Download
| Alert*
oval:org.secpod.oval:def:1600361
An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restr ... oval:org.secpod.oval:def:1600362 A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to imp ... oval:org.secpod.oval:def:602334 Karthikeyan Bhargavan and Gaetan Leurent at INRIA discovered a flaw in the TLS 1.2 protocol which could allow the MD5 hash function to be used for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker could exploit this flaw to conduct colli ... oval:org.secpod.oval:def:52671 firefox: Mozilla Open Source web browser Firefox could be made to expose sensitive information over the network. oval:org.secpod.oval:def:400624 java-1_8_0-openjdk was updated to version 7u95 to fix several security issues. The following vulnerabilities were fixed: - CVE-2015-7575: Further reduce use of MD5 - CVE-2015-8126: Vulnerability in the AWT component related to splashscreen displays - CVE-2015-8472: Vulnerability in the AWT compon ... oval:org.secpod.oval:def:1501292 A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to imp ... oval:org.secpod.oval:def:1501297 A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to imp ... oval:org.secpod.oval:def:2102799 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. oval:org.secpod.oval:def:52666 nss: Network Security Service library NSS could be made to expose sensitive information over the network. oval:org.secpod.oval:def:52669 gnutls28: GNU TLS library - gnutls26: GNU TLS library GnuTLS could be made to expose sensitive information over the network. oval:org.secpod.oval:def:203803 The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security . A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attack ... oval:org.secpod.oval:def:203802 The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security . A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attack ... oval:org.secpod.oval:def:602330 Karthikeyan Bhargavan and Gaetan Leurent at INRIA discovered a flaw in the TLS 1.2 protocol which could allow the MD5 hash function to be used for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker could exploit this flaw to conduct colli ... oval:org.secpod.oval:def:203807 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS han ... oval:org.secpod.oval:def:1600396 A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to imp ... oval:org.secpod.oval:def:1600392 An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restr ... oval:org.secpod.oval:def:505456 IBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to versions 7 SR9-FP40 and 7R1 SR3-FP40. Security Fix: * This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Softw ... oval:org.secpod.oval:def:33776 The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base oval:org.secpod.oval:def:32566 The host is missing an important security update according to Mozilla advisory, MFSA2015-150. The update is required to fix a server spoofing vulnerability. A flaw is present in the applications, which fail to handle MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffi ... oval:org.secpod.oval:def:203798 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packet ... oval:org.secpod.oval:def:89045137 This update for java-1_7_1-ibm fixes the following issues by updating to 7.1-3.30 : - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using t ... oval:org.secpod.oval:def:32567 The host is installed with Mozilla Firefox before 43.0.2, Mozilla Thunderbird 38.x before 38.6 or Firefox ESR 38.x before 38.5.2 and is prone to a server spoofing vulnerability. A flaw is present in the applications, which fail to handle MD5 signatures in Server Key Exchange messages in TLS 1.2 Hand ... oval:org.secpod.oval:def:89045297 This update contains mozilla-nss 3.19.2.2 and fixes the following security issue: - CVE-2015-7575: MD5 signatures accepted within TLS 1.2 ServerKeyExchange in server signature oval:org.secpod.oval:def:400791 This update for java-1_8_0-ibm fixes the following security issues by updating to 8.0-2.10 : - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack whe ... oval:org.secpod.oval:def:1501300 A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to imp ... oval:org.secpod.oval:def:602360 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, information disclosur, denial of service and insecure cryptography. oval:org.secpod.oval:def:1501306 A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to imp ... oval:org.secpod.oval:def:400752 This update for java-1_7_1-ibm fixes the following issues by updating to 7.1-3.30 : - CVE-2015-5041: Could could have invoked non-public interface methods under certain circumstances - CVE-2015-7575: The TLS protocol could allow weaker than expected security caused by a collision attack when using t ... oval:org.secpod.oval:def:1501309 A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to imp ... oval:org.secpod.oval:def:703011 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:203819 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to cra ... oval:org.secpod.oval:def:505421 IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Secur ... oval:org.secpod.oval:def:505586 IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM ... oval:org.secpod.oval:def:501743 The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security . A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attack ... oval:org.secpod.oval:def:52688 openjdk-7: Open Source Java implementation Several security issues were fixed in OpenJDK 7. oval:org.secpod.oval:def:203820 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to cra ... oval:org.secpod.oval:def:501744 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packet ... oval:org.secpod.oval:def:1501312 Multiple flaws were discovered in the Networking and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. oval:org.secpod.oval:def:501746 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS han ... oval:org.secpod.oval:def:1501310 A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to imp ... oval:org.secpod.oval:def:52727 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:400762 java-1_7_0-openjdk was updated to version 7u95 to fix 9 security issues. - CVE-2015-4871: Rebinding of the receiver of a DirectMethodHandle may allow a protected method to be accessed - CVE-2015-7575: Further reduce use of MD5 - CVE-2015-8126: Vulnerability in the AWT component related to splashs ... oval:org.secpod.oval:def:702921 firefox: Mozilla Open Source web browser Firefox could be made to expose sensitive information over the network. oval:org.secpod.oval:def:203809 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packet ... oval:org.secpod.oval:def:602349 Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in breakouts of the Java sandbox, information disclosur, denial of service and insecure cryptography. oval:org.secpod.oval:def:602347 Multiple security issues have been found in Iceweasel, Debian"s version of the Mozilla Firefox web browser: Multiple memory safety errors and a buffer overflow may lead to the execution of arbitrary code. In addition the bundled NSS crypto library addresses the SLOTH attack on TLS 1.2. oval:org.secpod.oval:def:602389 Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail client: Multiple memory safety errors, integer overflows, buffer overflows and other implementation errors may lead to the execution of arbitrary code or denial of service. oval:org.secpod.oval:def:34892 The host is missing a patch containing a security fixes, which affects the following package(s): Java oval:org.secpod.oval:def:505595 IBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Secur ... oval:org.secpod.oval:def:501750 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to cra ... oval:org.secpod.oval:def:702917 openssl: Secure Socket Layer cryptographic library and tools OpenSSL could be made to expose sensitive information over the network. oval:org.secpod.oval:def:501752 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to cra ... oval:org.secpod.oval:def:702915 nss: Network Security Service library NSS could be made to expose sensitive information over the network. oval:org.secpod.oval:def:501751 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to cra ... oval:org.secpod.oval:def:501753 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to cra ... oval:org.secpod.oval:def:1501320 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to cra ... oval:org.secpod.oval:def:702919 gnutls28: GNU TLS library - gnutls26: GNU TLS library GnuTLS could be made to expose sensitive information over the network. oval:org.secpod.oval:def:1501323 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to cra ... oval:org.secpod.oval:def:203813 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS han ... oval:org.secpod.oval:def:1501321 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to cra ... oval:org.secpod.oval:def:1501322 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to cra ... oval:org.secpod.oval:def:203818 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to cra ... oval:org.secpod.oval:def:203817 The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to cra ... oval:org.secpod.oval:def:702956 openjdk-7: Open Source Java implementation Several security issues were fixed in OpenJDK 7. oval:org.secpod.oval:def:60354 The remote host is missing a patch containing a security fix, which affects sendmail, imap, pop3d, ftp/ftpd, and ndpd-host/ndpd-router. For more information please visit vendor advisory link. oval:org.secpod.oval:def:203816 The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to cra ... oval:org.secpod.oval:def:602639 Several vulnerabilities were discovered in NSS, the cryptography library developed by the Mozilla project. CVE-2015-4000 David Adrian et al. reported that it may be feasible to attack Diffie-Hellman-based cipher suites in certain circumstances, compromising the confidentiality and integrity of data ... oval:org.secpod.oval:def:1600367 A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicl ... oval:org.secpod.oval:def:602398 Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit. CVE-2016-0702 Yuval Yarom from the University of Adelaide and NICTA, Daniel Genkin from Technion and Tel Aviv University, and Nadia Heninger from the University of Pennsylvania discovered a side-channel attack which m ... oval:org.secpod.oval:def:32565 The host is installed with Mozilla Firefox before 43.0.2 or Firefox ESR 38.x before 38.5.2, Mozilla Thunderbird 38.x before 38.6, Oracle Java SE through 6u105, through 7u91 or through 8u66 and is prone to a server spoofing vulnerability. A flaw is present in the applications, which fail to handle MD ... oval:org.secpod.oval:def:32564 The host is missing an important security update according to Mozilla advisory, MFSA2015-150. The update is required to fix a server spoofing vulnerability. A flaw is present in the applications, which fail to handle MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffi ... |