Max CVSS | 7.5 | Min CVSS | 2.6 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2014-0231 | 5.0 |
The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.
|
31-10-2023 - 16:05 | 20-07-2014 - 11:12 | |
CVE-2015-1787 | 2.6 |
The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to cause a denial of service (daemon crash) via a Clien
|
13-12-2022 - 12:15 | 19-03-2015 - 22:59 | |
CVE-2015-0291 | 5.0 |
The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by using an invalid signature_algorithms extension in the ClientHello message durin
|
13-12-2022 - 12:15 | 19-03-2015 - 22:59 | |
CVE-2015-0209 | 6.8 |
Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corrup
|
13-12-2022 - 12:15 | 19-03-2015 - 22:59 | |
CVE-2015-0208 | 4.3 |
The ASN.1 signature-verification implementation in the rsa_item_verify function in crypto/rsa/rsa_ameth.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted
|
13-12-2022 - 12:15 | 19-03-2015 - 22:59 | |
CVE-2015-0288 | 5.0 |
The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) v
|
13-12-2022 - 12:15 | 19-03-2015 - 22:59 | |
CVE-2015-0290 | 5.0 |
The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote attackers to cause a denial o
|
13-12-2022 - 12:15 | 19-03-2015 - 22:59 | |
CVE-2015-0286 | 5.0 |
The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of ser
|
13-12-2022 - 12:15 | 19-03-2015 - 22:59 | |
CVE-2015-0285 | 4.3 |
The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffin
|
13-12-2022 - 12:15 | 19-03-2015 - 22:59 | |
CVE-2015-0292 | 7.5 |
Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (memory corru
|
13-12-2022 - 12:15 | 19-03-2015 - 22:59 | |
CVE-2015-0287 | 5.0 |
The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial o
|
13-12-2022 - 12:15 | 19-03-2015 - 22:59 | |
CVE-2015-0207 | 5.0 |
The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 before 1.0.2a does not properly isolate the state information of independent data streams, which allows remote attackers to cause a denial of service (application crash) via crafted DTLS traffic,
|
13-12-2022 - 12:15 | 19-03-2015 - 22:59 | |
CVE-2015-0293 | 5.0 |
The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY me
|
13-12-2022 - 12:15 | 19-03-2015 - 22:59 | |
CVE-2015-0289 | 5.0 |
The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference
|
13-12-2022 - 12:15 | 19-03-2015 - 22:59 | |
CVE-2014-0118 | 4.3 |
The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted req
|
14-09-2022 - 18:31 | 20-07-2014 - 11:12 | |
CVE-2014-0226 | 6.8 |
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a cr
|
14-09-2022 - 18:30 | 20-07-2014 - 11:12 | |
CVE-2015-2301 | 7.5 |
Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an a
|
16-08-2022 - 13:28 | 30-03-2015 - 10:59 | |
CVE-2014-3523 | 5.0 |
Memory leak in the winnt_accept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache HTTP Server 2.4.x before 2.4.10 on Windows, when the default AcceptFilter is enabled, allows remote attackers to cause a denial of service (memory con
|
06-06-2021 - 11:15 | 20-07-2014 - 11:12 | |
CVE-2015-2331 | 7.5 |
Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial
|
30-10-2018 - 16:27 | 30-03-2015 - 10:59 | |
CVE-2015-2787 | 7.5 |
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call th
|
30-10-2018 - 16:27 | 30-03-2015 - 10:59 | |
CVE-2015-2348 | 5.0 |
The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extens
|
30-10-2018 - 16:27 | 30-03-2015 - 10:59 | |
CVE-2015-0204 | 4.3 |
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak
|
19-07-2018 - 01:29 | 09-01-2015 - 02:59 | |
CVE-2014-9653 | 7.5 |
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers t
|
16-06-2018 - 01:29 | 30-03-2015 - 10:59 | |
CVE-2014-9705 | 7.5 |
Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of m
|
05-01-2018 - 02:29 | 30-03-2015 - 10:59 | |
CVE-2015-0232 | 6.8 |
The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) v
|
05-01-2018 - 02:29 | 27-01-2015 - 20:04 | |
CVE-2015-0273 | 7.5 |
Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier
|
05-01-2018 - 02:29 | 30-03-2015 - 10:59 | |
CVE-2014-8275 | 5.0 |
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted
|
15-11-2017 - 02:29 | 09-01-2015 - 02:59 | |
CVE-2014-3569 | 5.0 |
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon c
|
15-11-2017 - 02:29 | 24-12-2014 - 11:59 | |
CVE-2014-3572 | 5.0 |
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerK
|
15-11-2017 - 02:29 | 09-01-2015 - 02:59 | |
CVE-2014-3570 | 5.0 |
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms
|
15-11-2017 - 02:29 | 09-01-2015 - 02:59 | |
CVE-2015-0205 | 5.0 |
The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to
|
15-11-2017 - 02:29 | 09-01-2015 - 02:59 | |
CVE-2014-3571 | 5.0 |
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation fo
|
20-10-2017 - 01:29 | 09-01-2015 - 02:59 | |
CVE-2015-0206 | 5.0 |
Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading
|
20-10-2017 - 01:29 | 09-01-2015 - 02:59 | |
CVE-2015-2134 | 6.0 |
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.
|
21-09-2017 - 01:29 | 21-07-2015 - 19:59 | |
CVE-2014-9652 | 5.0 |
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version
|
01-07-2017 - 01:29 | 30-03-2015 - 10:59 | |
CVE-2014-8142 | 7.5 |
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call th
|
31-12-2016 - 02:59 | 20-12-2014 - 11:59 | |
CVE-2014-9427 | 7.5 |
sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins wit
|
31-12-2016 - 02:59 | 03-01-2015 - 02:59 | |
CVE-2015-0231 | 7.5 |
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call th
|
31-12-2016 - 02:59 | 27-01-2015 - 20:03 |