Lucene search
K

19 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/13 12:0 a.m.12 views

Siemens SCALANCE X-200RNA Switch Devices Improper Input Validation (CVE-2016-6305)

The ssl3readbytes function in record/reclayers3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service infinite loop by triggering a zero-length record in an SSLpeek call. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-...

7.5CVSS8.3AI score0.15997EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2022/02/22 7:27 p.m.42 views

Security Bulletin: Multiple Security Vulnerabilities in OpenSSL affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center)

Summary OpenSSL vulnerabilities were disclosed on September 22 and September 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Spectrum Control and Tivoli Storage Productivity Center. IBM Spectrum Control and Tivoli Storage Productivity Center have addressed the applicable CVEs. Vulnerabili...

10CVSS1AI score0.95707EPSS
Exploits9Affected Software1
OpenVAS
OpenVAS
added 2020/06/05 12:0 a.m.51 views

Huawei Data Communication: Sixteen OpenSSL Vulnerabilities on Some Huawei products (huawei-sa-20170322-01-openssl)

Statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

10CVSS8AI score0.95707EPSS
Exploits9References1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/18 2:26 p.m.52 views

Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM i

Summary OpenSSL is used by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-6302 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the failure to consider the HMAC size during validation of the ticket length by the tlsdecryptticket function ...

9.8CVSS0.9AI score0.95707EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/01/31 2:25 a.m.41 views

Security Bulletin: Vulnerabilities in OpenSSL affect MegaRAID Storage Manager

Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by MegaRAID Storage Manager. MegaRAID Storage Manager has addressed the applicable CVEs. Vulnerability Details Summary OpenSSL vulnerabilities were disclosed on September 22 and 26,...

9.8CVSS1AI score0.95707EPSS
Exploits9
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:32 p.m.47 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Workload Scheduler

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Workload Manager. IBM Workload Manager has addressed the applicable CVEs Vulnerability Details CVEID: CVE-2016-6302 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the failure to...

10CVSS0.8AI score0.70223EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 5:17 a.m.62 views

Security Bulletin: Vulnerabilities in OpenSSL affect Rational Insight

Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by Rational Insight. Rational Insight has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-6302 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused...

10CVSS1.1AI score0.95707EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 5:17 a.m.62 views

Security Bulletin: Vulnerabilities in OpenSSL affect Rational Reporting for Development Intelligence

Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by Rational Reporting for Development Intelligence RRDI. RRDI has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-6302 DESCRIPTION: OpenSSL is vulnerable to a...

10CVSS0.9AI score0.95707EPSS
Exploits9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 8:6 p.m.42 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Tealeaf Customer Experience

Summary OpenSSL vulnerabilities were disclosed on September 22 and 26, 2016 by the OpenSSL Project. OpenSSL is used by IBM Tealeaf Customer Experience. IBM Tealeaf Customer Experience has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-6304 DESCRIPTION: OpenSSL is vulnerable ...

9.8CVSS0.7AI score0.63029EPSS
Exploits3Affected Software1
Hacker One
Hacker One
added 2017/11/10 12:10 a.m.46 views

Internet Bug Bounty: SSL_peek() hang on empty record (CVE-2016-6305)

As described here: https://www.openssl.org/news/secadv/20160922.txt...

5CVSS8.5AI score0.15997EPSS
Exploits1
Check Point Advisories
Check Point Advisories
added 2016/11/01 12:0 a.m.4 views

OpenSSL SSL_peek Infinite Loop Denial of Service (CVE-2016-6305)

A denial-of-service vulnerability exists in OpenSSL. The vulnerability is due to an error in SSLpeek API that causes an infinite loop to occur when processing empty records. A remote, unauthenticated attacker can exploit this vulnerability by supplying an empty record during an SSL connection...

5CVSS2.7AI score0.15997EPSS
Exploits1
OpenVAS
OpenVAS
added 2016/10/26 12:0 a.m.33 views

Amazon Linux: Security Advisory (ALAS-2016-749)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS8.4AI score0.63029EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2016/10/06 12:0 a.m.44 views

OpenSSL < 1.1.0a Multiple Vulnerabilities

Binary data 9626.prm...

7.8CVSS8.1AI score0.63029EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2016/09/30 12:0 a.m.78 views

OpenSSL 1.1.0 < 1.1.0a Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.1.0a. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.0a advisory. - The ssl3readbytes function in record/reclayers3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of...

7.8CVSS7.7AI score0.63029EPSS
Exploits3References13
OpenVAS
OpenVAS
added 2016/09/26 12:0 a.m.27 views

OpenSSL SSL_peek hang on empty record DoS Vulnerability - Linux

OpenSSL is prone to a Denial of Service DoS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl";...

7.5CVSS7.8AI score0.15997EPSS
Exploits1References1
CVE
CVE
added 2016/09/26 12:0 a.m.117 views

CVE-2016-6305

The CVE-2016-6305 issue affects OpenSSL 1.1.0 before 1.1.0a, where ssl3_read_bytes in record/rec_layer_s3.c can cause a denial of service (infinite loop) when a zero-length record is processed via SSL_peek. Public sources (OpenSSL security advisory, vendor reports) confirm the vulnerability in th...

7.5CVSS8AI score0.15997EPSS
Exploits1References18Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/09/23 12:0 a.m.93 views

Amazon Linux AMI : openssl (ALAS-2016-749)

A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it...

7.8CVSS7.7AI score0.63029EPSS
Exploits3References4
Slackware Linux
Slackware Linux
added 2016/09/22 6:53 p.m.62 views

[slackware-security] openssl

New openssl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/openssl-1.0.2i-i586-1slack14.2.txz: Upgraded. This update fixes denial-of-service and other security issues. For more...

9.8CVSS8.2AI score0.95707EPSS
Exploits9
Amazon
Amazon
added 2016/09/22 12:0 a.m.81 views

Important: openssl

Issue Overview: A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available...

7.8CVSS8.3AI score0.63029EPSS
Exploits3
Rows per page
Query Builder