[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:500754
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security protocol implementation in OpenSSL leaked timing information when pe ...

oval:org.secpod.oval:def:202280
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security protocol implementation in OpenSSL leaked timing information when pe ...

oval:org.secpod.oval:def:202303
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the way OpenSSL parsed Secure/Multipurpose Internet Mail Extensions messages. An att ...

oval:org.secpod.oval:def:202305
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the way OpenSSL parsed Secure/Multipurpose Internet Mail Extensions messages. An att ...

oval:org.secpod.oval:def:500773
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the way OpenSSL parsed Secure/Multipurpose Internet Mail Extensions messages. An att ...

oval:org.secpod.oval:def:202325
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 data from BIO input ...

oval:org.secpod.oval:def:21278
The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base

oval:org.secpod.oval:def:202321
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 data from BIO input ...

oval:org.secpod.oval:def:500789
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 data from BIO input ...

oval:org.secpod.oval:def:20885
The host is installed with OpenSSL before 0.9.8zb, 1.0.0 before 1.0.0n or 1.0.1 before 1.0.1i and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle crafted DTLS packets that trigger an error condition. Successful exploitation allows rem ...

oval:org.secpod.oval:def:19930
The host is installed with OpenSSL 1.0.0 before 1.0.0m or 1.0.1 before 1.0.1h and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle an SSL connection in a multithreaded environment. Successful exploitation allows remote attackers to i ...

oval:org.secpod.oval:def:20038
The host is installed with OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i or 1.0.1 before 1.0.1a and is prone to buffer overflow vulnerability. A flaw is present in asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL, which does not properly interpret integer data. Successful exploitation al ...

oval:org.secpod.oval:def:20039
The host is installed with OpenSSL before 0.9.8s or 1.x before 1.0.0f and is prone to denial of service vulnerability. A flaw is present in the Server Gated Cryptography (SGC) implementation, which does not properly handle handshake restarts. Successful exploitation allows remote attackers to cause ...

oval:org.secpod.oval:def:20045
The host is installed with OpenSSL 0.9.8 through 0.9.8r or 1.0.x before 1.0.0e and is prone to denial of service vulnerability. A flaw is present in ephemeral ECDH ciphersuite functionality, which does not ensure thread safety during processing of handshake messages from clients. Successful exploita ...

oval:org.secpod.oval:def:20043
The host is installed with OpenSSL before 0.9.8s or 1.x before 1.0.0f and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle an X.509 certificate containing certificate-extension data associated with (1) IP address blocks or (2) Autonomo ...

oval:org.secpod.oval:def:20044
The host is installed with OpenSSL before 0.9.8s or 1.x before 1.0.0f and is prone to information disclosure vulnerability. A flaw is present in SSL 3.0 implementation in OpenSSL, which does not properly initialize data structures for block cipher padding. Successful exploitation might allow remote ...

oval:org.secpod.oval:def:20042
The host is installed with OpenSSL before 0.9.8u or 1.x before 1.0.0h and is prone to a denial of service vulnerability. A flaw is present in the mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL, which does not properly handle a crafted S/MIME message. Successful exploitation allows remo ...

oval:org.secpod.oval:def:20040
The host is installed with OpenSSL before 0.9.8u or 1.x before 1.0.0h and is prone to a security bypass vulnerability. A flaw is present in the Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL, which does not properly handle Million Message Attack (MMA) adaptive chosen ciphertext attack. Su ...

oval:org.secpod.oval:def:20025
The host is installed with OpenSSL before 0.9.8j and is prone to security bypass vulnerability. A flaw is present in the application, which does not prevent modification of the ciphersuite in the session cache. Successful exploitation could allow remote attackers to force the use of a disabled ciphe ...

oval:org.secpod.oval:def:1225
The host is installed with OpenSSL and is prone to lattice calculation and timing attack vulnerability. A flaw is present in elliptic curve cryptography (ECC) subsystem, which fails to properly implement curves over binary fields. Successful exploitation allow context-dependent attackers to determin ...

oval:org.secpod.oval:def:20034
The host is installed with OpenSSL before 0.9.8s or 1.x before 1.0.0f and is prone to denial of service vulnerability. A flaw is present in DTLS implementation in OpenSSL, which performs a MAC check only if certain padding is valid. Successful exploitation makes it easier for remote attackers to rec ...

oval:org.secpod.oval:def:20017
The host is installed with OpenSSL before 0.9.8s or 1.x before 1.0.0f and is prone to denial of service vulnerability. A flaw is present in GOST ENGINE in OpenSSL, which does not properly handle invalid parameters for the GOST block cipher. Successful exploitation allows remote attackers to cause a ...

oval:org.secpod.oval:def:20028
The host is installed with OpenSSL before 0.9.8k and is prone to unspecified vulnerability. A flaw is present in the application, which does not properly handle a malformed ASN.1 structure. Successful exploitation could allow remote attackers to cause a denial of service (invalid memory access and a ...

oval:org.secpod.oval:def:500752
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security protocol implementation in OpenSSL leaked timing information when pe ...

oval:org.secpod.oval:def:202264
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security protocol implementation in OpenSSL leaked timing information when pe ...

oval:org.secpod.oval:def:20033
The host is installed with OpenSSL before 0.9.8s and is prone to double free vulnerability. A flaw is present in the application, which fails when X509_V_FLAG_POLICY_CHECK is enabled. Successful exploitation allows remote attackers to have an unspecified impact by triggering failure of a policy chec ...

oval:org.secpod.oval:def:202342
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An integer underflow flaw, leading to a buffer over-read, was found in the way OpenSSL handled DTLS application data record lengt ...

oval:org.secpod.oval:def:202344
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An integer underflow flaw, leading to a buffer over-read, was found in the way OpenSSL handled DTLS application data record lengt ...

oval:org.secpod.oval:def:20037
The host is installed with OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j or 1.0.1 before 1.0.1c and is prone to buffer overflow vulnerability. A flaw is present in asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL, which does not properly interpret integer data. Successful exploitation al ...

oval:org.secpod.oval:def:500803
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An integer underflow flaw, leading to a buffer over-read, was found in the way OpenSSL handled DTLS application data record lengt ...

oval:org.secpod.oval:def:20884
The host is installed with OpenSSL before 0.9.8zb, 1.0.0 before 1.0.0n or 1.0.1 before 1.0.1i and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle crafted DTLS handshake messages that trigger memory allocations corresponding to large l ...

oval:org.secpod.oval:def:203400
OpenSSL is a toolkit that implements the Secure Sockets Layer , Transport Layer Security , and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A race condition was found in the way OpenSSL handled ServerHello messages with an included S ...

oval:org.secpod.oval:def:20881
The host is installed with OpenSSL before 0.9.8zb, 1.0.0 before 1.0.0n or 1.0.1 before 1.0.1i and is prone to denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersu ...

oval:org.secpod.oval:def:1500684
A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execute a ...

oval:org.secpod.oval:def:20882
The host is installed with OpenSSL before 0.9.8zb, 1.0.0 before 1.0.0n or 1.0.1 before 1.0.1i and is prone to information disclosure vulnerability. A flaw is present in the application, which does not ensure the presence of '\0' characters. Successful exploitation allows context-dependent attackers ...

oval:org.secpod.oval:def:1500688
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available ...

oval:org.secpod.oval:def:20883
The host is installed with OpenSSL before 0.9.8zb, 1.0.0 before 1.0.0n or 1.0.1 before 1.0.1i and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle zero-length DTLS fragments that trigger improper handling of the return value of a certa ...

oval:org.secpod.oval:def:501363
OpenSSL is a toolkit that implements the Secure Sockets Layer , Transport Layer Security , and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A race condition was found in the way OpenSSL handled ServerHello messages with an included S ...

oval:org.secpod.oval:def:21534
The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base

oval:org.secpod.oval:def:203395
OpenSSL is a toolkit that implements the Secure Sockets Layer , Transport Layer Security , and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A race condition was found in the way OpenSSL handled ServerHello messages with an included S ...

oval:org.secpod.oval:def:1600029
A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory. Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i ...

oval:org.secpod.oval:def:500435
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that the OpenSSL library did not properly re-initialize its internal state in the SSL_library_init function after pre ...

oval:org.secpod.oval:def:201760
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that the OpenSSL library did not properly re-initialize its internal state in the SSL_library_init function after pre ...

oval:org.secpod.oval:def:201879
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that the OpenSSL library did not properly re-initialize its internal state in the SSL_library_init function after pre ...

oval:org.secpod.oval:def:20046
The host is installed with OpenSSL before 0.9.8m and is prone to unspecified vulnerability. A flaw is present in the application, which does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/ ...

oval:org.secpod.oval:def:20047
The host is installed with OpenSSL 0.9.8l and earlier and is prone to memory leak vulnerability. A flaw is present in crypto/comp/c_zlib.c, which fails to properly handle vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the ...

oval:org.secpod.oval:def:201797
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL did not always check the return value of the bn_wexpand function. An attacker able to trigger a mem ...

oval:org.secpod.oval:def:500412
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL did not always check the return value of the bn_wexpand function. An attacker able to trigger a mem ...

oval:org.secpod.oval:def:841
The host is installed with OpenSSL and is prone to Denial of service vulnerability. A flaw is present in kssl_keytab_is_available function in ssl/kssl.c, which fails to validate the return value from krb5_sname_to_principal() function causing NULL pointer dereference. Successful exploitation allow r ...

oval:org.secpod.oval:def:201721
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL did not always check the return value of the bn_wexpand function. An attacker able to trigger a mem ...

oval:org.secpod.oval:def:843
The host is installed with OpenSSL and is prone to remote code execution vulnerability. A flaw is present in Cryptographic Message Syntax (CMS) implementation, which fails to handle structures that contain OriginatorInfo element. Successful exploitation allows remote attackers to modify invalid memo ...

oval:org.secpod.oval:def:1093
The host is installed with OpenSSL and is prone to security bypass vulnerability. A flaw is present in ciphersuite, which fails to properly prevent modification of the ciphersuite in the session cache. Successful exploitation allow remote attackers to downgrade to an unintended cipher via vectors in ...

oval:org.secpod.oval:def:201813
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code. A remote attacker could possibly use this flaw to chang ...

oval:org.secpod.oval:def:500308
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code. A remote attacker could possibly use this flaw to chang ...

oval:org.secpod.oval:def:849
The host is installed with OpenSSL and is prone to ciphersuite downgrade vulnerability. A flaw is present in the application, which fails prevent modification of the ciphersuite in the session cache when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled. Successful exploitation allow remote attacke ...

oval:org.secpod.oval:def:201859
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code. A remote attacker could possibly use this flaw to chang ...

oval:org.secpod.oval:def:500383
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code. A remote attacker could possibly use this flaw to chang ...

oval:org.secpod.oval:def:1092
The host is installed with OpenSSL and is prone to security bypass vulnerability. A flaw is present in J-PAKE, which fails to properly validate the public parameters in the J-PAKE protocol. Successful exploitation allow remote attackers to bypass the need for knowledge of the shared secret, and succ ...

oval:org.secpod.oval:def:848
The host is installed with OpenSSL and is prone to security bypass vulnerability. A flaw is present in the J-PAKE protocol, which fails to validate the public parameters. Successful exploitation allow remote attackers to bypass the authentication by sending crafted values in each round of the protoc ...

oval:org.secpod.oval:def:104689
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:21275
The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base

oval:org.secpod.oval:def:1500102
Updated openssl packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 5 and 6.The Red Hat Security Response Team has rated this update as having moderatesecurity impact. Common Vulnerability Scoring System base scores,which give detailed severity ratings, are avai ...

oval:org.secpod.oval:def:1500085
Updated openssl packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderatesecurity impact. Common Vulnerability Scoring System base scores,which give detailed severity ratings, are ava ...

oval:org.secpod.oval:def:202572
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode ...

oval:org.secpod.oval:def:501010
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode ...

oval:org.secpod.oval:def:104718
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:1300164
Multiple vulnerabilities has been found and corrected in openssl: OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service via an invalid key . The TLS protocol ...

oval:org.secpod.oval:def:202626
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode ...

oval:org.secpod.oval:def:20035
The host is installed with OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k or 1.0.1 before 1.0.1d and is prone to denial of service vulnerability. A flaw is in the application, which does not properly handle an invalid key. Successful exploitation allows remote OCSP servers to cause a denial of service.

oval:org.secpod.oval:def:1600259
It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding ...

oval:org.secpod.oval:def:202080
OpenSSL is a toolkit that implements Secure Sockets Layer and Transport Layer Security protocols as well as a full-strength, general purpose, cryptography library. The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a ma ...

oval:org.secpod.oval:def:500635
OpenSSL is a toolkit that implements Secure Sockets Layer and Transport Layer Security protocols as well as a full-strength, general purpose, cryptography library. The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a ma ...

oval:org.secpod.oval:def:202013
OpenSSL is a toolkit that implements Secure Sockets Layer and Transport Layer Security protocols as well as a full-strength, general purpose, cryptography library. The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a ma ...

oval:org.secpod.oval:def:202011
OpenSSL is a toolkit that implements Secure Sockets Layer and Transport Layer Security protocols as well as a full-strength, general purpose, cryptography library. The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a ma ...

oval:org.secpod.oval:def:202005
OpenSSL is a toolkit that implements Secure Sockets Layer and Transport Layer Security protocols as well as a full-strength, general purpose, cryptography library. The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a ma ...

oval:org.secpod.oval:def:20023
The host is installed with OpenSSL 0.9.8i and earlier and is prone to signature verification vulnerability. A flaw is present in the application, which does not properly check the return value from the EVP_VerifyFinal function. Successful exploitation could allow remote attackers to bypass validatio ...

oval:org.secpod.oval:def:20026
The host is installed with OpenSSL before 0.9.8k and is prone to denial of service vulnerability. A flaw is present in the application, which fails to properly handle vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length. Successful exploitation could ...

oval:org.secpod.oval:def:202091
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general purpose cryptography library. Datagram TLS is a protocol based on TLS that is capable of securing datagram transport . Multiple denial of service flaws were dis ...

oval:org.secpod.oval:def:500658
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general purpose cryptography library. Datagram TLS is a protocol based on TLS that is capable of securing datagram transport . Multiple denial of service flaws were dis ...

oval:org.secpod.oval:def:201982
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general purpose cryptography library. Datagram TLS is a protocol based on TLS that is capable of securing datagram transport . Multiple denial of service flaws were dis ...

oval:org.secpod.oval:def:20029
The host is installed with OpenSSL 0.9.8k or earlier is prone to unspecified vulnerability. A flaw is present in the application, which does not properly handle a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug. Successful exploitation ...

oval:org.secpod.oval:def:20030
The host is installed with OpenSSL 0.9.8k or earlier is prone to unspecified vulnerability. A flaw is present in the application, which does not properly handle DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling m ...

oval:org.secpod.oval:def:20031
The host is installed with OpenSSL 0.9.8i and is prone to unspecified vulnerability. A flaw is present in the application, which does not properly handle a DTLS ChangeCipherSpec packet that occurs before ClientHello. Successful exploitation could allow remote attackers to cause a denial of service ( ...

oval:org.secpod.oval:def:20062
The host is installed with OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m or 1.0.1 before 1.0.1g and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle a FLUSH+RELOAD cache side-channel attack. Successful exploitation could allow local users ...

oval:org.secpod.oval:def:1500560
Updated openssl097a and openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a ...

oval:org.secpod.oval:def:1500685
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available for ea ...

oval:org.secpod.oval:def:19653
The host is installed with OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m or 1.0.1 before 1.0.1h or Oracle Virtualization VirtualBox prior to 3.2.24, 4.0.x before 4.0.26, 4.1.x before 4.1.34, 4.2.x before 4.2.26 or 4.3.x before 4.3.14 and is prone to information disclosure vulnerability. A flaw is pres ...

oval:org.secpod.oval:def:20060
The host is installed with OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m or 1.0.1 before 1.0.1h and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle an invalid DTLS handshake. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:501305
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to us ...

oval:org.secpod.oval:def:501304
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying materi ...

oval:org.secpod.oval:def:501306
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to us ...

oval:org.secpod.oval:def:1500586
Updated openssl097a and openssl098e packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a ...

oval:org.secpod.oval:def:20061
The host is installed with OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m or 1.0.1 before 1.0.1h and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to handle a long non-initial fragment. Successful exploitation could allow attackers to crash the service.

oval:org.secpod.oval:def:1600053
It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server

oval:org.secpod.oval:def:1500594
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions ...

oval:org.secpod.oval:def:1500639
It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.

oval:org.secpod.oval:def:1500551
Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ...

oval:org.secpod.oval:def:501365
OpenSSL is a toolkit that implements the Secure Sockets Layer , Transport Layer Security , and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the OBJ_obj2txt function could fail to properly NUL-terminate its outp ...

oval:org.secpod.oval:def:203331
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying materi ...

oval:org.secpod.oval:def:203336
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying materi ...

oval:org.secpod.oval:def:203335
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying materi ...

oval:org.secpod.oval:def:501320
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying materi ...

oval:org.secpod.oval:def:203399
OpenSSL is a toolkit that implements the Secure Sockets Layer , Transport Layer Security , and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the OBJ_obj2txt function could fail to properly NUL-terminate its outp ...

oval:org.secpod.oval:def:1600137
It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server

oval:org.secpod.oval:def:107025
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:107028
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:21279
The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base

oval:org.secpod.oval:def:19652
The host is installed with OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m or 1.0.1 before 1.0.1h and is prone to denial of service vulnerability. A flaw is present in the application, which fails to handle when an anonymous ECDH cipher suite is used. Successful exploitation allows attackers to cause an ...

oval:org.secpod.oval:def:1300308
Multiple vulnerabilities has been discovered and corrected in openssl: The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service via a DTLS hello message in an invalid DTLS handsh ...

oval:org.secpod.oval:def:501303
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to us ...

oval:org.secpod.oval:def:1500637
It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.

oval:org.secpod.oval:def:1500558
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are avail ...

oval:org.secpod.oval:def:107332
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:107326
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:203332
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying materi ...

oval:org.secpod.oval:def:501321
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to us ...

oval:org.secpod.oval:def:1600028
It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. Note: In order to exploit this flaw, b ...

oval:org.secpod.oval:def:1501386
A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. It was discovered that the SSL ...

oval:org.secpod.oval:def:1501390
A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. It was discovered that the SSL ...

oval:org.secpod.oval:def:108125
libuv is a new platform layer for Node. Its purpose is to abstract IOCP on Windows and libev on Unix systems. We intend to eventually contain all platform differences in this library.

oval:org.secpod.oval:def:1600161
Running yum clean all followed by yum update openssl will install the fixed package.For Amazon Linux AMIs "locked" to the 2014.03 repositories, openssl-1.0.1i-1.79.amzn1 also addresses this CVE. Running yum clean all followed by yum update openssl will install the fixed package.For Amazon Linux AMIs ...

oval:org.secpod.oval:def:501405
OpenSSL is a toolkit that implements the Secure Sockets Layer , Transport Layer Security , and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value , which can be use ...

oval:org.secpod.oval:def:1600038
A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining mode. This flaw allows a man-in-the-middle attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim applic ...

oval:org.secpod.oval:def:108232
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. This package contains Windows libraries and development tools.

oval:org.secpod.oval:def:1200135
Multiple flaws were found in the way the Hotspot component in OpenJDK verified bytecode from the class files, and in the way this component generated code for bytecode. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. Multiple improper permi ...

oval:org.secpod.oval:def:108269
Claws Mail is an email client , based on GTK+, featuring quick response, graceful and sophisticated interface, easy configuration, intuitive operation, abundant features, and extensibility.

oval:org.secpod.oval:def:204279
OpenSSL is a toolkit that implements the Secure Sockets Layer , Transport Layer Security , and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value , which can be use ...

oval:org.secpod.oval:def:21398
The host is installed with OpenSSL 1.0.1 before 1.0.1j, 1.0.0 before 1.0.0o or 0.9.8 before 0.9.8zc or Oracle Java SE 5.0u75 and earlier, 6u85 and earlier, 7u72 and earlier or 8u25 and earlier and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the applications, which fail ...

oval:org.secpod.oval:def:501427
OpenSSL is a toolkit that implements the Secure Sockets Layer , Transport Layer Security , and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value , which can be use ...

oval:org.secpod.oval:def:203504
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. This update adds support for the TLS Fallback Sig ...

oval:org.secpod.oval:def:203509
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. This update adds support for the TLS Fallback Sig ...

oval:org.secpod.oval:def:109595
Fossil is a simple, high-reliability, distributed software configuration management with distributed bug tracking, distributed wiki and built-in web interface.

oval:org.secpod.oval:def:203508
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. This update adds support for the TLS Fallback Sig ...

oval:org.secpod.oval:def:108267
The purpose of this mail library is to provide a portable, efficient middle-ware for different kinds of mail access. When using the drivers interface, the interface is the same for all kinds of mail access, remote and local mailboxes.

oval:org.secpod.oval:def:109589
Fossil is a simple, high-reliability, distributed software configuration management with distributed bug tracking, distributed wiki and built-in web interface.

oval:org.secpod.oval:def:107915
The Pound program is a reverse proxy, load balancer and HTTPS front-end for Web server. Pound was developed to enable distributing the load among several Web-servers and to allow for a convenient SSL wrapper for those Web servers that do not offer it natively. Pound is distributed under the GPL - no ...

oval:org.secpod.oval:def:1500761
Updated openssl packages that contain a backported patch to mitigate the CVE-2014-3566 issue and fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System ba ...

oval:org.secpod.oval:def:1500884
Updated java-1.8.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are avai ...

oval:org.secpod.oval:def:1500883
Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are avai ...

oval:org.secpod.oval:def:1500886
Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ...

oval:org.secpod.oval:def:1500888
Updated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings ...

oval:org.secpod.oval:def:1500889
Updated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings ...

oval:org.secpod.oval:def:1500891
Updated java-1.7.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are ...

oval:org.secpod.oval:def:1500771
Updated openssl packages that contain a backported patch to mitigate the CVE-2014-3566 issue and fix two security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System ba ...

oval:org.secpod.oval:def:1500892
Updated java-1.6.0-openjdk packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings ...

oval:org.secpod.oval:def:1500775
Updated openssl packages that contain a backported patch to mitigate the CVE-2014-3566 issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. OpenSSL is a toolkit that implements the Secure Sockets Layer , Transport ...

oval:org.secpod.oval:def:108229
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. This package contains Windows libraries and development tools.

oval:org.secpod.oval:def:107815
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:107818
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:203540
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were found in the way the Hotspot component in OpenJDK verified bytecode from the class files, and in the way this component generated code for bytecode. An ...

oval:org.secpod.oval:def:1200041
A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the JAX-WS, and RMI components i ...

oval:org.secpod.oval:def:203546
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to ...

oval:org.secpod.oval:def:203545
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to ...

oval:org.secpod.oval:def:203543
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to ...

oval:org.secpod.oval:def:203548
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to ...

oval:org.secpod.oval:def:203547
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to ...

oval:org.secpod.oval:def:108462
Node.js is a platform built on Chrome"s JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices.

oval:org.secpod.oval:def:108338
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:203539
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to ...

oval:org.secpod.oval:def:501486
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to ...

oval:org.secpod.oval:def:501489
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to ...

oval:org.secpod.oval:def:108520
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:23618
The host is missing a patch containing a security fixes, which affects the following package(s): Java

oval:org.secpod.oval:def:501491
The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to ...

oval:org.secpod.oval:def:501490
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were found in the way the Hotspot component in OpenJDK verified bytecode from the class files, and in the way this component generated code for bytecode. An ...

oval:org.secpod.oval:def:108196
Node.js is a platform built on Chrome"s JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices.

oval:org.secpod.oval:def:400675
- Previous versions of cyrus-imapd would not allow its users to disable old protocols like SSLv1 and SSLv2 that are unsafe due to various known attacks like BEAST and POODLE. https://bugzilla.cyrusimap.org/show_bug.cgi?id=3867 remedies this issue by adding the configuration option "tls_versions" to ...

oval:org.secpod.oval:def:203465
OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value, which can be used to ...

oval:org.secpod.oval:def:1500862
Updated nss, nss-util, and nss-softokn packages that contain a patch to mitigate the CVE-2014-3566 issue, fix a number of bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. ...

oval:org.secpod.oval:def:1200086
A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. Multiple improper permission check issues were discovered in the JAX-WS, and RMI components i ...

oval:org.secpod.oval:def:21535
The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base

oval:org.secpod.oval:def:203457
OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value, which can be used to ...

oval:org.secpod.oval:def:203456
OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value, which can be used to ...

oval:org.secpod.oval:def:107878
Claws Mail is an email client , based on GTK+, featuring quick response, graceful and sophisticated interface, easy configuration, intuitive operation, abundant features, and extensibility.

oval:org.secpod.oval:def:108280
Additional plugins for Claws Mail.

oval:org.secpod.oval:def:1500803
Updated nss, nss-util, and nss-softokn packages that contain a patch to mitigate the CVE-2014-3566 issue, fix a number of bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. ...

oval:org.secpod.oval:def:107894
The Pound program is a reverse proxy, load balancer and HTTPS front-end for Web server. Pound was developed to enable distributing the load among several Web-servers and to allow for a convenient SSL wrapper for those Web servers that do not offer it natively. Pound is distributed under the GPL - no ...

oval:org.secpod.oval:def:107898
A small library for communicating with the REST interface of a Red Hat Unified Entitlement Platform. This interface is used for the management of system entitlements, certificates, and access to content.

oval:org.secpod.oval:def:108506
Node.js is a platform built on Chrome"s JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices.

oval:org.secpod.oval:def:501462
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. This update adds support for the TLS Fallback Sig ...

oval:org.secpod.oval:def:107890
The purpose of this mail library is to provide a portable, efficient middle-ware for different kinds of mail access. When using the drivers interface, the interface is the same for all kinds of mail access, remote and local mailboxes.

oval:org.secpod.oval:def:108187
Asterisk is a complete PBX in software. It runs on Linux and provides all of the features you would expect from a PBX and more. Asterisk does voice over IP in three protocols, and can interoperate with almost all standards-based telephony equipment using relatively inexpensive hardware.

oval:org.secpod.oval:def:21591
The host is missing a patch containing a security fixes, which affects the following package(s): Java

oval:org.secpod.oval:def:108059
Node.js is a platform built on Chrome"s JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices.

oval:org.secpod.oval:def:107888
A small library for communicating with the REST interface of a Red Hat Unified Entitlement Platform. This interface is used for the management of system entitlements, certificates, and access to content.

oval:org.secpod.oval:def:108052
libuv is a new platform layer for Node. Its purpose is to abstract IOCP on Windows and libev on Unix systems. We intend to eventually contain all platform differences in this library.

oval:org.secpod.oval:def:108053
libuv is a new platform layer for Node. Its purpose is to abstract IOCP on Windows and libev on Unix systems. We intend to eventually contain all platform differences in this library.

oval:org.secpod.oval:def:108055
Node.js is a platform built on Chrome"s JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices.

oval:org.secpod.oval:def:107880
Additional plugins for Claws Mail.

oval:org.secpod.oval:def:107882
The Subscription Manager package provides programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform.

oval:org.secpod.oval:def:600700
Several vulnerabilities were discovered in OpenSSL, an implementation of TLS and related protocols. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2011-4108 The DTLS implementation performs a MAC check only if certain padding is valid, which makes it e ...

oval:org.secpod.oval:def:600964
Multiple vulnerabilities have been found in OpenSSL. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-0166 OpenSSL does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service via an invalid ...

oval:org.secpod.oval:def:600786
Tomas Hoger, Red Hat, discovered that the fix for CVE-2012-2110 for the 0.9.8 series of OpenSSL was incomplete. It has been assigned the CVE-2012-2131 identifier. For reference, the original description of CVE-2012-2110 from DSA-2454-1 is quoted below: CVE-2012-2110 Tavis Ormandy, Google Security Te ...

oval:org.secpod.oval:def:601750
Multiple vulnerabilities have been identified in OpenSSL, a Secure Sockets Layer toolkit, that may result in denial of service , information leak, protocol downgrade. Additionally, a buffer overrun affecting only applications explicitly set up for SRP has been fixed . Detailed descriptions of the vu ...

oval:org.secpod.oval:def:600812
It was discovered that openssl did not correctly handle explicit Initialization Vectors for CBC encryption modes, as used in TLS 1.1, 1.2, and DTLS. An incorrect calculation would lead to an integer underflow and incorrect memory access, causing denial of service

oval:org.secpod.oval:def:701203
openssl: Secure Socket Layer cryptographic library and tools Details: USN-1732-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2013-0166 and CVE-2012-2686 introduced a regression causing decryption failures on hardware supporting AES-NI. This update temporarily reverts the security fix pending ...

oval:org.secpod.oval:def:700872
openssl: Secure Socket Layer cryptographic library and tools Applications using OpenSSL in certain situations could be made to crash or expose sensitive information.

oval:org.secpod.oval:def:600621
Several fraudulent SSL certificates have been found in the wild issued by the DigiNotar Certificate Authority, obtained through a security compromise of said company. After further updates on this incident, it has been determined that all of DigiNotar"s signing certificates can no longer be trusted. ...

oval:org.secpod.oval:def:601270
Multiple vulnerabilities have been discovered in OpenSSL. The following Common Vulnerabilities and Exposures project ids identify them: CVE-2010-5298 A read buffer can be freed even when it still contains data that is used later on, leading to a use-after-free. Given a race condition in a multi-thre ...

oval:org.secpod.oval:def:600782
Multiple vulnerabilities have been found in OpenSSL. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2012-0884 Ivan Nestlerode discovered a weakness in the CMS and PKCS #7 implementations that could allow an attacker to decrypt data via a Million Message Attack ...

CVE    46
CVE-2009-0789
CVE-2010-0433
CVE-2010-0742
CVE-2010-4252
...
*CPE
cpe:/a:openssl:openssl:0.9.8e

© 2013 SecPod Technologies