Show filters
36 Total Results
Displaying 31-36 of 36
Sort by:
Attacker Value
Unknown

CVE-2003-0078

Disclosure Date: March 03, 2003 (last updated February 22, 2025)
ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack."
0
Attacker Value
Unknown

CVE-2003-0015

Disclosure Date: February 07, 2003 (last updated February 22, 2025)
Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.
0
Attacker Value
Unknown

CVE-2003-0001

Disclosure Date: January 17, 2003 (last updated February 22, 2025)
Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak.
0
Attacker Value
Unknown

CVE-2002-1219

Disclosure Date: November 29, 2002 (last updated February 22, 2025)
Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR).
0
Attacker Value
Unknown

CVE-2002-1221

Disclosure Date: November 29, 2002 (last updated February 22, 2025)
BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference.
0
Attacker Value
Unknown

CVE-2002-1220

Disclosure Date: November 29, 2002 (last updated February 22, 2025)
BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size.
0