Show filters
141 Total Results
Displaying 11-20 of 141
Sort by:
Attacker Value
Unknown

CVE-2016-2108

Disclosure Date: May 05, 2016 (last updated November 08, 2023)
The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.
0
Attacker Value
Unknown

CVE-2016-2109

Disclosure Date: May 05, 2016 (last updated November 08, 2023)
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.
0
Attacker Value
Unknown

CVE-2016-2105

Disclosure Date: May 05, 2016 (last updated November 08, 2023)
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
Attacker Value
Unknown

CVE-2016-2107

Disclosure Date: May 05, 2016 (last updated February 17, 2024)
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.
Attacker Value
Unknown

CVE-2015-8540

Disclosure Date: April 14, 2016 (last updated November 08, 2023)
Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read.
0
Attacker Value
Unknown

CVE-2015-7981

Disclosure Date: November 24, 2015 (last updated October 05, 2023)
The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.
0
Attacker Value
Unknown

CVE-2014-3580

Disclosure Date: December 18, 2014 (last updated October 05, 2023)
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.
0
Attacker Value
Unknown

CVE-2014-8108

Disclosure Date: December 18, 2014 (last updated October 05, 2023)
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request for a URI that triggers a lookup for a virtual transaction name that does not exist.
0
Attacker Value
Unknown

CVE-2014-3528

Disclosure Date: August 19, 2014 (last updated October 05, 2023)
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.
0
Attacker Value
Unknown

CVE-2014-3207

Disclosure Date: May 08, 2014 (last updated October 05, 2023)
Cross-site scripting (XSS) vulnerability in wserver.ml in SKS Keyserver before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to pks/lookup/undefined1.
0