Vulnerabilities (CVE)

Filtered by vendor Oracle Subscribe
Filtered by product Sparc-opl Service Processor
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-4000 12 Apple, Canonical, Debian and 9 more 25 Iphone Os, Mac Os X, Safari and 22 more 2024-10-22 4.3 MEDIUM 3.7 LOW
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
CVE-2015-3238 2 Linux-pam, Oracle 2 Linux-pam, Sparc-opl Service Processor 2024-02-04 5.8 MEDIUM 6.5 MEDIUM
The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
CVE-2015-1789 2 Openssl, Oracle 2 Openssl, Sparc-opl Service Processor 2024-02-04 4.3 MEDIUM 7.5 HIGH
The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback.