Security Bulletin: The IBM FlashSystem 840 & IBM FlashSystem V840 products are affected by vulnerabilities in OpenSSL (CVE-2014-0160 and CVE-2014-0076)

Summary Security vulnerabilities have been discovered in OpenSSL. Vulnerability Details CVE-ID:CVE-2014-0160 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information caused by an error in the TLS/DTLS heartbeat functionality. An attacker could exploit this vulnerability ...

Security Bulletin: IBM Systems Director is affected by vulnerabilities in OpenSSL (CVE-2014-0160 and CVE-2014-0076)

Summary Security vulnerabilities have been discovered in OpenSSL Vulnerability Details Abstract IBM Systems Director is affected by vulnerabilities in OpenSSL CVE-2014-0160 and CVE-2014-0076. Content Vulnerability Details: CVE-ID: CVE-2014-0160 Description: OpenSSL could allow a remote attacker t...

CVE-2018-0488

ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service heap corruption via a crafted application packet within a TLS or DTLS session...

OpenSSL TLS Heartbeat information disclosure - Ver2 (CVE-2014-0160)

An information disclosure vulnerability has been reported inOpenSSL. The vulnerability is due to an error when handling TLS/DTLS heartbeat packets. Successful exploitation of this vulnerability could allow a remote attacker to disclose memory contents of a connected client or server...

McAfee Firewall Enterprise OpenSSL Information Disclosure (SB10071) (Heartbleed)

The remote host has a version of McAfee Firewall Enterprise installed that is affected by an out-of-bounds read error, known as Heartbleed, in the TLS/DTLS implementation due to improper handling of TLS heartbeat extension packets. A remote attacker, using crafted packets, can trigger a buffer...

RUCKUS ADVISORY ID 041414: OpenSSL 1.0.1 library's "Heart bleed" vulnerability - CVE-2014-0160

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 RUCKUS ADVISORY ID 041414 Customer release date: April 14, 2014 Public release date: April 14, 2014 TITLE OpenSSL 1.0.1 library's "Heart bleed" vulnerability - CVE-2014-0160 SUMMARY OpenSSL library is used in Ruckus products to implement various...

Splunk 6.x < 6.0.3 Multiple OpenSSL Vulnerabilities (Heartbleed)

According to its version number, the Splunk Web hosted on the remote web server is 6.x prior to 6.0.3. It is, therefore, affected by multiple OpenSSL-related vulnerabilities : - A flaw exists with the OpenSSL version being used by Splunk with the 'ssl3takemac' in 'ssl/s3both.c'. This allows a...

F-Secure E-mail/Server Security OpenSSL TLS/DTLS心跳信息泄漏漏洞

CVE ID:CVE-2014-0160 F-Secure E-mail/Server Security/F-Secure Server Security产品存在安全漏洞。 F-Secure E-mail/Server Security/F-Secure Server Security所绑定的OpenSSL存在安全漏洞，OpenSSL处理TLS”心跳“扩展存在一个边界错误，允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥，用户名密码等。 0 F-Secure E-mail and Server Security 10.x F-Secure E-mail...

HeartBleed Bug Explained - 10 Most Frequently Asked Questions

Heartbleed – I think now it’s not a new name for you, as every informational website, Media and Security researchers are talking about probably the biggest Internet vulnerability in recent history. It is a critical bug in the OpenSSL's implementation of the TLS/DTLS heartbeat extension that allow...

[SECURITY] [DSA 2896-2] openssl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2896-2 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso April 08, 2014 http://www.debian.org/security/faq -...

Debian DSA-2896-1 : openssl - security update

A vulnerability has been discovered in OpenSSL's support for the TLS/DTLS Heartbeat extension. Up to 64KB of memory from either client or server can be recovered by an attacker. This vulnerability might allow an attacker to compromise the private key and other sensitive data in memory. All users...

Debian: Security Advisory (DSA-2896-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...