- Home
- CVEs with nessus.description==The remote Solaris system is missing necessary patches to address
security updates :
- Memory leak in d1_srtp.c in the DTLS SRTP extension in
OpenSSL 1.0.1 before 1.0.1j allows remote attackers to
cause a denial of service (memory consumption) via a
crafted handshake message. (CVE-2014-3513)
- The SSL protocol 3.0, as used in OpenSSL through 1.0.1i
and other products, uses nondeterministic CBC padding,
which makes it easier for man-in-the-middle attackers to
obtain cleartext data via a padding-oracle attack, aka
the 'POODLE' issue. (CVE-2014-3566)
- Memory leak in the tls_decrypt_ticket function in
t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o,
and 1.0.1 before 1.0.1j allows remote attackers to cause
a denial of service (memory consumption) via a crafted
session ticket that triggers an integrity-check failure.
(CVE-2014-3567)
- OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1
before 1.0.1j does not properly enforce the no-ssl3
build option, which allows remote attackers to bypass
intended access restrictions via an SSL 3.0 handshake,
related to s23_clnt.c and s23_srvr.c. (CVE-2014-3568)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top