2929 matches found
DEBIAN-CVE-2021-23839
OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater th...
ALPINE-CVE-2021-23839
OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater th...
CVE-2021-23839
OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater th...
Design/Logic Flaw
OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater th...
CVE-2021-23839
OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater th...
CVE-2021-23839
CVE-2021-23839 describes a padding-check logic error in OpenSSL 1.0.2 (affecting 1.0.2s–1.0.2x) where RSA_padding_check_SSLv23() mis-handles SSLv2 rollback protection. The bug causes a server configured for SSLv2 in combination with newer TLS versions to accept connections when a version-rollback...
CVE-2021-23839
OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater th...
Vulnerability in OpenSSL - Incorrect SSLv2 rollback protection
OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater th...
SUSE SLES12 Security Update : openvswitch (SUSE-SU-2021:0446-1)
This update for openvswitch fixes the following issues : CVE-2020-35498: Fixed a denial of service related to the handling of Ethernet padding bsc1181742. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempt...
SUSE SLES12 Security Update : openvswitch (SUSE-SU-2021:0451-1)
This update for openvswitch fixes the following issues : CVE-2020-35498: Fixed a denial of service related to the handling of Ethernet padding bsc1181742. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempt...
openSUSE Security Update : openvswitch (openSUSE-2021-283)
This update for openvswitch fixes the following issues : - CVE-2020-35498: Fixed a denial of service related to the handling of Ethernet padding bsc1181742. This update was imported from the SUSE:SLE-15-SP2:Update update project. C Tenable Network Security, Inc. The descriptive text and package...
SUSE SLES12 Security Update : openvswitch (SUSE-SU-2021:0479-1)
This update for openvswitch fixes the following issues : CVE-2020-35498: Fixed a denial of service related to the handling of Ethernet padding bsc1181742. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempt...
SUSE-SU-2021:0479-1 Security update for openvswitch
This update for openvswitch fixes the following issues: - CVE-2020-35498: Fixed a denial of service related to the handling of Ethernet padding bsc1181742...
SUSE-SU-2021:0451-1 Security update for openvswitch
This update for openvswitch fixes the following issues: - CVE-2020-35498: Fixed a denial of service related to the handling of Ethernet padding bsc1181742...
SUSE SLED15 / SLES15 Security Update : openvswitch (SUSE-SU-2021:0436-1)
This update for openvswitch fixes the following issues : CVE-2020-35498: Fixed a denial of service related to the handling of Ethernet padding bsc1181742. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempt...
SUSE SLED15 / SLES15 Security Update : openvswitch (SUSE-SU-2021:0439-1)
This update for openvswitch fixes the following issues : CVE-2020-35498: Fixed a denial of service related to the handling of Ethernet padding bsc1181742. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempt...
SUSE-SU-2021:0440-1 Security update for openvswitch
This update for openvswitch fixes the following issues: - CVE-2020-35498: Fixed a denial of service related to the handling of Ethernet padding bsc1181742...
SUSE-SU-2021:0436-1 Security update for openvswitch
This update for openvswitch fixes the following issues: - CVE-2020-35498: Fixed a denial of service related to the handling of Ethernet padding bsc1181742...
USN-4504-1: OpenSSL vulnerabilities | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky discovered that certain Diffie-Hellman ciphersuites in the TLS specification and implemented by OpenSSL contained a...
EulerOS 2.0 SP9 : nss (EulerOS-SA-2021-1249)
According to the version of the nss packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in...