|
280481
|
- |
|
openssl
|
openssl
|
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in comm…
|
NVD-CWE-noinfo
|
CVE-2014-3511
|
2024-11-21 11:08 |
2014-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280482
|
- |
|
openssl
|
openssl
|
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL poi…
|
NVD-CWE-Other
|
CVE-2014-3510
|
2024-11-21 11:08 |
2014-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280483
|
- |
|
openssl
|
openssl
|
Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL …
|
CWE-362
Race Condition
|
CVE-2014-3509
|
2024-11-21 11:08 |
2014-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280484
|
- |
|
openssl
|
openssl
|
The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' …
|
CWE-200
Information Exposure
|
CVE-2014-3508
|
2024-11-21 11:08 |
2014-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280485
|
- |
|
openssl
|
openssl
|
Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumpt…
|
CWE-399
Resource Management Errors
|
CVE-2014-3507
|
2024-11-21 11:08 |
2014-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280486
|
- |
|
openssl
|
openssl
|
d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafte…
|
CWE-399
Resource Management Errors
|
CVE-2014-3506
|
2024-11-21 11:08 |
2014-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280487
|
- |
|
openssl
|
openssl
|
Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (a…
|
NVD-CWE-Other
|
CVE-2014-3505
|
2024-11-21 11:08 |
2014-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280488
|
- |
|
pyplate
|
pyplate
|
Directory traversal vulnerability in download.py in Pyplate 0.08 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
|
CWE-22
Path Traversal
|
CVE-2014-3855
|
2024-11-21 11:08 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280489
|
- |
|
pyplate
|
pyplate
|
Cross-site request forgery (CSRF) vulnerability in admin/addScript.py in Pyplate 0.08 allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scrip…
|
CWE-352
Origin Validation Error
|
CVE-2014-3854
|
2024-11-21 11:08 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280490
|
- |
|
pyplate
|
pyplate
|
Pyplate 0.08 does not set the secure flag for the id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http sess…
|
CWE-200
Information Exposure
|
CVE-2014-3853
|
2024-11-21 11:08 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
