EulerOS 2.0 SP3 : openssl098e (EulerOS-SA-2022-2717)

According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The dtls1getmessagefragment function in d1both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote...

SUSE: Security Advisory (SUSE-SU-2014:1386-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : openssl098e (EulerOS-SA-2020-2076)

According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The PKCS7dataDecodefunction in crypto/pkcs7/pk7doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before...

openSUSE: Security Advisory for libressl (openSUSE-SU-2018:2592-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : libressl (openSUSE-2018-950)

This update for libressl to version 2.8.0 fixes the following issues : Security issues fixed : - CVE-2018-12434: Avoid a timing side-channel leak when generating DSA and ECDSA signatures. boo1097779 - Reject excessively large primes in DH key generation. Other bugs fixed : - Fixed a pair of 20+...

OpenSSL handshake renegotiation process in the presence of the vulnerability can lead to denial of service-vulnerability warning-the black bar safety net

One, Foreword OpenSSL is a very popular General-purpose encryption library, available as a Web authentication service to provide SSL/TLS Protocol Implementation. Recently, there has been found in OpenSSL in the presence of several vulnerabilities. We've written several articles on the analysis of...

Denial Of Service (DoS) Through Null Pointer Dereference

OpenSSL is vulnerable to denial of service DoS attacks. These attacks can be triggered in the ssl3sendclientkeyexchange function when an anonymous ECDH ciphersuite, caused a NULL certificate value...

CVE-2016-6305

The ssl3readbytes function in record/reclayers3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service infinite loop by triggering a zero-length record in an SSLpeek call...

PT-2016-3312 · Openssl +4 · Openssl +4

Name of the Vulnerable Software and Affected Versions: OpenSSL version 1.1.0 before 1.1.0a OpenSSL versions 1.1.0 through 1.1.0 excluding 1.1.0a and later Description: The issue is related to the ssl3 read bytes function in record/rec layer s3.c in OpenSSL. It allows remote attackers to cause a...

Radancy: RC4 cipher suites detected

RC4 cipher suites SSL3 on port 443: SSL3CKRSARC4128MD5 - High strength SSL3CKRSARC4128SHA - High strength Host: qics.maximum.com...

CVE-2015-1791

Race condition in the ssl3getnewsessionticket function in ssl/s3clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service double free and application crash or...

CVE-2015-1791

Race condition in the ssl3getnewsessionticket function in ssl/s3clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service double free and application crash or...

SUSE SLED12 / SLES12 Security Update : compat-openssl098 (SUSE-SU-2014:1512-1) (POODLE)

compat-openssl098 was updated to fix three security issues. NOTE: this update alone DOESN'T FIX the POODLE SSL protocol vulnerability. OpenSSL only adds downgrade detection support for client applications. See https://www.suse.com/support/kb/doc.php?id=7015773 for mitigations. These security issu...

SUSE SLED12 / SLES12 Security Update : openssl (SUSE-SU-2014:1524-1) (POODLE)

openssl was updated to fix four security issues. These security issues were fixed : - SRTP Memory Leak CVE-2014-3513. - Session Ticket Memory Leak CVE-2014-3567. - Fixed incomplete no-ssl3 build option CVE-2014-3568. - Add support for TLSFALLBACKSCSV CVE-2014-3566. NOTE: This update alone DOESN'T...

OpenSSL 'multi-block' Feature Denial of Service Vulnerability

OpenSSL is an open source implementation of SSL used to enable strong encryption of network communications and is now widely used in a variety of web applications. A denial of service vulnerability exists in OpenSSL version 1.0.2 on 64-bit x86 platforms that support AES NI. The vulnerability is...

Code injection

The ssl3clienthello function in s3clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and then conducting a brute-force...

PT-2015-1686 · Openssl +1 · Openssl +3

Name of the Vulnerable Software and Affected Versions: OpenSSL versions 1.0.2 through 1.0.2a Description: The issue is related to the multi-block feature in the ssl3 write bytes function, which does not properly handle certain non-blocking I/O cases. This can allow remote attackers to cause a...

CVE-2015-0204

The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORTRSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to...

Code injection

The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORTRSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to...

OracleVM 3.2 : openssl (OVMSA-2014-0039) (POODLE)

The remote OracleVM system is missing necessary patches to address critical security updates : - add support for fallback SCSV to partially mitigate CVE-2014-3566 padding attack on SSL3 - fix CVE-2014-0221 - recursion in DTLS code leading to DoS - fix CVE-2014-3505 - doublefree in DTLS packet...