CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OpenVAS•added 2010/12/23 12:0 a.m.•40 views

Ubuntu Update for openssl vulnerabilities USN-1029-1

Ubuntu Update for Linux kernel vulnerabilities USN-1029-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN10291.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for openssl vulnerabilities USN-1029-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

4.3CVSS0.1AI score0.03846EPSS

Exploits0References2

RedHat Linux•added 2010/12/13 6:39 p.m.•4 views

openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG ciphersuite downgrade attack

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSLOPNETSCAPEREUSECIPHERCHANGEBUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network...

RedHat Linux•added 2010/12/13 6:34 p.m.•5 views

openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG ciphersuite downgrade attack

RedHat Linux•added 2010/12/13 6:34 p.m.•3 views

openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG downgrade-to-disabled ciphersuite attack

OpenSSL before 0.9.8j, when SSLOPNETSCAPEREUSECIPHERCHANGEBUG is enabled, does not prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of a disabled cipher via vectors involving sniffing network traffic to discover a session identifier, a...

RedHat Linux•added 2010/12/13 6:13 p.m.•4 views

openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG ciphersuite downgrade attack

RedHat Linux•added 2010/12/13 6:13 p.m.•4 views

openssl: NETSCAPE_REUSE_CIPHER_CHANGE_BUG downgrade-to-disabled ciphersuite attack

securityvulns•added 2010/12/09 12:0 a.m.•71 views

[USN-1029-1] OpenSSL vulnerabilities

=========================================================== Ubuntu Security Notice USN-1029-1 December 08, 2010 openssl vulnerabilities CVE-2008-7270, CVE-2010-4180 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS...

4.3CVSS0.3AI score0.03846EPSS

NVD•added 2010/12/06 10:30 p.m.•17 views

CVE-2008-7270

4.3CVSS7.6AI score0.01279EPSS

Exploits0References10

OSV•added 2010/12/06 10:30 p.m.•5 views

CVE-2008-7270

7.2AI score

Exploits0References10

OSV•added 2010/12/06 10:30 p.m.•1 views

DEBIAN-CVE-2008-7270

4.3CVSS8.7AI score0.01279EPSS

Exploits0References1

Debian CVE•added 2010/12/06 10:0 p.m.•43 views

CVE-2008-7270

4.3CVSS8.2AI score0.01279EPSS

OSV•added 2010/12/06 9:5 p.m.•1 views

DEBIAN-CVE-2010-4180

4.3CVSS8.6AI score0.03846EPSS

Exploits0References1

Cvelist•added 2010/12/06 9:0 p.m.•33 views

CVE-2010-4180

6.5AI score0.03846EPSS

Exploits0References50

CVE•added 2010/12/06 9:0 p.m.•154 views

CVE-2010-4180

OpenSSL vulnerability CVE-2010-4180 affects OpenSSL versions before 0.9.8q and 1.0.x before 1.0.0c when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled. The flaw allows remote attackers to modify the ciphersuite in the session cache, enabling a downgrade to an unintended cipher by sniffing net...

4.3CVSS6.6AI score0.03846EPSS

Exploits0References50Affected Software1

UbuntuCve•added 2010/12/06 12:0 a.m.•23 views

CVE-2010-4180

OpenSSL•added 2010/12/02 12:0 a.m.•32 views

Exploits0References3

Vulnerability in OpenSSL CVE-2010-4180

A flaw in the OpenSSL SSL/TLS server code where an old bug workaround allows malicious clients to modify the stored session cache ciphersuite. In some cases the ciphersuite can be downgraded to a weaker one on subsequent connections. This issue only affects OpenSSL based SSL/TLS server if it uses...

6.6AI score0.03846EPSS

Exploits0Affected Software1

RedHat Linux•added 2007/11/15 1:22 p.m.•39 views

Moderate: Red Hat Security Advisory: openssl security and bug fix update

Updated OpenSSL packages that correct a security issue and various bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL v2/v3 an...

6.8CVSS6.8AI score0.53124EPSS

Exploits1References6

Tenable Nessus•added 2007/08/21 12:0 a.m.•36 views

Fedora Core 6 : openssl-0.9.8b-14.fc6 (2007-661)

Fri Aug 3 2007 Tomas Mraz 0.9.8b-14 - use localhost in testsuite, hopefully fixes slow build in koji - CVE-2007-3108 - fix side channel attack on private keys 250577 - make ssl session cache id matching strict 233599 - Wed Jul 25 2007 Tomas Mraz 0.9.8b-13 - allow building on ARM architectures...

1.2CVSS7.1AI score0.00155EPSS

Exploits1References1

securityvulns•added 2006/03/22 12:0 a.m.•55 views

Sendmail 8.13.6 release notes

8.13.6/8.13.6 2006/03/22 SECURITY: Replace unsafe use of setjmp3/longjmp3 in the server and client side of sendmail with timeouts in the libsm I/O layer and fix problems in that code. Also fix handling of a buffer in smsyslog which could have been used as an attack vector to exploit the unsafe...