48
201505290049
Symptom: The hh3cTransceiver node does not return new information for a different
transceiver module type.
Condition: This symptom occurs if the following operations are performed:
a. Replace a transceiver module.
b. Walk the hh3cTransceiver node by using a MIB browser.
201506250411
Symptom: CVE-2015-3143
Condition: cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections,
which allows remote attackers to connect as other users via an unauthenticated request.
Symptom: CVE-2015-3148
Condition: cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use authenticated
Negotiate connections, which allows remote attackers to connect as other users via a request.
201411190504
Symptom: The number of packets in the ADVPN session statistics is a negative value.
Condition: This symptom occurs if the router forwards traffic for a long time.
201504140088
Symptoms: CVE-2015-0209
Condition: A malformed EC private key file consumed via the d2i_ECPrivateKey function could
cause a use after free condition. This could lead to a DoS attack or memory corruption for
applications that receive EC private keys from untrusted sources.
Symptoms: CVE-2015-0286
Condition: DoS vulnerability in certificate verification operation. Any application which performs
certificate verification is vulnerable including OpenSSL clients and servers which enable client
authentication.
Symptoms: CVE-2015-0287
Condition: Reusing a structure in ASN.1 parsing may allow an attacker to cause memory
corruption via an invalid write. Applications that parse structures containing CHOICE or ANY
DEFINED BY components may be affected.
Symptoms:CVE-2015-0288
Condition: The function X509_to_X509_REQ will crash with a NULL pointer dereference if the
certificate key is invalid.
Symptoms: CVE-2015-0289
Condition: The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. An
attacker can craft malformed ASN.1-encoded PKCS#7 blobs with missing content and trigger a
NULL pointer dereference on parsing.
Symptoms: CVE-2015-0292
Condition: A vulnerability existed in previous versions of OpenSSL related to the processing of
base64 encoded data.
Symptoms: CVE-2015-0293
Condition: A malicious client can trigger an OPENSSL_assert in servers that both support
SSLv2 and enable export cipher suites by sending a specially crafted SSLv2
CLIENT-MASTER-KEY message.
To Next Page
Loading...
Need help?
General
