1121

DATE	CVE	VULNERABILITY TITLE	RISK
2015-08-24	CVE-2015-3238	Information Exposure vulnerability in multiple products The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. network low complexity linux-pam oracle CWE-200	6.5
2015-06-12	CVE-2015-1789	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback. network low complexity openssl oracle CWE-119	7.5
2015-05-21	CVE-2015-4000	Cryptographic Issues vulnerability in multiple products The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. network high complexity openssl canonical hp ibm oracle debian suse apple mozilla opera microsoft google CWE-310	3.7