cisco cloud portal 9.3 vulnerabilities and exploits

(subscribe to this query)

The nsAPI interface in Cisco Cloud Portal 9.1 SP1 and SP2, and 9.3 up to and including 9.3.2, does not properly check privileges, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCud81134.

Cisco Cloud Portal 9.1 Cisco Cloud Portal 9.3 Cisco Cloud Portal 9.3.2 Cisco Cloud Portal 9.3.1

Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) 2008.3_SP9 and previous versions does not properly consider whether a session is a problematic NULL session, which allows remote malicious users to obtain sensitive information via crafted packets, related to an &quo...

Cisco Cloud Portal 2008.3 Cisco Cloud Portal 9.1 Cisco Cloud Portal 9.4 Cisco Cloud Portal 9.3.2 Cisco Cloud Portal Cisco Cloud Portal 9.3.1 Cisco Cloud Portal 9.3

Intelligent Automation for Cloud (IAC) in Cisco Cloud Portal 9.4.1 and previous versions includes a cryptographic key in binary files, which makes it easier for remote malicious users to obtain cleartext data from an arbitrary IAC installation by leveraging knowledge of this key,...

Cisco Cloud Portal 9.3.1 Cisco Cloud Portal 9.3.2 Cisco Cloud Portal 9.4 Cisco Cloud Portal 9.1 Cisco Cloud Portal 9.3 Cisco Cloud Portal

The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 prior to 1.0.2a does not properly isolate the state information of independent data streams, which allows remote malicious users to cause a denial of service (application crash) via crafted DTLS traffic, as demonstrated by DT...

Openssl Openssl 1.0.2

The ASN.1 signature-verification implementation in the rsa_item_verify function in crypto/rsa/rsa_ameth.c in OpenSSL 1.0.2 prior to 1.0.2a allows remote malicious users to cause a denial of service (NULL pointer dereference and application crash) via crafted RSA PSS parameters to...

Openssl Openssl 1.0.2

The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 prior to 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote malicious users to defeat cryptographic protection mechanisms by sniffing the network and then...

Openssl Openssl 1.0.2

The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 prior to 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases, which allows remote malicious users to cause a denial of service (pointer cor...

Openssl Openssl 1.0.2

The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 prior to 1.0.2a allows remote malicious users to cause a denial of service (NULL pointer dereference and daemon crash) by using an invalid signature_algorithms extension in the ClientHello message during a renegotiation.

Openssl Openssl 1.0.2

3 Github repositories2 Articles

The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 prior to 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote malicious users to cause a denial of service (daemon crash) via a ClientKeyExchange message w...

Openssl Openssl 1.0.2

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook