EUVD-2015-1915

Malware in sbrugna...

Security Bulletin: Vulnerabilities in OpenSSL, including Logjam, affect IBM Flex System FC3171 8Gb SAN Switch and SAN Pass-thru firmware, QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module and QLogic Virtual Fabric Extension Module

Summary OpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol CVE-2015-4000. OpenSSL is used by IBM Flex System FC43171 8Gb SAN Switchand SAN Pass-thru firmware, QLogic 8Gb...

Debian: Security Advisory (DLA-247-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

K16913: OpenSSL vulnerability CVE-2015-1789

Security Advisory Description The X509cmptime function in crypto/x509/x509vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted length field in...

SUSE CVE-2015-1789

The X509cmptime function in crypto/x509/x509vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted length field in ASN1TIME data, as demonstrated...

Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect IBM GPFS V3.5 for Windows (CVE-2015-4000, CVE-2015-1793, CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792)

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project and affect IBM GPFS V3.5 . This includes the Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol CVE-2015-4000. This also includes the alternate chains certificate forgery vulnerability...

Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect Informix Genero (CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792 & CVE-2015-4000)

Summary OpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol CVE-2015-4000. OpenSSL is used by Informix Genero. Informix Genero has addressed the applicable CVEs...

Huawei EulerOS: Security Advisory for openssl098e (EulerOS-SA-2020-1774)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.6.0 : openssl098e (EulerOS-SA-2020-1774)

According to the versions of the openssl098e package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A NULL pointer dereference was found in the way OpenSSL handled certain PKCS7 inputs. An attacker able to make an application...

EulerOS 2.0 SP2 : openssl098e (EulerOS-SA-2019-1861)

According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker...

openssl security update

1.0.1e-58.0.1 - Oracle bug 28730228: backport CVE-2018-0732 - Oracle bug 28758493: backport CVE-2018-0737 - Merge upstream patch to fix CVE-2018-0739 - Avoid out-of-bounds read. Fixes CVE 2017-3735. By Rich Salz - sha256 is used for the RSA pairwise consistency test instead of sha1 1.0.1e-58 - fi...

openSUSE Security Update : openssl-1_1 (openSUSE-2019-751)

This update for openssl-11 to 1.1.0i fixes the following issues : These security issues were fixed : - CVE-2018-0732: During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Flex System Networking Switches (CVE-2015-1788, CVE-2015-1789, CVE-2015-1792)

Summary The following OpenSSL vulnerabilities are addressed by the IBM Flex System Networking Switches listed below. Vulnerability Details Summary The following OpenSSL vulnerabilities are addressed by the IBM Flex System Networking Switches listed below. Vulnerability Details: CVE-ID:...

Denial Of Service (DoS)

OpenSSL is vulnerable to denial of service DoS attacks. These attacks can be triggered through the length field in ASN1TIME data via X509cmptime function in crypto/x509/x509vfy.c, causing an out-of-bounds read and an application crash...

Security Bulletin: Vulnerabilities in OpenSSL including Logjam affect IBM® SDK for Node.js™ in IBM Bluemix

Summary OpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. This includes the Logjam Attack on TLS connections using the Diffie-Hellman DH key exchange protocol CVE-2015-4000 which affects IBM SDK for Node.js in IBM Bluemix. Vulnerability Details CVEID: CVE-2015-4000...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Security Access Manager for Web

Summary OpenSSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. OpenSSL is used by IBM Security Access Manager for Web. IBM Security Access Manager for Web has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2014-8176 DESCRIPTION: OpenSSL could allow a remo...

Security Bulletin: Vulnerabilities in SSL affect IBM DataPower Gateways (CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792)

Summary SSL vulnerabilities were disclosed on June 11, 2015 by the OpenSSL Project. IBM DataPower Gateways has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2015-1788 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when processing an ECParameters...

HP System Management Homepage < 7.5.4 Multiple Vulnerabilities (Logjam)

According to the web server's banner, the version of HP System Management Homepage SMH hosted on the remote web server is a version prior to 7.5.4. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists when processing an ECParameters structure du...

Oracle Linux 6 / 7 : openssl (ELSA-2015-2617)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-2617 advisory. - fix CVE-2015-3194 - certificate verify crash with missing PSS parameter - fix CVE-2015-3195 - X509ATTRIBUTE memory leak - fix CVE-2015-3196 - rac...

OpenSSL Multiple Vulnerabilities (20150611 - 2) - Windows

OpenSSL is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl"; ifdescription...