40 matches found
Security Bulletin: Vulnerabilities in OpenSSL affect IBM SAN Volume Controller and Storwize Family (CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511)
Summary Vulnerabilities in OpenSSL could allow a remote attacker to execute arbitrary code or cause a denial of service. Vulnerability Details CVE-ID:CVE-2014-3509 DESCRIPTION : OpenSSL is vulnerable to a denial of service, caused by a race condition in the sslparseserverhellotlsext code. If a...
Mageia: Security Advisory (MGASA-2014-0325)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: GPFS V3.5 for Windows is affected by OpenSSL vulnerabilities (CVE-2014-3512, CVE-2014-3509, CVE-2014-3506, CVE-2014-3507, CVE-2014-3511, CVE-2014-3505, CVE-2014-3510, CVE-2014-3508, CVE-2014-5139)
Summary Security vulnerabilities have been identified in the level of OpenSSL that is currently shipped with GPFS V3.5.0.11, or later, on Windows. The current level of OpenSSL could allow a remote attacker to : - Cause a denial of service CVE-2014-3512, CVE-2014-3509, CVE-2014-3506, CVE-2014-3507...
SUSE: Security Advisory (SUSE-SU-2014:1049-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2015-5334
Off-by-one error in the OBJobj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service program crash or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an...
Stack overflow
Off-by-one error in the OBJobj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service program crash or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an...
Security Bulletin: Vulnerability in Open SSL affects IBM System Networking products
Summary Open SSL used in the System Networking Products is impacted by the CVEs as outlined in the details below. Vulnerability Details Abstract Open SSL used in the System Networking Products is impacted by the CVEs as outlined in the details below. Content Vulnerability Details: CVE-ID:...
Security Bulletin: OpenSSL vulnerabilities announced August 6th 2014 affect Juniper EX Series Network Switches sold by IBM for use in IBM Products (9 CVEs)
Summary The 9 OpenSSL vulnerabilities announced August 6th 2014 are fixed as detailed below. Vulnerability Details Abstract The 9 OpenSSL vulnerabilities announced August 6th 2014 are fixed as detailed below. Content Vulnerability Details: CVE-ID: CVE-2014-3505 Description: OpenSSL is vulnerable ...
Security Bulletin: Multiple potential vulnerabilities in OpenSSL fixed in Chassis Management Module (CMM) (CVE-2014-3509, CVE-2014-3506, CVE-2014-3507, CVE-2014-3511, CVE-2014-3505, CVE-2014-3510, CVE-2014-3508)
Summary OpenSSL disclosed several vulnerabilities in August 2014. Seven of those vulnerabilities apply to the version of OpenSSL used by Flex Systems Chassis Management Module CMM. Vulnerability Details Abstract OpenSSL disclosed several vulnerabilities in August 2014. Seven of those...
Security Bulletin: Vulnerabilities in OpenSSL (CVE-2014-3508 and CVE-2014-3509) affect the virtual machines deployed by IBM PureApplication System.
Summary Nine OpenSSL vulnerabilities were disclosed in August 2014. This bulletin addresses the two vulnerabilities that are applicable to virtual machines which are deployed by IBM PureApplication System using the IBM OS Image for Red Hat Linux Systems and the IBM OS Image for AIX Systems...
pfSense < 2.1.5 Multiple Vulnerabilities ( SA-14_14 )
According to its self-reported version number, the remote pfSense install is a version prior to 2.1.5 It is, therefore, affected by multiple vulnerabilities. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid108516; scriptversion"1.4";...
Apache Tomcat 7.0.x < 7.0.57 Multiple Vulnerabilities (POODLE)
According to its self-reported version number, the Apache Tomcat service listening on the remote host is 7.0.x prior to 7.0.57. It is, therefore, affected by the following vulnerabilities : - A memory double-free error exists in 'd1both.c' related to handling DTLS packets that allows denial of...
Oracle Solaris Third-Party Patch Update : openssl (cve_2014_3508_information_disclosure)
The remote Solaris system is missing necessary patches to address security updates : - The OBJobj2txt function in crypto/objects/objdat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters,...
Fedora Update for mingw-openssl FEDORA-2014-17576
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for mingw-openssl FEDORA-2014-17587
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 21 : mingw-openssl-1.0.1j-1.fc21 (2014-17576) (POODLE)
Synced with native openssl-1.0.1j-3.fc22\r\n Add support for RFC 5649\r\n Prevent compiler warning 'Please include winsock2.h before windows.h' when using the OpenSSL headers\r\n Fixes various CVE's Note that Tenable Network Security has extracted the preceding description block directly from the...
SuSE 11.3 Security Update : compat-openssl097g (SAT Patch Number 10033)
The SLES 9 compatibility package compat-openssl097g received a roll up update fixing various security issues : - Build option no-ssl3 is incomplete. CVE-2014-3568 - Add support for TLSFALLBACKSCSV. CVE-2014-3566 - Information leak in pretty printing functions. CVE-2014-3508 - OCSP bad key DoS...
OracleVM 3.2 : openssl (OVMSA-2014-0039) (POODLE)
The remote OracleVM system is missing necessary patches to address critical security updates : - add support for fallback SCSV to partially mitigate CVE-2014-3566 padding attack on SSL3 - fix CVE-2014-0221 - recursion in DTLS code leading to DoS - fix CVE-2014-3505 - doublefree in DTLS packet...
OracleVM 2.2 : openssl (OVMSA-2014-0040) (POODLE)
The remote OracleVM system is missing necessary patches to address critical security updates : - add support for fallback SCSV to partially mitigate CVE-2014-3566 padding attack on SSL3 - fix CVE-2014-0221 - recursion in DTLS code leading to DoS - fix CVE-2014-3505 - doublefree in DTLS packet...
Security fix for the ALT Linux 7 package openssl10 version 1.0.1j-alt0.M70P.1
1.0.1j-alt0.M70P.1 built Oct. 31, 2014 Gleb Fotengauer-Malinovskiy in task 133718 Oct. 31, 2014 Gleb Fotengauer-Malinovskiy - Backported to p7 branch security: CVE-2014-3512, CVE-2014-3511, CVE-2014-3510, CVE-2014-3507, CVE-2014-3506, CVE-2014-3505, CVE-2014-3509, CVE-2014-5139, CVE-2014-3508,...