Juniper Junos Multiple OpenSSL Vulnerabilities (JSA10679) (FREAK)

According to its self-reported version number, the remote Juniper Junos device is affected by the following vulnerabilities related to OpenSSL : - A NULL pointer dereference flaw exists when the SSLv3 option isn't enabled and an SSLv3 ClientHello is received. This allows a remote attacker, using ...

Univention Corporate Server 4.0 erratum 142

The remote host is missing an update for openssl erratum 142 SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

USN-2537-1 openssl vulnerabilities

It was discovered that OpenSSL incorrectly handled malformed EC private key files. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or execute arbitrary code. CVE-2015-0209 Stephen Henson discovered that OpenSSL incorrectly handled...

McAfee Email Gateway - OpenSSL vulnerabilities patched in McAfee products

McAfee Email Gateway is vulnerable to a batch of OpenSSL vulnerabilities SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

F5 Networks BIG-IP : Local OpenSSL vulnerabilities (SOL6734)

The remote BIG-IP device is missing a patch required by a security advisory. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from F5 Networks BIG-IP Solution SOL6734. The text description of this plugin is C F5 Networks...

Multiple Security Issues with Intel® Manycore Platform Software Stack (Intel® MPSS) release 3.x

Summary: This Security Bulletin discusses several security vulnerabilities that affect previous versions of Intel® Manycore Platform Software Stack Intel® MPSS release 3.x. Some stem from vulnerabilities in the 3rd-party OpenSSL library, which is built into the coprocessor OS. Others were...

Ubuntu 10.04 LTS : openssl vulnerabilities (USN-2232-4)

USN-2232-1 fixed vulnerabilities in OpenSSL. One of the patch backports for Ubuntu 10.04 LTS caused a regression for certain applications. This update fixes the problem. We apologize for the inconvenience. Juri Aedla discovered that OpenSSL incorrectly handled invalid DTLS fragments. A remote...

MGASA-2014-0325 Updated openssl packages fix security vulnerabilities

A flaw in OBJobj2txt may cause pretty printing functions such as X509nameoneline, X509nameprintex et al. to leak some information from the stack. Applications may be affected if they echo pretty printing output to the attacker. OpenSSL SSL/TLS clients and servers themselves are not affected...

Ubuntu 14.04 LTS : OpenSSL vulnerabilities (USN-2308-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2308-1 advisory. Adam Langley and Wan-Teh Chang discovered that OpenSSL incorrectly handled certain DTLS packets. A remote attacker could use this issue to cause OpenSSL ...

VMware vCenter Chargeback Manager Multiple OpenSSL Vulnerabilities (VMSA-2014-0006)

The version of vCenter Chargeback Manager installed on the remote host is 2.6.0. It is, therefore, affected by the following OpenSSL related vulnerabilities : - An error exists in the function 'ssl3readbytes' that could allow data to be injected into other sessions or allow denial of service...

Update Tomcat Native DLL in JIRA Installer

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-38927. panel quote 7 new vulnerabilities were announced for OpenSSL on 5 June 2014. These vulnerabilities affect Tomcat Native, which ships...

Cisco TelePresence Supervisor MSE 8050 Multiple Vulnerabilities in OpenSSL

The remote Cisco TelePresence device is running a software version known to be affected by multiple OpenSSL related vulnerabilities : - An unspecified error exists that could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks. CVE-2014-0224 - ...

Cisco TelePresence MCU Series Devices Multiple Vulnerabilities in OpenSSL

The remote Cisco TelePresence MCU device is running a software version known to be affected by multiple OpenSSL related vulnerabilities : - An error exists related to the implementation of the Elliptic Curve Digital Signature Algorithm ECDSA that could allow nonce disclosure via the 'FLUSH+RELOAD...

MGASA-2014-0255 Updated openssl packages fix multiple vulnerabilties

Updated openssl packages fix security vulnerabilities: It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a...

MGASA-2014-0012 Updated openssl package fixes security vulnerabilities

Updated openssl packages fix security vulnerabilities: The DTLS retransmission implementation in OpenSSL through 1.0.1e does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context by...

Juniper Steel-Belted Radius Multiple OpenSSL Vulnerabilities

The version of Juniper Steel-Belted Radius software installed on the remote RedHat or CentOS host is affected by multiple OpenSSL vulnerabilities : - The SSL 3.0 implementation in OpenSSL does not properly initialize data structures for block cipher padding, which could allow remote attackers to...

Oracle Linux 5 : Important: / openssl (ELSA-2007-0964)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2007-0964 advisory. 0.9.8b-8.3.2 - more DTLS fixes 321211 0.9.8b-8.3.1 - fix CVE-2007-3108 - side channel attack on private keys 322891 - fix CVE-2007-5135 - off-by-one in...

SUSE-SU-2015:0182-2 Security update for compat-openssl097g

This compat-openssl097g rollup update contains various security fixes: CVE-2012-2131,CVE-2012-2110: incorrect integer conversions in OpenSSL can result in memory corruption during buffer management operations. Security Issue reference: CVE-2012-2110...

SUSE-SU-2015:0578-1 Security update for compat-openssl097g

This compat-openssl097g rollup update contains various security fixes: CVE-2012-2131,CVE-2012-2110: incorrect integer conversions in OpenSSL could have resulted in memory corruption during buffer management operations. Security Issue reference: CVE-2012-2110...

CVE-2012-2333

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted TLS packet that is no...