Download
| Alert*
|
oval:org.secpod.oval:def:38970
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:602756 Several vulnerabilities were discovered in OpenSSL: CVE-2016-7056 A local timing attack was discovered against ECDSA P-256. CVE-2016-8610 It was discovered that no limit was imposed on alert packets during an SSL handshake. CVE-2017-3731 Robert Swiecki discovered that the RC4-MD5 cipher when running ... oval:org.secpod.oval:def:47517 The host is installed with OpenSSL 1.0.1 through 1.0.1u is prone to a timing attack vulnerability. A flaw is present in the modular inversion code path of P-256 elliptic curve. Successful exploitation allows a malicious user with local access to recover ECDSA P-256 private keys. oval:org.secpod.oval:def:39649 The host is installed with Apple Mac OS X or Server 10.12.3 or 10.11.6 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly perform constant time computation. Successful exploitation could allow attackers to leak sensitive user inform ... oval:org.secpod.oval:def:52183 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:89044635 This update for openssl fixes the following issues contained in the OpenSSL Security Advisory [26 Jan 2017] Security issues fixed: - CVE-2016-7056: A local ECSDA P-256 timing attack that might have allowed key recovery was fixed - CVE-2016-8610: A remote denial of service in SSL alert handling was ... oval:org.secpod.oval:def:39718 The host is missing a security update according to Apple advisory, APPLE-SA-2017-03-27-3. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary ... |
