VMware Fusion 6.x < 6.0.3 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Heartbleed)

The version of VMware Fusion 6.x installed on the remote Mac OS X host is prior to 6.0.3. It is, therefore, reportedly affected by the following vulnerabilities in the OpenSSL library : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm ECDSA that...

VMware Player 6.x < 6.0.2 OpenSSL Library Multiple Vulnerabilities (VMSA-2014-0004) (Linux) (Heartbleed)

The installed version of VMware Player 6.x running on Linux is prior to 6.0.2. It is, therefore, reportedly affected by the following vulnerabilities in the OpenSSL library : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm ECDSA that could allow...

Cisco Network Registrar DHCPv6 Denial of Service Vulnerability

A vulnerability in the DHCPv6 server module of Cisco Network Registrar could allow an unauthenticated, remote attacker to cause a reload of the DHCPv6 server on an affected device. The vulnerability is due to the way certain malformed requests are processed. An attacker could exploit this...

CVE-2014-2129

The SIP inspection engine in Cisco Adaptive Security Appliance ASA Software 8.2 before 8.25.48, 8.4 before 8.46.5, 9.0 before 9.03.1, and 9.1 before 9.12.5 allows remote attackers to cause a denial of service memory consumption or device reload via crafted SIP packets, aka Bug ID CSCuh44052...

Code injection

The SIP inspection engine in Cisco Adaptive Security Appliance ASA Software 8.2 before 8.25.48, 8.4 before 8.46.5, 9.0 before 9.03.1, and 9.1 before 9.12.5 allows remote attackers to cause a denial of service memory consumption or device reload via crafted SIP packets, aka Bug ID CSCuh44052...

PT-2014-1323 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software versions 8.2 before 8.25.48 Cisco Adaptive Security Appliance ASA Software versions 8.4 before 8.46.5 Cisco Adaptive Security Appliance ASA Software versions 9.0 before 9.03.1 Cisco Adaptive...

Updated openssl package fix two security vulnerabilities

Updated openssl packages fix security vulnerability: The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack...

Cisco IOS Software High Priority Queue Denial of Service Vulnerability

A vulnerability in the packet driver code of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a reload of the affected device, resulting in a denial of service DoS condition. The vulnerability is due to how the packet driver code handles packets that belong to protocols...

CVE-2014-2109

The TCP Input module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service memory consumption or device reload via crafted TCP packets, aka Bug IDs CSCuh33843 and CSCuj41494...

Design/Logic Flaw

The TCP Input module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service memory consumption or device reload via crafted TCP packets, aka Bug IDs CSCuh33843 and CSCuj41494...

CVE-2014-2109

The TCP Input module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service memory consumption or device reload via crafted TCP packets, aka Bug IDs CSCuh33843 and CSCuj41494...

CVE-2014-2106

Cisco IOS 15.3M before 15.33M2 and IOS XE 3.10.xS before 3.10.2S allow remote attackers to cause a denial of service device reload via crafted SIP messages, aka Bug ID CSCug45898...

Cisco IOS Software Internet Key Exchange Version 2 Denial of Service Vulnerability

A vulnerability in the Internet Key Exchange Version 2 IKEv2 module of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of the affected device that would lead to a denial of service DoS condition. The vulnerability is due to how an...

DEBIAN-CVE-2014-0076

The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack...

CVE-2014-0076

The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack...

CVE-2014-0076

CVE-2014-0076 concerns the OpenSSL Montgomery ladder implementation. The issue is a timing/side-channel flaw in how certain swap operations are performed, enabling a local attacker to recover ECDSA nonces via a FLUSH+RELOAD cache side-channel. Affected product: OpenSSL up to 1.0.0l (and related O...

OpenSSL ECDSA Nonces恢复漏洞

CVE ID:CVE-2014-0076 OpenSSL是一款开放源码的SSL实现，用来实现网络通信的高强度加密。 OpenSSL椭圆曲线签名与校验ECDSA实现存在错误，允许攻击者通过FLUSH+RELOAD缓存边道攻击来获取nonce值并之后得出私钥。 0 OpenSSL 1.x 用户可参考厂商的GIT库以获得补丁修复此漏洞： http://www.openssl.org/...

Vulnerability in OpenSSL CVE-2014-0076

Fix for the attack described in the paper “Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack”. Found by Yuval Yarom and Naomi Benger...

Cisco ASA VPN Denial of Service (CSCua91108)

A vulnerability in the VPN authentication code that handles parsing of the username from the certificate on the Cisco ASA firewall could allow an unauthenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to parallel processing of a large number of Interne...

Cisco IOS XE Software IP Device Tracking DoS

A vulnerability in the IP Device Tracking function in Cisco IOS XE could allow a remote, unauthenticated attacker to trigger a denial of service condition resulting in a reload of the device. It should be noted that while the vendor describes a possible workaround, this plugin does not test for t...