[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97559

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:23123
The host is installed with OpenSSL 1.0.1 before 1.0.1k, 1.0.0 before 1.0.0p or 0.9.8 before 0.9.8zd and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted DTLS message that is processed with a different read operation for the handshak ...

oval:org.secpod.oval:def:23949
The host is installed with OpenSSL 0.9.8 before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m or 1.0.2 before 1.0.2a and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a malformed Elliptic Curve (EC) private-key file during import. Succes ...

oval:org.secpod.oval:def:501541
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid pointer use flaw was found in OpenSSL"s ASN1_TYPE_cmp function. A remote attacker could crash a TLS/SSL client or serve ...

oval:org.secpod.oval:def:501540
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid pointer use flaw was found in OpenSSL"s ASN1_TYPE_cmp function. A remote attacker could crash a TLS/SSL client or serve ...

oval:org.secpod.oval:def:24117
The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base

oval:org.secpod.oval:def:602010
The openssl update issued as DSA 3197-1 caused regressions. This update reverts the defective patch applied in that update causing these problems. Additionally a follow-up fix for CVE-2015-0209 is applied. For reference the original advisory text follows. Multiple vulnerabilities have been discovere ...

oval:org.secpod.oval:def:602003
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-0286 Stephen Henson discovered that the ASN1_TYPE_cmp function can be crashed, resulting in denial of service. CVE-2015 ...

oval:org.secpod.oval:def:108526
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:702469
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:203581
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid pointer use flaw was found in OpenSSL"s ASN1_TYPE_cmp function. A remote attacker could crash a TLS/SSL client or serve ...

oval:org.secpod.oval:def:23955
The host is installed with OpenSSL 0.9.8 before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m or 1.0.2 before 1.0.2a and is prone to a denial of service vulnerability. A flaw is present in the application, which does not properly handle a lack of outer ContentInfo. Successful exploitation allows ...

oval:org.secpod.oval:def:23954
The host is installed with OpenSSL 0.9.8 before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m or 1.0.2 before 1.0.2a and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle an invalid certificate key. Successful exploitation allows remote at ...

oval:org.secpod.oval:def:23953
The host is installed with OpenSSL 0.9.8 before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m or 1.0.2 before 1.0.2a and is prone to a denial of service vulnerability. A flaw is present in the application, which does not reinitialize CHOICE and ADB data structures. Successful exploitation allows ...

oval:org.secpod.oval:def:23952
The host is installed with OpenSSL 0.9.8 before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m or 1.0.2 before 1.0.2a and is prone to a denial of service vulnerability. A flaw is present in the application, which does not properly perform boolean-type comparisons. Successful exploitation allows r ...

oval:org.secpod.oval:def:203574
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid pointer use flaw was found in OpenSSL"s ASN1_TYPE_cmp function. A remote attacker could crash a TLS/SSL client or serve ...

oval:org.secpod.oval:def:1500952
An invalid pointer use flaw was found in OpenSSL's ASN1_TYPE_cmp() function. A remote attacker could crash a TLS/SSL client or server using OpenSSL via a specially crafted X.509 certificate when the attacker-supplied certificate was verified by the application.

oval:org.secpod.oval:def:1500953
An invalid pointer use flaw was found in OpenSSL's ASN1_TYPE_cmp() function. A remote attacker could crash a TLS/SSL client or server using OpenSSL via a specially crafted X.509 certificate when the attacker-supplied certificate was verified by the application.

oval:org.secpod.oval:def:25305
The host is installed with Apple Mac OS X or Server 10.10.x through 10.10.3 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted CLIENT-MASTER-KEY message. Successful exploitation allows remote attackers to cause denial of service ( ...

oval:org.secpod.oval:def:1200089
A use-after-free flaw was found in the way OpenSSL importrf certain Elliptic Curve private keys. An attacker could use this flaw to crash OpenSSL, if a specially-crafted certificate was imported. A denial of service flaw was found in the way OpenSSL handled certain SSLv2 messages. A malicious client ...

oval:org.secpod.oval:def:23956
The host is installed with OpenSSL 0.9.8 before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m or 1.0.2 before 1.0.2a and is prone to a denial of service vulnerability. A flaw is present in the application, which does not properly handle a crafted CLIENT-MASTER-KEY message. Successful exploitatio ...

oval:org.secpod.oval:def:25118
The host is installed with OpenSSL 0.9.8 before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m or 1.0.2 before 1.0.2a and is prone to a NULL pointer dereference and application crash crash vulnerability. A flaw is present in the application, which fails to handle a PKCS#7 blob. Successful exploit ...

oval:org.secpod.oval:def:25119
The host is installed with OpenSSL 0.9.8 before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m or 1.0.2 before 1.0.2a and is prone to a out-of-bounds read and application crash crash vulnerability. A flaw is present in the application, which fails to handle a crafted length field in ASN1_TIME dat ...

oval:org.secpod.oval:def:25120
The host is installed with OpenSSL 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n or 1.0.2 before 1.0.2b and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle ECParameters structures in which the curve is over a malformed binary pol ...

oval:org.secpod.oval:def:25116
The host is installed with OpenSSL 0.9.8 before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m or 1.0.2 before 1.0.2a and is prone to a denial of service vulnerability. A flaw is present in the application, which does not reinitialize CHOICE and ADB data structures. Successful exploitation allows ...

oval:org.secpod.oval:def:25117
The host is installed with OpenSSL 0.9.8 before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m or 1.0.2 before 1.0.2a and is prone to a double free or an application crash vulnerability. A flaw is present in the application, which fails to handle a NewSessionTicket during an attempt to reuse a ti ...

oval:org.secpod.oval:def:24761
The host is missing a patch containing a security fixes, which affects the following package(s): Java

oval:org.secpod.oval:def:109986
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:702871
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:33380
The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base

oval:org.secpod.oval:def:37852
The host is installed with Xcode before 8.1 on Apple Mac OS X 10.11.5 or later and is prone to an arbitrary code execution vulnerability. A flaw is present in the Node.js, which fails to handle unknown vectors. Successful exploitation allows attackers to cause unexpected application termination or a ...

oval:org.secpod.oval:def:32715
The host is installed with OpenSSL 1.0.1 before 1.0.1r, 1.0.2 before 1.0.2f or VM VirtualBox 5.0.x before 5.0.16 and is prone to a privilege escalation vulnerability. A flaw is present in SSLv2, which doesn't block disabled ciphers. Successful exploitation allows remote attackers to negotiate SSLv2 ...

oval:org.secpod.oval:def:1200112
A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication. A memory leak vulnerability was ...

oval:org.secpod.oval:def:501727
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to caus ...

oval:org.secpod.oval:def:501726
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked cou ...

oval:org.secpod.oval:def:31678
The host is installed with OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, 1.0.2 before 1.0.2e, VM VirtualBox 4.3.x before 4.3.36 or 5.0.x before 5.0.14 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle err ...

oval:org.secpod.oval:def:31679
The host is installed with OpenSSL 1.0.1 before 1.0.1q or 1.0.2 before 1.0.2e, Oracle MySQL 5.6.x through 5.6.28 or 5.7.x through 5.7.10 and is prone to a null pointer dereference vulnerability. A flaw is present in the application, which fails to properly handle an RSA PSS ASN.1 signature that lack ...

oval:org.secpod.oval:def:31677
The host is installed with OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, or 1.0.2 before 1.0.2d and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a crafted ServerKeyExchange message. Successful exploitation allows remote attac ...

oval:org.secpod.oval:def:203783
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked cou ...

oval:org.secpod.oval:def:203782
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked cou ...

oval:org.secpod.oval:def:203787
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to caus ...

oval:org.secpod.oval:def:602296
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-3194 Loic Jonas Etienne of Qnective AG discovered that the signature verification routines will crash with a NULL point ...

oval:org.secpod.oval:def:33775
The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base

oval:org.secpod.oval:def:1501268
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked cou ...

oval:org.secpod.oval:def:1501274
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked cou ...

oval:org.secpod.oval:def:109800
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:203645
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could ...

oval:org.secpod.oval:def:203644
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could ...

oval:org.secpod.oval:def:1200038
LOGJAM: A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange . An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in wh ...

oval:org.secpod.oval:def:1501275
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked cou ...

oval:org.secpod.oval:def:1501037
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could ...

oval:org.secpod.oval:def:1501036
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could ...

oval:org.secpod.oval:def:501577
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could ...

oval:org.secpod.oval:def:25312
The host is missing a security update according to Apple advisory, APPLE-SA-2015-06-30-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle a crafted vectors. Successful exploitation leads to information disclosure, security bypas ...

oval:org.secpod.oval:def:109202
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:109227
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:602137
Multiple vulnerabilities were discovered in OpenSSL, a Secure Sockets Layer toolkit. CVE-2014-8176 Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that an invalid memory free could be triggered when buffering DTLS data. This could allow remote attackers to cause a denial of service ...

oval:org.secpod.oval:def:203662
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An out-of-bounds read flaw was found in the X509_cmp_time function of OpenSSL. A specially crafted X.509 certificate or a Certific ...

oval:org.secpod.oval:def:25420
The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base

oval:org.secpod.oval:def:501585
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An out-of-bounds read flaw was found in the X509_cmp_time function of OpenSSL. A specially crafted X.509 certificate or a Certific ...

oval:org.secpod.oval:def:109274
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:109268
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:1600404
A double-free flaw was found in the way OpenSSL parsed certain malformed DSA private keys. An attacker could create specially crafted DSA private keys that, when processed by an application compiled against OpenSSL, could cause the application to crash. The ssl_verify_server_cert function in sql-co ...

oval:org.secpod.oval:def:110547
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:110496
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:33156
The host is installed with OpenSSL 1.0.1 before 1.0.1s or 1.0.2 before 1.0.2g, Oracle MySQL 5.6.x through 5.6.29 or 5.7.x through 5.7.11 and is prone to a double free vulnerability. A flaw is present in the application, which fails to properly handle malformed DSA private key. Successful exploitatio ...

oval:org.secpod.oval:def:204175
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid pointer use flaw was found in OpenSSL"s ASN1_TYPE_cmp function. A remote attacker could crash a TLS/SSL client or serve ...

oval:org.secpod.oval:def:37847
The host is installed with Xcode before 8.1 on Apple Mac OS X 10.11.5 or later and is prone to an arbitrary code execution vulnerability. A flaw is present in the Node.js, which fails to handle unknown vectors. Successful exploitation allows attackers to cause unexpected application termination or a ...

oval:org.secpod.oval:def:37845
The host is installed with Xcode before 8.1 on Apple Mac OS X 10.11.5 or later and is prone to an arbitrary code execution vulnerability. A flaw is present in the Node.js, which fails to handle unknown vectors. Successful exploitation allows attackers to cause unexpected application termination or a ...

oval:org.secpod.oval:def:33161
The host is installed with OpenSSL 1.0.2, 1.0.1 before 1.0.1m, 1.0.0 before 1.0.0r or 0.9.8ze and earlier versions and is prone to a divide-and-conquer key recovery attack vulnerability. A flaw is present in the application, which fails to handle s2_srvr.c which do not enforce that clear-key-length ...

oval:org.secpod.oval:def:33160
The host is installed with OpenSSL 1.0.1 before 1.0.1s or 1.0.2 before 1.0.2g and is prone to a side-channel attack vulnerability. A flaw is present in the application, which fails to handle use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. Successful exploitation allows remot ...

oval:org.secpod.oval:def:110097
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:33162
The host is installed with OpenSSL 1.0.2, 1.0.1 before 1.0.1m, 1.0.0 before 1.0.0r or 0.9.8ze and earlier versions and is prone to a DROWN attack vulnerability. A flaw is present in the application, which fails to handle s2_srvr.c overwriting the wrong bytes in the master-key when applying Bleichenb ...

oval:org.secpod.oval:def:400644
This update for compat-openssl098 fixes the following issues: - CVE-2016-2108: Memory corruption in the ASN.1 encoder - CVE-2016-2105: EVP_EncodeUpdate overflow - CVE-2016-2106: EVP_EncryptUpdate overflow - CVE-2016-2109: ASN.1 BIO excessive memory allocation - CVE-2016-0702: Side channel attack ...

oval:org.secpod.oval:def:33155
The host is installed with OpenSSL 1.0.1 before 1.0.1s or 1.0.2 before 1.0.2g and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle the SSLv2 protocol which sends ServerVerify message before establishing that a client possesses certain ...

oval:org.secpod.oval:def:33158
The host is installed with OpenSSL 1.0.1 before 1.0.1s or 1.0.2 before 1.0.2g and is prone to a null pointer deref/heap corruption vulnerability. A flaw is present in the application, which fails to handle user developed applications generated config file data. Successful exploitation leads to NULL ...

oval:org.secpod.oval:def:33157
The host is installed with OpenSSL 1.0.1 before 1.0.1s or 1.0.2 before 1.0.2g and is prone to a memory leak vulnerability. A flaw is present in the application, which fails to handle the returned pointer which was sometimes newly allocated and sometimes owned by the callee. Successful exploitation a ...

oval:org.secpod.oval:def:501772
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to de ...

oval:org.secpod.oval:def:501773
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to de ...

oval:org.secpod.oval:def:501779
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to de ...

oval:org.secpod.oval:def:37854
The host is missing a security update according to Apple advisory, APPLE-SA-2016-10-27-1. The update is required to fix multiple arbitrary code execution vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation allows attackers to caus ...

oval:org.secpod.oval:def:37846
The host is installed with Xcode before 8.1 on Apple Mac OS X 10.11.5 or later and is prone to an arbitrary code execution vulnerability. A flaw is present in the Node.js, which fails to handle unknown vectors. Successful exploitation allows attackers to cause unexpected application termination or a ...

oval:org.secpod.oval:def:203862
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to de ...

oval:org.secpod.oval:def:703004
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:110570
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. This package contains Windows libraries and development tools.

oval:org.secpod.oval:def:203850
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to de ...

oval:org.secpod.oval:def:203851
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to de ...

oval:org.secpod.oval:def:203855
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to de ...

oval:org.secpod.oval:def:34943
The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base

oval:org.secpod.oval:def:1501503
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:502153
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to de ...

oval:org.secpod.oval:def:602398
Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit. CVE-2016-0702 Yuval Yarom from the University of Adelaide and NICTA, Daniel Genkin from Technion and Tel Aviv University, and Nadia Heninger from the University of Pennsylvania discovered a side-channel attack which m ...

oval:org.secpod.oval:def:33159
The host is installed with OpenSSL 1.0.1 before 1.0.1s or 1.0.2 before 1.0.2g and is prone to a data overflow vulnerability. A flaw is present in the application, which fails to handle both |fmtstr| function and |doapr_outch| function which attempts to write to an OOB memory location. Successful exp ...

oval:org.secpod.oval:def:38969
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to dec ...

oval:org.secpod.oval:def:400662
This update for compat-openssl098 fixes various security issues and bugs: Security issues fixed: - CVE-2016-0800 aka the "DROWN" attack : OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher sui ...

oval:org.secpod.oval:def:1501379
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to dec ...

oval:org.secpod.oval:def:400661
This update for openssl fixes various security issues: Security issues fixed: - CVE-2016-0800 aka the "DROWN" attack : OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenba ...

oval:org.secpod.oval:def:1501381
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to dec ...

oval:org.secpod.oval:def:1501380
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to dec ...

oval:org.secpod.oval:def:1501386
A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. It was discovered that the SSL ...

oval:org.secpod.oval:def:501818
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to creat ...

oval:org.secpod.oval:def:1501390
A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. It was discovered that the SSL ...

oval:org.secpod.oval:def:501822
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to creat ...

oval:org.secpod.oval:def:110297
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:1600333
A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. It was discovered that the SSL ...

oval:org.secpod.oval:def:1600367
A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicl ...

oval:org.secpod.oval:def:204130
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to creat ...

oval:org.secpod.oval:def:1501454
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. This package contains Windows libraries and development tools.

oval:org.secpod.oval:def:400742
This update for openssl fixes various security issues and bugs: Security issues fixed: - CVE-2016-0800 aka the "DROWN" attack : OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a B ...

oval:org.secpod.oval:def:203849
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to de ...

oval:org.secpod.oval:def:1501463
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create ...

oval:org.secpod.oval:def:110255
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:203932
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to creat ...

oval:org.secpod.oval:def:37185
The host is installed with OpenSSL 1.0.1 through 1.0.1t or 1.0.2 through 1.0.2h and is prone to a denial of service vulnerability. A flaw is present in DTLS implementation, which fails to properly restrict the lifetime of queue entries associated with unused out-of-order messages. Successful exploit ...

oval:org.secpod.oval:def:36412
The host is installed with OpenSSL 1.0.1 through 1.0.1t or 1.0.2 through 1.0.2h and is prone to a denial of service vulnerability. A flaw is present in the application, which mishandles a crafted time-stamp file through "openssl ts" command. Successful exploitation allows remote attackers to cause a ...

oval:org.secpod.oval:def:35814
The host is installed with OpenSSL 1.0.1 through 1.0.1t or 1.0.2 through 1.0.2h and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly use pointer arithmetic for heap-buffer boundary checks. Successful exploitation allows remote attackers to ...

oval:org.secpod.oval:def:35813
The host is installed with OpenSSL 1.0.1 through 1.0.1t or 1.0.2 through 1.0.2h and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly ensure the use of constant-time operations. Successful exploitation allows local users to easily discover a D ...

oval:org.secpod.oval:def:37187
The host is installed with OpenSSL 1.0.1 through 1.0.1t or 1.0.2 through 1.0.2h and is prone to a denial of service vulnerability. A flaw is present in BN_bn2dec function, which fails to properly validate division results. Successful exploitation allows remote attackers to cause a denial of service ...

oval:org.secpod.oval:def:37186
The host is installed with OpenSSL 1.0.1 through 1.0.1t or 1.0.2 through 1.0.2h and is prone to a denial of service vulnerability. A flaw is present in Anti-Replay feature in the DTLS implementation, which mishandles early use of a new epoch number in conjunction with a large sequence number. Succes ...

oval:org.secpod.oval:def:38740
The host is installed with Oracle Java SE through 6u131, 7u121 or 8u112 and is prone to an unspecified vulnerability. A flaw is present in the applications, which fail to handle vectors related to Libraries. Successful exploitation allows attackers to affect Confidentiality.

oval:org.secpod.oval:def:703578
nss: Network Security Service library Several security issues were fixed in NSS.

oval:org.secpod.oval:def:602624
It was discovered that the original patch applied for CVE-2016-2182 in DSA-3673-1 was incomplete, causing a regression when parsing certificates. Updated packages are now available to address this problem.

oval:org.secpod.oval:def:36844
The host is installed with OpenSSL or NSS and is prone to a birthday attack vulnerability. A flaw is present in 3DES cipher as used in TLS protocol, which fails to renegotiate running connections. Successful exploitation could allow attackers to recover partial plaintext information.

oval:org.secpod.oval:def:36843
The host is installed with OpenSSL 1.0.1 through 1.0.1t or 1.0.2 through 1.0.2h and is prone to a sweet32 birthday attack vulnerability. A flaw is present in Triple-DES, which fails to handle a crafted Javascript. Successful exploitation allows remote attackers to send enough traffic to cause a coll ...

oval:org.secpod.oval:def:703283
openssl: Secure Socket Layer cryptographic library and tools Details: USN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-308 ...

oval:org.secpod.oval:def:33182
The host is installed with OpenSSL 1.0.1 before 1.0.1s or 1.0.2 before 1.0.2g and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to verify successful allocation of certain memory. Successful exploitation allows remote attackers to cause a denial of s ...

oval:org.secpod.oval:def:34891
The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base

oval:org.secpod.oval:def:501967
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote atta ...

oval:org.secpod.oval:def:703461
openjdk-7: Open Source Java implementation Several security issues were fixed in OpenJDK 7.

oval:org.secpod.oval:def:204084
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote atta ...

oval:org.secpod.oval:def:1600514
It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. This issue was addres ...

oval:org.secpod.oval:def:204083
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix: * It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote atta ...

oval:org.secpod.oval:def:501976
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote atta ...

oval:org.secpod.oval:def:703468
openjdk-6: Open Source Java implementation Several security issues were fixed in OpenJDK 6.

oval:org.secpod.oval:def:703438
openjdk-8: Open Source Java implementation Several security issues were fixed in OpenJDK 8.

oval:org.secpod.oval:def:1600493
It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. This issue was addres ...

oval:org.secpod.oval:def:204107
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote atta ...

oval:org.secpod.oval:def:204109
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote atta ...

oval:org.secpod.oval:def:204108
The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix: * It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote atta ...

oval:org.secpod.oval:def:37189
The host is installed with OpenSSL 1.0.1 through 1.0.1t or 1.0.2 through 1.0.2h and is prone to an integer overflow vulnerability. A flaw is present in MDC2_Update function, which fails through unknown vectors. Successful exploitation allows remote attackers to cause a denial of service (out-of-boun ...

oval:org.secpod.oval:def:37188
The host is installed with OpenSSL 1.0.1 through 1.0.1t or 1.0.2 through 1.0.2h and is prone to a denial of service vulnerability. A flaw is present in tls_decrypt_ticket function, which fails to consider the HMAC size during validation of the ticket length. Successful exploitation allows remote att ...

oval:org.secpod.oval:def:1501604
The host is installed with OpenSSL or NSS and is prone to a birthday attack vulnerability. A flaw is present in 3DES cipher as used in TLS protocol, which fails to renegotiate running connections. Successful exploitation could allow attackers to recover partial plaintext information.

oval:org.secpod.oval:def:204094
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiat ...

oval:org.secpod.oval:def:204093
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiat ...

oval:org.secpod.oval:def:37786
The host is installed with Oracle VM VirtualBox 5.0.x before 5.0.28 or 5.1.x before 5.1.8 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation can result in unauthorized ability to cause a hang or f ...

oval:org.secpod.oval:def:38971
The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base

oval:org.secpod.oval:def:501879
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiat ...

oval:org.secpod.oval:def:1600452
A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enab ...

oval:org.secpod.oval:def:602621
Several vulnerabilities were discovered in OpenSSL: CVE-2016-2177 Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/ CVE-2016-2178 Cesar Pereida, Billy Brumley and ...

oval:org.secpod.oval:def:111384
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:1600457
It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system. It was discovered that the Dat ...

oval:org.secpod.oval:def:111444
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:37382
The host is installed with OpenSSL 1.0.1 through 1.0.1t or 1.0.2 through 1.0.2h and is prone to a denial of service vulnerability. A flaw is present in the application, which properly handle message length checks. Successful exploitation allows remote attackers to cause a denial of service.

oval:org.secpod.oval:def:37380
The host is installed with OpenSSL 1.0.1 through 1.0.1t, 1.0.2 through 1.0.2h or 1.1.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle OCSP Status Request extension. Successful exploitation allows remote attackers to cause a den ...

oval:org.secpod.oval:def:37387
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:1501583
Several vulnerabilities were discovered in OpenSSL: CVE-2016-2177 Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/ CVE-2016-2178 Cesar Pereida, Billy Brumley and ...

oval:org.secpod.oval:def:1501581
Several vulnerabilities were discovered in OpenSSL: CVE-2016-2177 Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/ CVE-2016-2178 Cesar Pereida, Billy Brumley and ...

oval:org.secpod.oval:def:703280
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:703881
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:1501059
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An out-of-bounds read flaw was found in the X509_cmp_time function of OpenSSL. A specially crafted X.509 certificate or a Certific ...

oval:org.secpod.oval:def:108313
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:23124
The host is installed with OpenSSL 1.0.1 before 1.0.1k, 1.0.0 before 1.0.0p or 0.9.8 before 0.9.8zd and is prone to a NULL pointer dereference vulnerability. A flaw is present in the application, which fails to handle a unknown vectors. Successful exploitation allows remote SSL servers to conduct EC ...

oval:org.secpod.oval:def:23122
The host is installed with OpenSSL 1.0.1 before 1.0.1k, 1.0.0 before 1.0.0p or 0.9.8 before 0.9.8zd and is prone to a security bypass vulnerability. A flaw is present in the application, which does not properly calculate the square of a BIGNUM value. Successful exploitation might make it easier for ...

oval:org.secpod.oval:def:1501483
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create ...

oval:org.secpod.oval:def:1200139
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1 ...

oval:org.secpod.oval:def:501555
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could m ...

oval:org.secpod.oval:def:1500882
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available ...

oval:org.secpod.oval:def:1500885
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings, are available ...

oval:org.secpod.oval:def:702372
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:203542
OpenSSL is a toolkit that implements the Secure Sockets Layer , Transport Layer Security , and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote att ...

oval:org.secpod.oval:def:203541
OpenSSL is a toolkit that implements the Secure Sockets Layer , Transport Layer Security , and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote att ...

oval:org.secpod.oval:def:108338
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:25781
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:25780
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:501488
OpenSSL is a toolkit that implements the Secure Sockets Layer , Transport Layer Security , and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote att ...

oval:org.secpod.oval:def:108520
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:1500983
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could m ...

oval:org.secpod.oval:def:1500918
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role.

oval:org.secpod.oval:def:203608
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could m ...

oval:org.secpod.oval:def:23540
The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base

oval:org.secpod.oval:def:601907
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2014-3569 Frank Schmirler reported that the ssl23_get_client_hello function in OpenSSL does not properly handle attempts to ...

oval:org.secpod.oval:def:38970
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

CVE    44
CVE-2014-3571
CVE-2015-0204
CVE-2015-0205
CVE-2015-0209
...
*CPE
cpe:/a:openssl:openssl:1.0.1j

© 2013 SecPod Technologies