CVE-2016-7407 (dropbear_ssh)
The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file.
Source: CVE-2016-7407 (dropbear_ssh)
[월:] 2017년 03월
CVE-2016-6882
CVE-2016-6882
MatrixSSL before 3.8.7, when the DHE_RSA based cipher suite is supported, makes it easier for remote attackers to obtain RSA private key information by conducting a Lenstra side-channel attack.
Source: CVE-2016-6882
CVE-2016-7406
CVE-2016-7406
Format string vulnerability in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) host argument.
Source: CVE-2016-7406
CVE-2016-7407
CVE-2016-7407
The dropbearconvert command in Dropbear SSH before 2016.74 allows attackers to execute arbitrary code via a crafted OpenSSH key file.
Source: CVE-2016-7407
CVE-2016-7408
CVE-2016-7408
The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c argument.
Source: CVE-2016-7408
CVE-2016-6883
CVE-2016-6883
MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote attackers to obtain sensitive information via a Bleichenbacher variant attack.
Source: CVE-2016-6883
CVE-2016-7409
CVE-2016-7409
The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUG_TRACE, allows local users to read process memory via the -v argument, related to a failed remote ident.
Source: CVE-2016-7409
CVE-2016-6884
CVE-2016-6884
TLS cipher suites with CBC mode in TLS 1.1 and 1.2 in MatrixSSL before 3.8.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted message.
Source: CVE-2016-6884
CVE-2016-7970
CVE-2016-7970
Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors.
Source: CVE-2016-7970
CVE-2015-8814
CVE-2015-8814
Umbraco before 7.4.0 allows remote attackers to bypass anti-forgery security measures and conduct cross-site request forgery (CSRF) attacks as demonstrated by editing user account information in the templates.asmx.cs file.
Source: CVE-2015-8814