iOS before 8.4.1 does not properly restrict debugging features, which allows attackers to bypass background-execution limitations via a crafted app. |
| CVE-2015-5859 | 2015-11-22 | The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X before 10.11 does not properly recognize the HSTS preload list during a Safari private-browsing session, which makes it... |
| CVE-2015-7036 | 2015-11-22 | The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service... |
| CVE-2015-5451 | 2015-11-23 | Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration Central 10.x before 10.22.001 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. |
| CVE-2015-5256 | 2015-11-23 | Apache Cordova-Android before 4.1.0, when an application relies on a remote server, improperly implements a JavaScript whitelist protection mechanism, which allows attackers to bypass intended access restrictions via a crafted... |
| CVE-2015-8320 | 2015-11-23 | Apache Cordova-Android before 3.7.0 improperly generates random values for BridgeSecret data, which makes it easier for attackers to conduct bridge hijacking attacks by predicting a value. |
| CVE-2015-6377 | 2015-11-24 | Cisco Virtual Topology System (VTS) 2.0(0) and 2.0(1) allows remote attackers to cause a denial of service (CPU and memory consumption, and TCP port outage) via a flood of crafted... |
| CVE-2015-6380 | 2015-11-24 | An unspecified script in the web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to execute arbitrary OS commands via crafted parameters,... |
| CVE-2015-0856 | 2015-11-24 | daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated... |
| CVE-2015-5053 | 2015-11-24 | The host memory mapping path feature in the NVIDIA GPU graphics driver R346 before 346.87 and R352 before 352.41 for Linux and R352 before 352.46 for GRID vGPU and vSGA... |
| CVE-2015-5281 | 2015-11-24 | The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) 7, when used on UEFI systems, allows local users to bypass intended Secure Boot restrictions and execute non-verified code... |
| CVE-2015-7496 | 2015-11-24 | GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key. |
| CVE-2015-7808 | 2015-11-24 | The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in... |
| CVE-2015-7865 | 2015-11-24 | nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows does not properly restrict access... |
| CVE-2015-7866 | 2015-11-24 | Unquoted Windows search path vulnerability in the Smart Maximize Helper (nvSmartMaxApp.exe) in the Control Panel in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before... |
| CVE-2015-7869 | 2015-11-24 | Multiple integer overflows in the kernel mode driver for the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows and R304 before 304.131,... |
| CVE-2015-7981 | 2015-11-24 | The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk... |
| CVE-2015-7985 | 2015-11-24 | Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) for the Install folder, which allows local users to gain privileges via a Trojan horse steam.exe file. |
| CVE-2015-8227 | 2015-11-24 | The built-in web server in Huawei VP9660 multi-point control unit with software before V200R001C30SPC700 allows remote administrators to obtain sensitive information or cause a denial of service via a crafted... |
| CVE-2015-8228 | 2015-11-24 | Directory traversal vulnerability in the SFTP server in Huawei AR 120, 150, 160, 200, 500, 1200, 2200, 3200, and 3600 routers with software before V200R006SPH003 allows remote authenticated users to... |
| CVE-2015-8229 | 2015-11-24 | Huawei eSpace U2980 unified gateway with software before V100R001C10 and U2990 with software before V200R001C10 allow remote authenticated users to cause a denial of service via crafted signaling packets from... |
| CVE-2015-8328 | 2015-11-24 | Unspecified vulnerability in the NVAPI support layer in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows allows local users to obtain... |
| CVE-2015-8329 | 2015-11-24 | SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) uses weak encryption (Base64 and DES), which allows attackers to conduct downgrade attacks and decrypt passwords via unspecified vectors, aka SAP... |
| CVE-2015-8330 | 2015-11-24 | The PCo agent in SAP Plant Connectivity (PCo) allows remote attackers to cause a denial of service (memory corruption and agent crash) via crafted xMII requests, aka SAP Security Note... |
| CVE-2015-6379 | 2015-11-25 | The XML parser in the management interface in Cisco Adaptive Security Appliance (ASA) Software 8.4 allows remote authenticated users to cause a denial of service (device crash) via a crafted... |
| CVE-2015-7285 | 2015-11-25 | CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 do not require authentication from Alarm Receiving Center (ARC) servers, which allows man-in-the-middle attackers to bypass intended access restrictions via... |
| CVE-2015-7286 | 2015-11-25 | CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 rely on a polyalphabetic substitution cipher with hardcoded keys, which makes it easier for remote attackers to defeat a cryptographic... |
| CVE-2015-7287 | 2015-11-25 | CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 use the same 001984 default PIN across different customers' installations, which allows remote attackers to execute commands by leveraging knowledge... |
| CVE-2015-7288 | 2015-11-25 | CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 allow remote attackers to modify the configuration via a command in an SMS message, as demonstrated by a "4 2"... |
| CVE-2014-3665 | 2015-11-25 | Jenkins before 1.587 and LTS before 1.580.1 do not properly ensure trust separation between a master and slaves, which might allow remote attackers to execute arbitrary code on the master... |
| CVE-2015-5242 | 2015-11-25 | OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a crafted extended... |
| CVE-2015-5306 | 2015-11-25 | OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error. |
| CVE-2015-5318 | 2015-11-25 | Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible salt to generate CSRF protection tokens, which makes it easier for remote attackers to bypass the CSRF protection mechanism... |
| CVE-2015-5319 | 2015-11-25 | XML external entity (XXE) vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration... |
| CVE-2015-5320 | 2015-11-25 | Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the shared secret used in JNLP slave connections, which allows remote attackers to connect as slaves and obtain sensitive... |
| CVE-2015-5321 | 2015-11-25 | The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request... |
| CVE-2015-5322 | 2015-11-25 | Directory traversal vulnerability in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to list directory contents and read arbitrary files in the Jenkins servlet resources via directory traversal... |
| CVE-2015-5323 | 2015-11-25 | Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API... |
| CVE-2015-5324 | 2015-11-25 | Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api. |
| CVE-2015-5325 | 2015-11-25 | Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for... |
| CVE-2015-5326 | 2015-11-25 | Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or... |
| CVE-2015-8103 | 2015-11-25 | The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar... |
| CVE-2015-5317 | 2015-11-25 | The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 might allow remote attackers to obtain sensitive job and build name information via a direct request. |
| CVE-2015-6382 | 2015-11-26 | Cisco ASR 5000 devices with software 16.0(900) allow remote attackers to cause a denial of service (telnetd process restart) via a TELNET connection, aka Bug ID CSCuv25815. |
| CVE-2015-6857 | 2015-11-26 | Unspecified vulnerability in Virtual Table Server (VTS) in HP LoadRunner 11.52, 12.00, 12.01, 12.02, and 12.50 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-3138. |
| CVE-2015-8363 | 2015-11-26 | The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not enforce uniqueness of the SIZ marker in a JPEG 2000 image, which... |
| CVE-2015-8364 | 2015-11-26 | Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service (out-of-bounds heap-memory... |
| CVE-2015-8365 | 2015-11-26 | The smka_decode_frame function in libavcodec/smacker.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not verify that the data size is consistent with the number of channels,... |
| CVE-2015-6848 | 2015-11-27 | EMC Isilon OneFS 7.1.x before 7.1.1.5, 7.2.0.x before 7.2.0.3, and 7.2.1.x before 7.2.1.1, when the RFC 2307 feature is configured but SFU is not universally present, allows remote authenticated AD... |
| CVE-2015-8214 | 2015-11-27 | A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions < V3.0.44), SIMATIC NET CP... |
| CVE-2015-6385 | 2015-12-01 | The publish-event event-manager feature in Cisco IOS 15.5(2)S and 15.5(3)S on Cloud Services Router 1000V devices allows local users to execute arbitrary commands with root privileges by leveraging administrative access... |
| CVE-2015-6386 | 2015-12-01 | The passthrough FTP feature on Cisco Web Security Appliance (WSA) devices with software 8.0.7-142 and 8.5.1-021 allows remote attackers to cause a denial of service (CPU consumption) via FTP sessions... |
| CVE-2015-8383 | 2015-12-02 | PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular... |
| CVE-2015-8386 | 2015-12-02 | PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other... |
| CVE-2015-8387 | 2015-12-02 | PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via... |
| CVE-2015-8389 | 2015-12-02 | PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a... |
| CVE-2015-8390 | 2015-12-02 | PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other... |
| CVE-2015-8391 | 2015-12-02 | The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other... |
| CVE-2015-8393 | 2015-12-02 | pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI... |
| CVE-2015-8394 | 2015-12-02 | PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted... |
| CVE-2015-2327 | 2015-12-02 | PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly... |
| CVE-2015-2328 | 2015-12-02 | PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other... |
| CVE-2015-8380 | 2015-12-02 | The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow)... |
| CVE-2015-8381 | 2015-12-02 | The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows... |
| CVE-2015-8382 | 2015-12-02 | The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or... |
| CVE-2015-8384 | 2015-12-02 | PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have... |
| CVE-2015-8385 | 2015-12-02 | PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified... |
| CVE-2015-8388 | 2015-12-02 | PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have... |
| CVE-2015-8392 | 2015-12-02 | PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other... |
| CVE-2015-8395 | 2015-12-02 | PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by... |
| CVE-2015-8024 | 2015-12-02 | McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) 9.3.x before 9.3.2MR19, 9.4.x before 9.4.2MR9, and 9.5.x before 9.5.0MR8, when configured to use Active... |
| CVE-2015-6383 | 2015-12-03 | Cisco IOS XE 15.4(3)S on ASR 1000 devices improperly loads software packages, which allows local users to bypass license restrictions and obtain certain root privileges by using the CLI to... |
| CVE-2015-6390 | 2015-12-03 | Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unity Connection 9.1(1.10) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL,... |
| CVE-2015-0859 | 2015-12-03 | The Debian build procedure for the smokeping package in wheezy before 2.6.8-2+deb7u1 and jessie before 2.6.9-1+deb8u1 does not properly configure the way Apache httpd passes arguments to smokeping_cgi, which allows... |
| CVE-2015-0860 | 2015-12-03 | Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrary code via... |
| CVE-2015-5245 | 2015-12-03 | CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks... |
| CVE-2015-8076 | 2015-12-03 | The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact... |
| CVE-2015-8077 | 2015-12-03 | Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and... |
| CVE-2015-8078 | 2015-12-03 | Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and... |
| CVE-2015-6384 | 2015-12-05 | The Cisco WebEx Meetings application before 8.5.1 for Android improperly initializes custom application permissions, which allows attackers to bypass intended access restrictions via a crafted application, aka Bug ID CSCuw86442. |
| CVE-2015-6387 | 2015-12-05 | Cross-site scripting (XSS) vulnerability in Cisco Unified Computing System (UCS) Central Software 1.3(0.1) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL,... |
| CVE-2015-6388 | 2015-12-05 | Cisco Unified Computing System (UCS) Central software 1.3(0.1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCux33575. |
| CVE-2015-6391 | 2015-12-05 | Cisco Unified SIP 3905 phones allow remote attackers to cause a denial of service (resource consumption and functionality loss) via a large amount of network traffic, aka Bug ID CSCuh51331. |
| CVE-2015-6394 | 2015-12-05 | The kernel in Cisco NX-OS 5.2(9)N1(1) on Nexus 5000 devices allows local users to cause a denial of service (device crash) via crafted USB parameters, aka Bug ID CSCus89408. |
| CVE-2015-6849 | 2015-12-05 | EMC NetWorker before 8.0.4.5, 8.1.x before 8.1.3.6, 8.2.x before 8.2.2.2, and 9.0 before build 407 allows remote attackers to cause a denial of service (process outage) via malformed RPC authentication... |
| CVE-2015-1794 | 2015-12-06 | The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service (segmentation fault) via a zero p value in an anonymous Diffie-Hellman... |
| CVE-2015-3193 | 2015-12-06 | The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes... |
| CVE-2015-3194 | 2015-12-06 | crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1... |
| CVE-2015-3195 | 2015-12-06 | The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers... |
| CVE-2015-3196 | 2015-12-06 | ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which... |