Lucene search
K

17 matches found

Tenable Nessus
Tenable Nessus
added 2023/11/15 12:0 a.m.31 views

Rockwell Automation Stratix Anonymous ECDH Denial of Service (CVE-2014-3470)

Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code, create a denial of service DoS condition, or perform a man-in-the-middle attack. This plugin only works with...

4.3CVSS7.5AI score0.85784EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/11/07 12:0 a.m.66 views

EulerOS 2.0 SP3 : openssl098e (EulerOS-SA-2022-2717)

According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The dtls1getmessagefragment function in d1both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote...

4.3CVSS7.5AI score0.87892EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.24 views

SUSE: Security Advisory (SUSE-SU-2014:0759-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4CVSS7.6AI score0.95326EPSS
Exploits9References3
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 9:18 p.m.44 views

Security Bulletin: IBM Security Access Manager for Mobile and IBM Security Access Manager for Web appliances are affected by the following OpenSSL vulnerabilities: CVE-2014-0224, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 and possibly CVE-2014-0076

Summary Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project. Vulnerability Details CVE-ID: CVE-2014-0224 DESCRIPTION: OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients an...

7.4CVSS1.8AI score0.95326EPSS
Exploits10Affected Software2
OpenVAS
OpenVAS
added 2015/10/13 12:0 a.m.33 views

SUSE: Security Advisory for OpenSSL (SUSE-SU-2014:0759-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4CVSS6.8AI score0.95326EPSS
Exploits9References2
Check Point Advisories
Check Point Advisories
added 2015/02/04 12:0 a.m.5 views

OpenSSL DTLS Anonymous ECDH Denial of Service (CVE-2014-3510)

A denial of service vulnerability has been reported in OpenSSL. The vulnerability is due to an unspecified issue when processing Anonymous ECDH cipher suites over DTLS connections. A remote unauthenticated attacker could exploit this vulnerability by sending a specially crafted packet to a target...

4.3CVSS3.5AI score0.16946EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/12/05 12:0 a.m.34 views

SuSE 11.3 Security Update : compat-openssl097g (SAT Patch Number 10033)

The SLES 9 compatibility package compat-openssl097g received a roll up update fixing various security issues : - Build option no-ssl3 is incomplete. CVE-2014-3568 - Add support for TLSFALLBACKSCSV. CVE-2014-3566 - Information leak in pretty printing functions. CVE-2014-3508 - OCSP bad key DoS...

7.4CVSS7.5AI score0.99999EPSS
Exploits16References20
UbuntuCve
UbuntuCve
added 2014/08/07 12:0 a.m.38 views

CVE-2014-3510

The ssl3sendclientkeyexchange function in s3clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service NULL pointer dereference and client application crash via a crafted handshake message in conjunction with a 1...

4.3CVSS6.8AI score0.16946EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2014/06/18 12:0 a.m.100 views

Cisco Windows Jabber Client Multiple Vulnerabilities in OpenSSL (cisco-sa-20140605-openssl)

The remote Windows host has a version of Cisco Jabber installed that is known to be affected by multiple OpenSSL related vulnerabilities : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm ECDSA that could allow nonce disclosure via the 'FLUSH+RELOA...

7.4CVSS7.5AI score0.95326EPSS
Exploits10References6
Tenable Nessus
Tenable Nessus
added 2014/06/18 12:0 a.m.79 views

Cisco TelePresence MCU Series Devices Multiple Vulnerabilities in OpenSSL

The remote Cisco TelePresence MCU device is running a software version known to be affected by multiple OpenSSL related vulnerabilities : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm ECDSA that could allow nonce disclosure via the 'FLUSH+RELOAD...

7.4CVSS7.5AI score0.95326EPSS
Exploits10References5
Huawei
Huawei
added 2014/06/13 12:0 a.m.93 views

Security Advisory-Multiple OpenSSL vulnerabilities on Huawei products

This security advisory SA describes the impact of 7 OpenSSL vulnerabilities discovered in third-party software. The vulnerabilities are referenced in this document as follows: 1.SSL/TLS Man-in-the-Middle Vulnerability CVE-2014-0224. An unauthenticated, remote attacker with the ability to intercep...

7.4CVSS8AI score0.99977EPSS
Exploits14Affected Software76
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.63 views

AIX OpenSSL Advisory : openssl_advisory9.doc

The version of OpenSSL installed on the remote host is potentially affected by the following remote code execution and denial of service vulnerabilities : - OpenSSL could allow an attacker to cause a buffer overrun situation when an attacker sends invalid DTLS fragments to an OpenSSL DTLS client ...

7.4CVSS8.4AI score0.99977EPSS
Exploits13References7
RedHat Linux
RedHat Linux
added 2014/06/10 12:23 p.m.6 views

openssl: client-side denial of service when using anonymous ECDH

The ssl3sendclientkeyexchange function in s3clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service NULL pointer dereference and client crash by triggering a NULL certificate...

4.3CVSS6.8AI score0.85784EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2014/06/10 12:0 a.m.51 views

Mandriva Linux Security Advisory : openssl (MDVSA-2014:106)

Multiple vulnerabilities has been discovered and corrected in openssl : The dtls1reassemblefragment function in d1both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers ...

7.4CVSS8.2AI score0.99977EPSS
Exploits13References5
OSV
OSV
added 2014/06/05 9:55 p.m.2 views

DEBIAN-CVE-2014-3470

The ssl3sendclientkeyexchange function in s3clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service NULL pointer dereference and client crash by triggering a NULL certificate...

4.3CVSS6.6AI score0.85784EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2014/06/05 12:12 p.m.7 views

openssl: client-side denial of service when using anonymous ECDH

The ssl3sendclientkeyexchange function in s3clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service NULL pointer dereference and client crash by triggering a NULL certificate...

4.3CVSS6.8AI score0.85784EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2014/06/05 5:49 a.m.68 views

OpenSSL Vulnerable to Man-in-the-Middle Attack and Several Other Bugs

Remember OpenSSL Heartbleed vulnerability? Several weeks ago, the exposure of this security bug chilled the Internet, revealed that millions of websites were vulnerable to a flaw in the OpenSSL code which they used to encrypt their communications. Now once again the OpenSSL Foundation has issued...

6.8CVSS8.8AI score0.99977EPSS
Exploits13
Rows per page
Query Builder