EUVD-2009-3907

Malware in sbrugna...

OpenSSL 0.9.7 < 0.9.7h Vulnerability

The version of OpenSSL installed on the remote host is prior to 0.9.7h. It is, therefore, affected by a vulnerability as referenced in the 0.9.7h advisory. - The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSLOPMSIESSLV2RSAPADDING option,...

Fortinet FortiSIEM 5.0 / 5.2.1 Improper Certification Validation

Product Name: FortiSIEM Tested versions: 5.0, 5.2.1 Fixed in version: Only a manual workaround is available from Fortinet as of this writing Weakness Type: CWE-295 - Improper Certificate Validation Discovered by: Andrew Klaus Cybera Canada CVE: Pending == Disclosure Timeline: June 25, 2019: Initi...

CVE-2018-15476

An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. The SSL/TLS server certificate in the device to cloud communication...

WeBid 1.1.2P2 SQL Injection

Advisory ID: HTB23292 Product: WeBid Vendor: WeBid Vulnerable Versions: 1.1.2P2 and probably prior Tested Version: 1.1.2P2 Advisory Publication: January 22, 2016 without technical details Vendor Notification: January 22, 2016 Vendor Patch: February 4, 2016 Public Disclosure: February 17, 2016...

Amazon Linux AMI : openssl (ALAS-2014-427)

A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol SRTP extension data. A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server. CVE-2014-3513 A memory leak flaw was...

Slackware Advisory SSA:2009-014-01 openssl

The remote host is missing an update as announced via advisory SSA:2009-014-01. OpenVAS Vulnerability Test $Id: esoftslkssa200901401.nasl 6598 2017-07-07 09:36:44Z cfischer $ Description: Auto-generated from the corresponding slackware advisory Authors: Thomas Reinke Copyright: Copyright c 2012...

Scientific Linux Security Update : openssl on SL6.x i386/x86_64

A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code. A remote attacker could possibly use this flaw to change the ciphersuite associated with a cached session stored on the server, if the server enabled the SSLOPNETSCAPEREUSECIPHERCHANGEBUG option, possibly forcing the clien...

Authentication flaw

Unspecified vulnerability in Citrix Online Plug-in for Windows 11.0.x before 11.0.150 and 11.x before 11.2, Online Plug-in for Mac before 11.0, Receiver for iPhone before 1.0.3, and ICA Java, Mac, UNIX, and Windows Clients for XenApp and XenDesktop allows remote attackers to impersonate the SSL/T...

CVE-2009-3936

Unspecified vulnerability in Citrix Online Plug-in for Windows 11.0.x before 11.0.150 and 11.x before 11.2, Online Plug-in for Mac before 11.0, Receiver for iPhone before 1.0.3, and ICA Java, Mac, UNIX, and Windows Clients for XenApp and XenDesktop allows remote attackers to impersonate the SSL/T...

Security fix for the ALT Linux 9 package openssl10 version 0.9.8d-alt3

Aug. 7, 2007 Dmitry V. Levin 0.9.8d-alt3 - Fixed side-channel attack on private keys CVE-2007-3108, RH245732, http://cvs.openssl.org/chngview?cn=16275. - Mitigated branch prediction attacks RH250573, http://cvs.openssl.org/chngview?cn=16077. - Changed SSL/TLS server implementation to be stricter...

Security fix for the ALT Linux 9 package openssl1.1 version 0.9.8d-alt3

Aug. 7, 2007 Dmitry V. Levin 0.9.8d-alt3 - Fixed side-channel attack on private keys CVE-2007-3108, RH245732, http://cvs.openssl.org/chngview?cn=16275. - Mitigated branch prediction attacks RH250573, http://cvs.openssl.org/chngview?cn=16077. - Changed SSL/TLS server implementation to be stricter...

Mandrake Linux Security Advisory : openssl (MDKSA-2003:035)

Researchers discovered a timing-based attack on RSA keys that OpenSSL is generally vulnerable to, unless RSA blinding is enabled. Patches from the OpenSSL team have been applied to turn RSA blinding on by default. An extension of the 'Bleichenbacher attack' on RSA with PKS 1 v1.5 padding as used ...