The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of CiscoWorks

OpenSSL: man in the middle via ChangeCipherSpec
An attacker can act as a man in the middle between a client and a server using OpenSSL, in order to read or alter exchanged data...
1676496, 1690827, aid-06062014, c04336637, c04347622, c04363613, CERTFR-2014-AVI-253, CERTFR-2014-AVI-254, CERTFR-2014-AVI-255, CERTFR-2014-AVI-260, CERTFR-2014-AVI-274, CERTFR-2014-AVI-279, CERTFR-2014-AVI-286, CERTFR-2014-AVI-513, cisco-sa-20140605-openssl, cpuoct2016, CTX140876, CVE-2014-0224, DOC-53313, DSA-2950-1, DSA-2950-2, FEDORA-2014-17576, FEDORA-2014-17587, FEDORA-2014-7101, FEDORA-2014-7102, FG-IR-14-018, FreeBSD-SA-14:14.openssl, HPSBHF03052, HPSBUX03046, JSA10629, MDVSA-2014:105, MDVSA-2014:106, MDVSA-2015:062, NetBSD-SA2014-006, openSUSE-SU-2014:0764-1, openSUSE-SU-2014:0765-1, openSUSE-SU-2015:0229-1, openSUSE-SU-2016:0640-1, RHSA-2014:0624-01, RHSA-2014:0625-01, RHSA-2014:0626-01, RHSA-2014:0627-01, RHSA-2014:0628-01, RHSA-2014:0629-01, RHSA-2014:0630-01, RHSA-2014:0631-01, RHSA-2014:0632-01, RHSA-2014:0633-01, RHSA-2014:0679-01, RHSA-2014:0680-01, SA40006, SA80, SB10075, sk101186, SOL15325, SPL-85063, SSA:2014-156-03, SSA-234763, SSRT101590, SUSE-SU-2014:0759-1, SUSE-SU-2014:0759-2, SUSE-SU-2014:0761-1, SUSE-SU-2014:0762-1, SUSE-SU-2019:14246-1, USN-2232-1, USN-2232-2, USN-2232-3, USN-2232-4, VIGILANCE-VUL-14844, VMSA-2014-0006, VMSA-2014-0006.1, VMSA-2014-0006.10, VMSA-2014-0006.11, VMSA-2014-0006.2, VMSA-2014-0006.3, VMSA-2014-0006.4, VMSA-2014-0006.5, VMSA-2014-0006.6, VMSA-2014-0006.7, VMSA-2014-0006.8, VMSA-2014-0006.9, VU#978508
OpenSSL: denial of service via ECDH
An attacker, who is located on a TLS server, can use Anonymous ECDH, in order to trigger a denial of service in OpenSSL client applications...
1676496, aid-06062014, c04336637, c04363613, c04368523, CERTFR-2014-AVI-253, CERTFR-2014-AVI-254, CERTFR-2014-AVI-255, CERTFR-2014-AVI-260, CERTFR-2014-AVI-274, CERTFR-2014-AVI-279, CERTFR-2014-AVI-286, cisco-sa-20140605-openssl, CTX140876, CVE-2014-3470, DOC-53313, DSA-2950-1, DSA-2950-2, FEDORA-2014-17576, FEDORA-2014-17587, FEDORA-2014-7101, FEDORA-2014-7102, FG-IR-14-018, FreeBSD-SA-14:14.openssl, HPSBMU03069, HPSBUX03046, JSA10629, MDVSA-2014:105, MDVSA-2014:106, MDVSA-2015:062, NetBSD-SA2014-006, openSUSE-SU-2014:0764-1, openSUSE-SU-2014:0765-1, openSUSE-SU-2016:0640-1, RHSA-2014:0625-01, RHSA-2014:0628-01, RHSA-2014:0679-01, SA40006, SA80, SB10075, SPL-85063, SSA:2014-156-03, SSA-234763, SSRT101590, SUSE-SU-2014:0759-1, SUSE-SU-2014:0759-2, SUSE-SU-2014:0761-1, SUSE-SU-2014:0762-1, USN-2232-1, USN-2232-2, USN-2232-3, USN-2232-4, VIGILANCE-VUL-14847, VMSA-2014-0006, VMSA-2014-0006.1, VMSA-2014-0006.10, VMSA-2014-0006.11, VMSA-2014-0006.2, VMSA-2014-0006.3, VMSA-2014-0006.4, VMSA-2014-0006.5, VMSA-2014-0006.6, VMSA-2014-0006.7, VMSA-2014-0006.8, VMSA-2014-0006.9
OpenSSL: disclosure of ECDSA secret
A local attacker can guess the ECDSA secret used by the OpenSSL implementation, in order to obtain sensitive information...
1673696, 1681249, 1688949, c04336637, CERTFR-2014-AVI-179, CERTFR-2014-AVI-253, CERTFR-2014-AVI-254, CERTFR-2014-AVI-255, CERTFR-2014-AVI-279, CERTFR-2014-AVI-286, cisco-sa-20140605-openssl, CVE-2014-0076, DOC-53313, DSA-2908-1, FreeBSD-SA-14:06.openssl, HPSBUX03046, JSA10629, MDVSA-2014:067, MDVSA-2015:062, NetBSD-SA2014-006, openSUSE-SU-2014:0480-1, openSUSE-SU-2016:0640-1, pfSense-SA-14_04.openssl, SA40006, SB10075, SSA:2014-098-01, SSRT101590, SUSE-SU-2014:0759-1, SUSE-SU-2014:0761-1, SUSE-SU-2014:0762-1, USN-2165-1, VIGILANCE-VUL-14462
OpenSSL: data injection via OPENSSL_NO_BUF_FREELIST
An attacker can establish a connection with a multi-thread application linked to OpenSSL with OPENSSL_NO_BUF_FREELIST, in order to potentially inject data in the session of another user...
2167, aid-06062014, c04347622, CERTFR-2014-AVI-253, CERTFR-2014-AVI-254, CERTFR-2014-AVI-255, CERTFR-2014-AVI-260, CERTFR-2014-AVI-274, CERTFR-2014-AVI-279, CERTFR-2014-AVI-286, cisco-sa-20140605-openssl, CTX140876, CVE-2010-5298, DOC-53313, DSA-2908-1, FEDORA-2014-17576, FEDORA-2014-17587, FEDORA-2014-7101, FEDORA-2014-7102, FG-IR-14-018, FreeBSD-SA-14:09.openssl, HPSBHF03052, JSA10629, MDVSA-2014:090, MDVSA-2015:062, NetBSD-SA2014-006, openSUSE-SU-2014:0592-1, RHSA-2014:0625-01, RHSA-2014:0628-01, RHSA-2014:0679-01, SA40006, SA80, SB10075, SOL15328, SSA:2014-156-03, SSA-234763, USN-2192-1, VIGILANCE-VUL-14585, VMSA-2014-0006, VMSA-2014-0006.1, VMSA-2014-0006.10, VMSA-2014-0006.11, VMSA-2014-0006.2, VMSA-2014-0006.3, VMSA-2014-0006.4, VMSA-2014-0006.5, VMSA-2014-0006.6, VMSA-2014-0006.7, VMSA-2014-0006.8, VMSA-2014-0006.9
OpenSSL: NULL pointer dereference via SSL_MODE_RELEASE_BUFFERS
An attacker can dereference a NULL pointer in OpenSSL applications using SSL_MODE_RELEASE_BUFFERS, in order to trigger a denial of service...
3321, aid-06062014, c04347622, CERTFR-2014-AVI-253, CERTFR-2014-AVI-254, CERTFR-2014-AVI-255, CERTFR-2014-AVI-260, CERTFR-2014-AVI-274, CERTFR-2014-AVI-279, CERTFR-2014-AVI-286, cisco-sa-20140605-openssl, CTX140876, CVE-2014-0198, DOC-53313, DSA-2931-1, FEDORA-2014-17576, FEDORA-2014-17587, FEDORA-2014-7101, FEDORA-2014-7102, FreeBSD-SA-14:10.openssl, HPSBHF03052, JSA10629, MDVSA-2014:080, MDVSA-2015:062, NetBSD-SA2014-006, openSUSE-SU-2014:0634-1, openSUSE-SU-2014:0635-1, RHSA-2014:0625-01, RHSA-2014:0628-01, RHSA-2014:0679-01, SA40006, SA80, SB10075, SOL15329, SSA:2014-156-03, SSA-234763, USN-2192-1, VIGILANCE-VUL-14690, VMSA-2014-0006, VMSA-2014-0006.1, VMSA-2014-0006.10, VMSA-2014-0006.11, VMSA-2014-0006.2, VMSA-2014-0006.3, VMSA-2014-0006.4, VMSA-2014-0006.5, VMSA-2014-0006.6, VMSA-2014-0006.7, VMSA-2014-0006.8, VMSA-2014-0006.9
OpenSSL: buffer overflow of DTLS
An attacker can generate a buffer overflow via DTLS of OpenSSL, in order to trigger a denial of service, and possibly to execute code...
aid-06062014, c04336637, c04363613, c04368523, CERTFR-2014-AVI-253, CERTFR-2014-AVI-254, CERTFR-2014-AVI-255, CERTFR-2014-AVI-260, CERTFR-2014-AVI-279, CERTFR-2014-AVI-286, CERTFR-2014-AVI-291, cisco-sa-20140605-openssl, CTX140876, CVE-2014-0195, DOC-53313, DSA-2950-1, DSA-2950-2, FEDORA-2014-17576, FEDORA-2014-17587, FEDORA-2014-7101, FEDORA-2014-7102, FG-IR-14-018, FreeBSD-SA-14:14.openssl, HPSBMU03069, HPSBUX03046, JSA10629, KB36051, MDVSA-2014:106, MDVSA-2015:062, NetBSD-SA2014-006, openSUSE-SU-2014:0764-1, openSUSE-SU-2014:0765-1, openSUSE-SU-2016:0640-1, RHSA-2014:0625-01, RHSA-2014:0628-01, RHSA-2014:0679-01, SA40006, SA80, SB10075, SOL15356, SSA:2014-156-03, SSRT101590, USN-2232-1, USN-2232-2, USN-2232-3, USN-2232-4, VIGILANCE-VUL-14846, ZDI-14-173
OpenSSL: denial of service via DTLS Recursion
An attacker, who is located on a DTLS server, can use a malicious handshake, in order to trigger a denial of service in OpenSSL client applications...
aid-06062014, c04336637, c04363613, c04368523, CERTFR-2014-AVI-253, CERTFR-2014-AVI-254, CERTFR-2014-AVI-255, CERTFR-2014-AVI-260, CERTFR-2014-AVI-279, CERTFR-2014-AVI-286, cisco-sa-20140605-openssl, CTX140876, CVE-2014-0221, DOC-53313, DSA-2950-1, DSA-2950-2, FEDORA-2014-17576, FEDORA-2014-17587, FEDORA-2014-7101, FEDORA-2014-7102, FG-IR-14-018, FreeBSD-SA-14:14.openssl, HPSBMU03069, HPSBUX03046, JSA10629, KB36051, MDVSA-2014:105, MDVSA-2014:106, MDVSA-2015:062, NetBSD-SA2014-006, openSUSE-SU-2014:0764-1, openSUSE-SU-2014:0765-1, openSUSE-SU-2016:0640-1, RHSA-2014:0625-01, RHSA-2014:0628-01, RHSA-2014:0679-01, RHSA-2014:1019-01, RHSA-2014:1020-01, RHSA-2014:1021-01, RHSA-2014:1053-01, SA40006, SA80, SB10075, SOL15343, SSA:2014-156-03, SSRT101590, SUSE-SU-2014:0759-1, SUSE-SU-2014:0759-2, SUSE-SU-2014:0761-1, SUSE-SU-2014:0762-1, USN-2232-1, USN-2232-2, USN-2232-3, USN-2232-4, VIGILANCE-VUL-14845
CiscoWorks Common Services: code execution on Windows
A remote authenticated attacker can use a vulnerability of CiscoWorks Common Services, in order to execute code with privileges of the Windows administrator...
BID-50284, CERTA-2011-AVI-583, cisco-sa-20111019-cs, CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090, CSCtt25535, CVE-2011-3310, VIGILANCE-VUL-11085
CiscoWorks LAN Management: code execution
A remote attacker can use two vulnerabilities of CiscoWorks LAN Management, in order to execute code...
113092, 113173, BID-49627, CERTA-2011-AVI-518, CERTA-2011-AVI-520, CERTA-2011-AVI-526, cisco-amb-20110914-cusm-lms, cisco-sa-20110914-cusm, cisco-sa-20110914-lms, CSCtn64922, CVE-2011-2738, VIGILANCE-VUL-10995, ZDI-11-291, ZDI-11-292
Apache httpd: denial of service via Range or Request-Range
An attacker can use several parallel queries using Range or Request-Range, in order to progressively use the available memory...
BID-49303, c02997184, c03011498, c03025215, CERTA-2011-AVI-493, cisco-sa-20110830-apache, CVE-2011-3192, DSA-2298-1, DSA-2298-2, FEDORA-2011-12715, HPSBMU02704, HPSBUX02702, HPSBUX02707, KB73310, MDVSA-2011:130, MDVSA-2011:130-1, openSUSE-SU-2011, openSUSE-SU-2011:0993-1, PSN-2013-02-846, RHSA-2011:1245-01, RHSA-2011:1294-01, RHSA-2011:1300-01, RHSA-2011:1329-01, RHSA-2011:1330-01, RHSA-2011:1369-01, sk65222, SSA:2011-252-01, SSRT100606, SSRT100619, SSRT100626, SUSE-SU-2011:1000-1, SUSE-SU-2011:1007-1, SUSE-SU-2011:1010-1, SUSE-SU-2011:1215-1, SUSE-SU-2011:1216-1, VIGILANCE-VUL-10944, VU#405811
Our database contains other pages. You can request a free trial to read them.