RSS   Vulnerabilities for 'Client'   RSS

2016-03-03
 
CVE-2016-0799

CWE-119
 

 
The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.

 
2016-03-01
 
CVE-2016-0800

CWE-310
 

 
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack.

 

 >>> Vendor: Pulsesecure 15 Products
Client
Odyssey access client
Pulse connect secure
Steel belted radius
Pulse secure desktop
Pulse secure security
Standalone pulse installer service
Virtual traffic manager
Pulse policy secure
Pulse one on-premise
Plus secure desktop
Pulse secure desktop client
Secure access series ssl vpn sa-4000
Pulse secure virtual application delivery controller
Pulse secure installer service


Copyright 2024, cxsecurity.com

 

Back to Top