Skip to main content
CVE-2014-3507 MEDIUM This Month

Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 66.0% and no vendor patch available.

Denial Of Service OpenSSL
NVD
CVSS 2.0
5.0
EPSS
66.0%
CVE-2014-3512 HIGH Act Now

Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 40.2% and no vendor patch available.

OpenSSL Denial Of Service Buffer Overflow
NVD
CVSS 2.0
7.5
EPSS
40.2%
CVE-2014-3506 MEDIUM This Month

d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 51.7% and no vendor patch available.

Denial Of Service OpenSSL
NVD
CVSS 2.0
5.0
EPSS
51.7%
CVE-2014-3505 MEDIUM This Month

Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 46.9% and no vendor patch available.

Denial Of Service OpenSSL
NVD
CVSS 2.0
5.0
EPSS
46.9%
CVE-2014-3509 MEDIUM POC THREAT This Month

Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 13.0%.

Denial Of Service Race Condition OpenSSL
NVD GitHub
CVSS 2.0
6.8
EPSS
13.0%
CVE-2014-5139 MEDIUM This Month

The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 41.2% and no vendor patch available.

Denial Of Service OpenSSL
NVD
CVSS 2.0
4.3
EPSS
41.2%
CVE-2014-3508 MEDIUM POC This Month

The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0'. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

OpenSSL Information Disclosure
NVD GitHub
CVSS 2.0
4.3
EPSS
3.1%
CVE-2014-3165 HIGH This Week

Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web Sockets implementation in Blink, as used in Google Chrome before 36.0.1985.143, allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Debian Linux Chrome
NVD
CVSS 2.0
7.5
EPSS
1.7%
CVE-2014-3167 HIGH This Week

Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.143 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome Debian Linux
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2014-3510 MEDIUM This Month

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 14.8% and no vendor patch available.

Denial Of Service OpenSSL
NVD
CVSS 2.0
4.3
EPSS
14.8%
CVE-2014-3511 MEDIUM This Month

The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure OpenSSL
NVD
CVSS 2.0
4.3
EPSS
5.4%
CVE-2014-3166 MEDIUM This Month

The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows, OS X, and Linux, and before 36.0.1985.135 on Android, does not correctly consider the properties of SPDY. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Google Information Disclosure Microsoft Chrome Debian Linux
NVD
CVSS 2.0
4.3
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy