154 matches found
Microsoft Windows Hyper-V CVE-2017-0076 Remote Denial of Service Vulnerability
Description Microsoft Windows is prone to a remote denial of service vulnerability. An attacker can exploit this issue to crash the host machine, resulting in a denial of service condition. Technologies Affected Microsoft Windows 10 Version 1607 for x64-based Systems Microsoft Windows 10 for...
SUSE SLES10 Security Update : OpenSSL (SUSE-SU-2014:0539-1)
OpenSSL has been updated to fix an attack on ECDSA Nonces. Using the FLUSH+RELOAD Cache Side-channel Attack the Nonces could be recovered. CVE-2014-0076 The update also enables use of SHA-2 family certificate verification of X.509 certificates used in todays SSL certificate infrastructure. Note...
SUSE SLES10 Security Update : OpenSSL (SUSE-SU-2014:0538-1)
OpenSSL has been updated to fix an attack on ECDSA Nonces. Using the FLUSH+RELOAD Cache Side-channel Attack the Nonces could have been recovered. CVE-2014-0076 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has...
CVE-2015-0076
CVE-2015-0076 affects the Microsoft Windows Photo Decoder component across Windows Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1, Windows 8/8.1, Server 2012 (Gold/R2) and Windows RT/8.1. The vulnerability stems from not properly initializing memory when rendering JPEG XR (.JXR) images, allowin...
Microsoft JPEG XR Parser Information Disclosure (MS15-029; CVE-2015-0076)
An information disclosure vulnerability has been reported in Microsoft JPEG XR Parser. The vulnerability is triggered when Windows fails to properly handle uninitialized memory when parsing certain, specially crafted JPEG XR image format files. A remote attacker can exploit this issue by enticing...
Microsoft Windows Graphics Component CVE-2015-0076 Information Disclosure Vulnerability
Description Microsoft Windows is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Avaya CallPilot 4.0 Avaya CallPilot 4.0.1 Avaya CallPilot 5.0 Avaya CallPilot 5.0.1...
Internet Explorer CSS Memory Corruption (MS09-002) - Ver2 (CVE-2009-0076)
Microsoft Internet Explorer is the most widely used Internet browser. A remote code execution vulnerability has been reported in the way Microsoft Internet Explorer handles Cascading Style Sheets CSS. A remote attacker could exploit this issue by convincing a user to visit a specially crafted HTM...
OpenSSL 'ChangeCipherSpec' MiTM Vulnerability
The OpenSSL service on the remote host is vulnerable to a man-in-the-middle MiTM attack, based on its acceptance of a specially crafted handshake. This flaw could allow a MiTM attacker to decrypt or forge SSL messages by telling the service to begin encrypted communications before key material ha...
HP Version Control Agent (VCA) < 7.3.3 Multiple SSL Vulnerabilities
The RPM installation of HP Version Control Agent VCA on the remote Linux host is a version prior to 7.3.3. It is, therefore, affected by multiple vulnerabilities in the bundled version of SSL : - An error exists in the 'ssl3readbytes' function that permits data to be injected into other sessions ...
McAfee Web Gateway Multiple OpenSSL Vulnerabilities (SB10075)
The remote host is running a version of McAfee Web Gateway MWG that is affected by multiple vulnerabilities due to flaws in the OpenSSL library : - An error exists in the function 'ssl3readbytes' that could allow data to be injected into other sessions or allow denial of service attacks. Note thi...
McAfee ePolicy Orchestrator Multiple OpenSSL Vulnerabilities (SB10075)
The remote host is running a version of McAfee ePolicy Orchestrator that is affected by multiple vulnerabilities due to flaws in the OpenSSL library : - An error exists in the function 'ssl3readbytes' that could allow data to be injected into other sessions or allow denial of service attacks. Not...
Cisco ONS 15400 Series Devices Multiple Vulnerabilities in OpenSSL
The remote Cisco ONS device is running a software version known to be affected by multiple OpenSSL related vulnerabilities : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm ECDSA that could allow nonce disclosure via the 'FLUSH+RELOAD' cache...
Cisco TelePresence MCU Series Devices Multiple Vulnerabilities in OpenSSL
The remote Cisco TelePresence MCU device is running a software version known to be affected by multiple OpenSSL related vulnerabilities : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm ECDSA that could allow nonce disclosure via the 'FLUSH+RELOAD...
openSUSE Security Update : MozillaFirefox (MozillaFirefox-4459)
Mozilla Firefox was updated to the 3.6.17 security release. MFSA 2011-12: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances,...
OpenSSL 'ChangeCipherSpec' MiTM Potential Vulnerability
The OpenSSL service on the remote host is potentially vulnerable to a man-in-the-middle MiTM attack, based on its response to two consecutive 'ChangeCipherSpec' messages during the incorrect phase of an SSL/TLS handshake. This flaw could allow a MiTM attacker to decrypt or forge SSL messages by...
IBM Global Security Kit 7 < 7.0.4.50 / 8.0.14.x < 8.0.14.43 / 8.0.50.x < 8.0.50.20 Multiple Vulnerabilities
The remote Windows host has a version of IBM Global Security Kit prior to 7.0.4.50 / 8.0.14.43 / 8.0.50.20. It is, therefore, affected by the following vulnerabilities : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm ECDSA that could allow nonce...
VMware Horizon Workspace 1.8 < 1.8.1 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Heartbleed)
The version of VMware Horizon Workspace installed on the remote host is version 1.8.x prior to 1.8.1. It is, therefore, reportedly affected by the following vulnerabilities in the OpenSSL library : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm...
VMware Workstation 10.x < 10.0.2 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Linux) (Heartbleed)
The installed version of VMware Workstation 10.x is prior to 10.0.2. It is, therefore, reportedly affected by the following vulnerabilities in the OpenSSL library : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm ECDSA that could allow nonce...
VMware Player 6.x < 6.0.2 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Heartbleed)
The installed version of VMware Player 6.x running on Windows is earlier than 6.0.2. It is, therefore, reportedly affected by the following vulnerabilities in the OpenSSL library : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm ECDSA that could...
VMware Player 6.x < 6.0.2 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Linux) (Heartbleed)
The installed version of VMware Player 6.x running on Linux is prior to 6.0.2. It is, therefore, reportedly affected by the following vulnerabilities in the OpenSSL library : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm ECDSA that could allow...