Lucene search
K

44 matches found

Tenable Nessus
Tenable Nessus
added 2014/11/06 12:0 a.m.50 views

SuSE 11.3 Security Update : OpenSSL (SAT Patch Number 9915)

This OpenSSL update fixes the following issues : - Session Ticket Memory Leak. CVE-2014-3567 - Build option no-ssl3 is incomplete. CVE-2014-3568 - Add support for TLSFALLBACKSCSV to mitigate CVE-2014-3566 POODLE %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

7.1CVSS6.3AI score0.99999EPSS
Exploits7References9
Debian
Debian
added 2014/11/01 3:49 p.m.43 views

[SECURITY] [DLA 81-1] openssl security update

Package : openssl Version : 0.9.8o-4squeeze18 CVE ID : CVE-2014-3567 CVE-2014-3568 CVE-2014-3569 Several vulnerabilities have been found in OpenSSL. CVE-2014-3566 "POODLE" A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher...

7.1CVSS6.7AI score0.99999EPSS
Exploits7
Prion
Prion
added 2014/10/19 1:55 a.m.40 views

Design/Logic Flaw

OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23clnt.c and s23srvr.c...

4.3CVSS6.8AI score0.13976EPSS
Exploits0References41Affected Software1
The Hacker News
The Hacker News
added 2014/10/17 10:20 p.m.15 views

Privacy Tools — Tor Browser 4.0 and Tails 1.2 Update Released

Tor - Privacy oriented encrypted anonymizing service, has announced the launch of its next version of Tor Browser Bundle, Tor version 4.0, which disables SSL3 to prevent POODLE attack and uses new transports that are intended to defeat the Great Firewall of China and other extremely restrictive...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/10/17 12:0 a.m.270 views

Oracle Linux 6 / 7 : openssl (ELSA-2014-1652)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1652 advisory. - fix CVE-2014-3567 - memory leak when handling session tickets - fix CVE-2014-3513 - memory leak in srtp support - add support for fallback SCSV t...

7.5CVSS8AI score0.99999EPSS
Exploits106References3
Tenable Nessus
Tenable Nessus
added 2014/10/02 12:0 a.m.39 views

VMware vSphere Replication Multiple OpenSSL Vulnerabilities (VMSA-2014-0006)

The VMware vSphere Replication installed on the remote host is version 5.5.x prior to 5.5.1.1, or else it is version 5.6.x. It is, therefore, affected by the following OpenSSL related vulnerabilities : - An error exists in the function 'ssl3readbytes' that could allow data to be injected into oth...

7.4CVSS7.4AI score0.95326EPSS
Exploits9References5
Prion
Prion
added 2014/08/13 11:55 p.m.33 views

Null pointer dereference

The ssl3sendclientkeyexchange function in s3clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service NULL pointer dereference and client application crash via a crafted handshake message in conjunction with a 1...

4.3CVSS6.9AI score0.16946EPSS
Exploits0References54Affected Software1
Debian CVE
Debian CVE
added 2014/08/13 11:0 p.m.22 views

CVE-2014-3510

The ssl3sendclientkeyexchange function in s3clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service NULL pointer dereference and client application crash via a crafted handshake message in conjunction with a 1...

4.3CVSS6AI score0.16946EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/07/24 12:0 a.m.280 views

HP Smart Update Manager 6.x < 6.4.1 Multiple Vulnerabilities

The version of HP Smart Update manager running on the remote host is prior to 6.4.1. It is, therefore, affected by the following vulnerabilities : - An error exists in the function 'ssl3readbytes' that can allow data to be injected into other sessions or allow denial of service attacks. Note that...

7.4CVSS7.8AI score0.99977EPSS
Exploits13References10
Tenable Nessus
Tenable Nessus
added 2014/07/24 12:0 a.m.114 views

HP OneView < 1.10 OpenSSL Multiple Vulnerabilities (HPSBGN03068)

The version of HP OneView installed on the remote host is 1.0, 1.01, or 1.05. It is, therefore, affected by the following vulnerabilities related to the included OpenSSL libraries : - An error exists in the function 'ssl3readbytes' that could allow data to be injected into other sessions or allow...

7.4CVSS7.4AI score0.95326EPSS
Exploits9References5
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

HP LoadRunner magentproc.exe Overflow

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/06/18 12:0 a.m.90 views

Junos Pulse Secure Access IVE / UAC OS Multiple OpenSSL Vulnerabilities (JSA10629)

According to its self-reported version, the version of IVE / UAC OS running on the remote host is affected by multiple vulnerabilities : - An error exists in the function 'ssl3readbytes' that could allow data to be injected into other sessions or allow denial of service attacks. Note this issue i...

7.4CVSS7.5AI score0.95326EPSS
Exploits9References11
RedHat Linux
RedHat Linux
added 2014/06/10 12:23 p.m.6 views

openssl: freelist misuse causing a possible use-after-free

Race condition in the ssl3readbytes function in s3pkt.c in OpenSSL through 1.0.1g, when SSLMODERELEASEBUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service use-after-free and parsing error via an SSL connection in a multithreaded environment...

4CVSS6.6AI score0.34132EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2014/06/05 12:12 p.m.7 views

openssl: freelist misuse causing a possible use-after-free

Race condition in the ssl3readbytes function in s3pkt.c in OpenSSL through 1.0.1g, when SSLMODERELEASEBUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service use-after-free and parsing error via an SSL connection in a multithreaded environment...

4CVSS6.6AI score0.34132EPSS
Exploits0References5
OSV
OSV
added 2014/05/02 12:0 a.m.4 views

UBUNTU-CVE-2014-0198

The dossl3write function in s3pkt.c in OpenSSL 1.x through 1.0.1g, when SSLMODERELEASEBUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via vectors...

4.3CVSS7.3AI score0.43828EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2013/10/07 12:0 a.m.48 views

HP LoadRunner magentproc.exe Overflow

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'HP LoadRunner magentproc.exe Overflow...

9.3CVSS0.6AI score0.39303EPSS
Exploits4
NVD
NVD
added 2010/08/17 8:0 p.m.12 views

CVE-2010-2939

Double free vulnerability in the ssl3getkeyexchange function in the OpenSSL client ssl/s3clnt.c in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted...

4.3CVSS7.8AI score0.09977EPSS
Exploits0References22
NVD
NVD
added 2010/03/26 6:30 p.m.18 views

CVE-2010-0740

The ssl3getrecord function in ssl/s3pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service crash via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained...

5CVSS7.3AI score0.2035EPSS
Exploits5References24
Oracle linux
Oracle linux
added 2010/03/25 12:0 a.m.79 views

gnutls security update

1.0.20-4.0.1.el48.7 - Bump release to resolve ULN up2date issue 1.0.20-4.7 - fix crash in the gnutls-cli tool needed for testing 1.0.20-4.5 - fix safe renegotiation in SSL3 protocol 1.0.20-4.4 - implement safe renegotiation - CVE-2009-3555 533125...

7.5CVSS2.6AI score0.87264EPSS
Exploits15
Oracle linux
Oracle linux
added 2010/03/25 12:0 a.m.60 views

gnutls security update

1.4.1-3.8 - fix safe renegotiation on SSL3 protocol 1.4.1-3.7 - implement safe renegotiation - CVE-2009-3555 533125 - do not allow MD2 in certificate signatures by default - CVE-2009-2409 510197...

5.8CVSS3.9AI score0.87264EPSS
Exploits14
Rows per page
Query Builder