Rockwell Automation Stratix SSL_MODE_RELEASE_BUFFERS Session Injection or Denial of Service (CVE-2010-5298)

Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code, create a denial of service DoS condition, or perform a man-in-the-middle attack. This plugin only works with...

Rockwell Automation Stratix SSL_MODE_RELEASE_BUFFERS NULL Pointer Dereference (CVE-2014-0198)

Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to execute arbitrary code, create a denial of service DoS condition, or perform a man-in-the-middle attack. This plugin only works with...

K15329: SSL_MODE_RELEASE_BUFFERS vulnerability CVE-2014-0198

Security Advisory Description The dossl3write function in s3pkt.c in OpenSSL 1.x through 1.0.1g, when SSLMODERELEASEBUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service NULL pointer dereference and...

Security Bulletin: IBM Security Access Manager for Mobile and IBM Security Access Manager for Web appliances are affected by the following OpenSSL vulnerabilities: CVE-2014-0224, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470 and possibly CVE-2014-0076

Summary Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project. Vulnerability Details CVE-ID: CVE-2014-0224 DESCRIPTION: OpenSSL is vulnerable to a man-in-the-middle attack, caused by the use of weak keying material in SSL/TLS clients an...

Denial Of Service (DoS) Through Null Pointer Dereference

OpenSSL is vulnerable to denial of service DoS attacks. These attacks are possible when SSLMODERELEASEBUFFERS is enabled because OpenSSL does not correctly manage a buffer point during recursive calls...

Juniper Networks Junos OS OpenSSL Denial of Service Vulnerability

Junos OS is prone to a SSLMODERELEASEBUFFERS NULL pointer dereference vulnerability in OpenSSL. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

F5 Networks BIG-IP : OpenSSL vulnerability (K15328)

Race condition in the ssl3readbytes function in s3pkt.c in OpenSSL through 1.0.1g, when SSLMODERELEASEBUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service use-after-free and parsing error via an SSL connection in a multithreaded environment...

VMware OVF Tool 3.x < 3.5.2 Multiple OpenSSL Vulnerabilities (VMSA-2014-0006)

The remote host contains VMware OVF Open Virtualization Format Tool version 3.x prior to 3.5.2. It is, therefore, affected by multiple vulnerabilities in the bundled version of OpenSSL : - An error exists in the 'ssl3readbytes' function that permits data to be injected into other sessions or allo...

VMware OVF Tool 3.x < 3.5.2 Multiple OpenSSL Vulnerabilities (VMSA-2014-0006) (Mac OS X)

The version of VMware OVF Open Virtualization Format Tool installed on the remote Mac OS X host is version 3.x prior to 3.5.2. It is, therefore, affected by multiple vulnerabilities in the bundled version of OpenSSL : - An error exists in the 'ssl3readbytes' function that permits data to be...

OpenSSL 'ChangeCipherSpec' MiTM Vulnerability

The OpenSSL service on the remote host is vulnerable to a man-in-the-middle MiTM attack, based on its acceptance of a specially crafted handshake. This flaw could allow a MiTM attacker to decrypt or forge SSL messages by telling the service to begin encrypted communications before key material ha...

HP Systems Insight Manager 7.2.x < 7.2 Hotfix 37 / 7.3.x < 7.3 Hotfix 34 OpenSSL Multiple Vulnerabilities

The version of HP Systems Insight Manager installed on the remote Windows host is affected by the following vulnerabilities in the included OpenSSL library : - An error exists in the function 'ssl3readbytes' that could allow data to be injected into other sessions or allow denial of service...

Cerberus FTP Server 6.x < 6.0.10.0 / 7.x < 7.0.0.3 Multiple OpenSSL Vulnerabilities

The version of Cerberus FTP Server on the remote host is version 6.x prior to 6.0.10.0 or version 7.x prior to 7.0.0.3. It is, therefore, affected by the following OpenSSL vulnerabilities : - An error exists in the 'ssl3readbytes' function that permits data to be injected into other sessions or...

VMware Horizon View Multiple Vulnerabilities (VMSA-2014-0006)

The version of VMware Horizon View installed on the remote Windows host is version 5.3.x prior to 5.3.2 or 5.3.x prior to 5.3 Feature Pack 3. It is, therefore, affected by multiple vulnerabilities in the bundled OpenSSL library : - An error exists in the function 'ssl3readbytes' that could allow...

LibreOffice 4.2.x < 4.2.3 OpenSSL Multiple Vulnerabilities (Mac OS X) (Heartbleed)

A version of LibreOffice 4.2.x prior to 4.2.3 is installed on the remote Mac OS X host. This version of LibreOffice is bundled with a version of OpenSSL affected by multiple vulnerabilities : - An error exists in the function 'ssl3readbytes' that could allow data to be injected into other session...

VMware Fusion < 5.0.5 / 6.0.4 OpenSSL Library Multiple Vulnerabilities

The version of VMware Fusion installed on the remote Mac OS X is version 5.x prior to 5.0.5 or 6.x prior to 6.0.4. It is, therefore, affected by the following vulnerabilities in the OpenSSL library : - An error exists in the function 'ssl3readbytes' that could allow data to be injected into other...

VMware Player < 5.0.4 / 6.0.3 OpenSSL Library Multiple Vulnerabilities (Linux)

The version of VMware Player installed on the remote host is version 5.x prior to 5.0.4 or 6.x prior to 6.0.3. It is, therefore, affected by the following vulnerabilities in the OpenSSL library : - An error exists in the function 'ssl3readbytes' that could allow data to be injected into other...

VMware Workstation < 9.0.4 / 10.0.3 OpenSSL Library Multiple Vulnerabilities (Linux)

The version of VMware Workstation installed on the remote host is version 9.x prior to 9.0.4 or 10.x prior to 10.0.3. It is, therefore, affected by the following vulnerabilities in the OpenSSL library : - An error exists in the function 'ssl3readbytes' that could allow data to be injected into...

VMware Workstation < 9.0.4 / 10.0.3 OpenSSL Library Multiple Vulnerabilities (Windows)

The version of VMware Workstation installed on the remote host is version 9.x prior to 9.0.4 or 10.x prior to 10.0.3. It is, therefore, affected by the following vulnerabilities in the OpenSSL library : - An error exists in the function 'ssl3readbytes' that could allow data to be injected into...

ESXi 5.0 < Build 1918656 OpenSSL Library Multiple Vulnerabilities (remote check)

The remote VMware ESXi host is version 5.0 prior to build 1918656. It is, therefore, affected by the following vulnerabilities in the OpenSSL library : - An error exists in the function 'ssl3readbytes' that could allow data to be injected into other sessions or allow denial of service attacks. No...

VMware vCenter Update Manager Multiple Vulnerabilities (VMSA-2014-0006)

The version of VMware vCenter Update Manager installed on the remote Windows host is 5.5 prior to Update 1b. It is, therefore, affected by the following vulnerabilities related to the bundled version of OpenSSL : - An error exists in the function 'ssl3readbytes' that could allow data to be inject...