42 matches found
Linux Distros Unpatched Vulnerability : CVE-2013-0166
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCS...
K14261: OpenSSL OCSP vulnerability CVE-2013-0166
Security Advisory Description OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for Online Certificate Status Protocol OCSP responses, which allow remote attackers to cause a denial-of-service DoS NULL pointer dereference and...
Security Bulletin: Multiple vulnerabilities exist in the OpenSSL component of IBM Initiate Master Data Service and IBM InfoSphere Master Data Management Standard Edition (CVE-2013-0166, CVE-2013-0166, CVE-2012-2686)
Abstract Three security vulnerabilities exist in the version of OpenSSL shipped with IBM Initiate Master Data Service and IBM InfoSphere Master Data Management Standard Edition. See the individual descriptions for the details. Content VULNERABILITY DETAILS: CVE ID: CVE-2013-0166 DESCRIPTION: A fl...
Slackware: Security Advisory (SSA:2013-040-01)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OpenSSL: OCSP Invalid Key DoS Issue (20130205) - Windows
OpenSSL is prone to a denial of service attack. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE: Security Advisory (SUSE-SU-2013:0549-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2013:0554-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM Tivoli Network Manager - GSKit Security Vulnerabilities (CVE-2013-0169), (CVE-2012-2190) and (CVE-2013-0166)
Summary OpenSSL Security Advisory updates Feb 2013: GSKit Lucky 13 TLS CBC Timing Attack - CVE-2013-0169. A vulnerability in relation to Session ID Lengths and SSL/TLS Server has been discovered that impacts GSKit - CVE-2012-2190. OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1...
Oracle: Security Advisory (ELSA-2013-0587)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Gentoo Security Advisory GLSA 201312-03
Gentoo Linux Local Security Checks GLSA 201312-03 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...
Amazon Linux: Security Advisory (ALAS-2013-171)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Juniper Junos Space < 14.1R1 Multiple Vulnerabilities (JSA10659)
According to its self-reported version number, the remote Junos Space version is prior to 14.1R1. It is, therefore, affected by multiple vulnerabilities in bundled third party software components : - Multiple vulnerabilities in the bundled OpenSSL CentOS package. CVE-2011-4109, CVE-2011-4576,...
SuSE 11.3 Security Update : compat-openssl097g (SAT Patch Number 10033)
The SLES 9 compatibility package compat-openssl097g received a roll up update fixing various security issues : - Build option no-ssl3 is incomplete. CVE-2014-3568 - Add support for TLSFALLBACKSCSV. CVE-2014-3566 - Information leak in pretty printing functions. CVE-2014-3508 - OCSP bad key DoS...
RHEL 6 : rhev-hypervisor6 (RHSA-2013:0636)
An updated rhev-hypervisor6 package that fixes several security issues and various bugs is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
openSUSE Security Update : openssl (openSUSE-SU-2013:0336-1)
openssl was updated to 1.0.0k security release to fix bugs and security issues. bnc802648 bnc802746 The version was upgraded to avoid backporting the large fixes for SSL, TLS and DTLS Plaintext Recovery Attack CVE-2013-0169 TLS 1.1 and 1.2 AES-NI crash CVE-2012-2686 OCSP invalid key DoS issue...
openSUSE Security Update : openssl (openSUSE-SU-2013:0337-1)
openssl was updated to 1.0.1e, fixing bugs and security issues : o Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version. o Include the fips configuration module. o Fix OCSP bad key DoS attack CVE-2013-0166 bnc802746 o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169...
AIX OpenSSL Advisory : openssl_advisory5.asc
The version of OpenSSL running on the remote host is affected by the following vulnerabilities : - The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side- channel attacks on a MAC check...
VMware vSphere, ESX and ESXi updates to third party libraries
a. vCenter Server and ESX userworld update for OpenSSL library The userworld OpenSSL library is updated to version openssl-0.9.8y to resolve multiple security issues.The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the names CVE-2013-0169 and CVE-2013-0166 to these...
VMSA-2013-0009:VMware vSphere, ESX and ESXi updates to third party libraries
VMSA-2013-0009.3 VMware vSphere, ESX and ESXi updates to third party libraries VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2013-0009.3 VMware Security Advisory Synopsis: VMware vSphere, ESX and ESXi updates to third party libraries VMware Security Advisory Issue date:...
Oracle Linux 5 / 6 : openssl (ELSA-2013-0587)
The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-0587 advisory. - fix for CVE-2013-0169 - SSL/TLS CBC timing attack 907589 - fix for CVE-2013-0166 - DoS in OCSP signatures checking 908052 - enable compression on...