Download
| Alert*
oval:org.secpod.oval:def:700231
Neel Mehta discovered that incorrectly formatted ClientHello handshake messages could cause OpenSSL to parse past the end of the message. This could allow a remote attacker to cause a crash and denial of service by triggering invalid memory accesses. oval:org.secpod.oval:def:550 The host is installed with OpenSSL and is prone to OCSP stapling vulnerability. A flaw is present in the application, which fails to correctly parse malformed ClientHello handshake messages. Successful exploitation could allow remote attackers to obtain contents of parsed OCSP (Online Certificate St ... oval:org.secpod.oval:def:102623 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. This package contains Windows libraries and development tools. oval:org.secpod.oval:def:2878 The host is installed with Apple Mac OS X 10.6 through 10.6.7 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle an out-of-bounds memory access. Successful exploitation could allow attackers to obtain sensitive information. oval:org.secpod.oval:def:102634 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. This package contains Windows libraries and development tools. oval:org.secpod.oval:def:600187 Neel Mehta discovered that an incorrectly formatted ClientHello handshake message could cause OpenSSL to parse past the end of the message. This allows an attacker to crash an application using OpenSSL by triggering an invalid memory access. Additionally, some applications may be vulnerable to expos ... oval:org.secpod.oval:def:103222 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. This package contains Windows libraries and development tools. oval:org.secpod.oval:def:103113 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:103153 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:500175 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A buffer over-read flaw was discovered in the way OpenSSL parsed the Certificate Status Request TLS extensions in ClientHello TLS ... oval:org.secpod.oval:def:1504463 [1.0.0-10] - fix OCSP stapling vulnerability - CVE-2011-0014 - correct the README.FIPS document [1.0.0-8] - add -x931 parameter to openssl genrsa command to use the ANSI X9.31 key generation method - use FIPS-186-3 method for DSA parameter generation - add OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW enviro ... oval:org.secpod.oval:def:21272 The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base oval:org.secpod.oval:def:101303 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:301072 A vulnerability has been found and corrected in openssl: Incorrectly formatted ClientHello handshake message could cause OpenSSL to parse past the end of the message. This allows an attacker to crash an application using OpenSSL by triggering an invalid memory access. Additionally, some applications ... oval:org.secpod.oval:def:2880 The host is missing an update according to Apple advisory APPLE-SA-2011-06-23-1. The update is required to fix multiple vulnerabilities. The flaws are present in the applications, which fail to handle malicious input. Successful exploitation could allow attackers to execute arbitrary code, gain sens ... |