[Forgot Password]
Login  Register Subscribe

23631

 
 

115083

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:1600404
A double-free flaw was found in the way OpenSSL parsed certain malformed DSA private keys. An attacker could create specially crafted DSA private keys that, when processed by an application compiled against OpenSSL, could cause the application to crash. The ssl_verify_server_cert function in sql-co ...

oval:org.secpod.oval:def:110547
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:110496
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

oval:org.secpod.oval:def:33156
The host is installed with OpenSSL 1.0.1 before 1.0.1s or 1.0.2 before 1.0.2g, Oracle MySQL 5.6.x through 5.6.29 or 5.7.x through 5.7.11 and is prone to a double free vulnerability. A flaw is present in the application, which fails to properly handle malformed DSA private key. Successful exploitatio ...

oval:org.secpod.oval:def:37847
The host is installed with Xcode before 8.1 on Apple Mac OS X 10.11.5 or later and is prone to an arbitrary code execution vulnerability. A flaw is present in the Node.js, which fails to handle unknown vectors. Successful exploitation allows attackers to cause unexpected application termination or a ...

oval:org.secpod.oval:def:37845
The host is installed with Xcode before 8.1 on Apple Mac OS X 10.11.5 or later and is prone to an arbitrary code execution vulnerability. A flaw is present in the Node.js, which fails to handle unknown vectors. Successful exploitation allows attackers to cause unexpected application termination or a ...

oval:org.secpod.oval:def:33161
The host is installed with OpenSSL 1.0.2, 1.0.1 before 1.0.1m, 1.0.0 before 1.0.0r or 0.9.8ze and earlier versions and is prone to a divide-and-conquer key recovery attack vulnerability. A flaw is present in the application, which fails to handle s2_srvr.c which do not enforce that clear-key-length ...

oval:org.secpod.oval:def:33160
The host is installed with OpenSSL 1.0.1 before 1.0.1s or 1.0.2 before 1.0.2g and is prone to a side-channel attack vulnerability. A flaw is present in the application, which fails to handle use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. Successful exploitation allows remot ...

oval:org.secpod.oval:def:33162
The host is installed with OpenSSL 1.0.2, 1.0.1 before 1.0.1m, 1.0.0 before 1.0.0r or 0.9.8ze and earlier versions and is prone to a DROWN attack vulnerability. A flaw is present in the application, which fails to handle s2_srvr.c overwriting the wrong bytes in the master-key when applying Bleichenb ...

oval:org.secpod.oval:def:33158
The host is installed with OpenSSL 1.0.1 before 1.0.1s or 1.0.2 before 1.0.2g and is prone to a null pointer deref/heap corruption vulnerability. A flaw is present in the application, which fails to handle user developed applications generated config file data. Successful exploitation leads to NULL ...

oval:org.secpod.oval:def:33157
The host is installed with OpenSSL 1.0.1 before 1.0.1s or 1.0.2 before 1.0.2g and is prone to a memory leak vulnerability. A flaw is present in the application, which fails to handle the returned pointer which was sometimes newly allocated and sometimes owned by the callee. Successful exploitation a ...

oval:org.secpod.oval:def:37846
The host is installed with Xcode before 8.1 on Apple Mac OS X 10.11.5 or later and is prone to an arbitrary code execution vulnerability. A flaw is present in the Node.js, which fails to handle unknown vectors. Successful exploitation allows attackers to cause unexpected application termination or a ...

oval:org.secpod.oval:def:703004
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:33159
The host is installed with OpenSSL 1.0.1 before 1.0.1s or 1.0.2 before 1.0.2g and is prone to a data overflow vulnerability. A flaw is present in the application, which fails to handle both |fmtstr| function and |doapr_outch| function which attempts to write to an OOB memory location. Successful exp ...

oval:org.secpod.oval:def:110297
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:110255
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:501555
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could m ...

oval:org.secpod.oval:def:203608
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could m ...

oval:org.secpod.oval:def:204175
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid pointer use flaw was found in OpenSSL"s ASN1_TYPE_cmp function. A remote attacker could crash a TLS/SSL client or serve ...

oval:org.secpod.oval:def:501541
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid pointer use flaw was found in OpenSSL"s ASN1_TYPE_cmp function. A remote attacker could crash a TLS/SSL client or serve ...

oval:org.secpod.oval:def:501540
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid pointer use flaw was found in OpenSSL"s ASN1_TYPE_cmp function. A remote attacker could crash a TLS/SSL client or serve ...

oval:org.secpod.oval:def:24117
The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base

oval:org.secpod.oval:def:23949
The host is installed with OpenSSL 0.9.8 before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m or 1.0.2 before 1.0.2a and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to handle a malformed Elliptic Curve (EC) private-key file during import. Succes ...

oval:org.secpod.oval:def:602010
The openssl update issued as DSA 3197-1 caused regressions. This update reverts the defective patch applied in that update causing these problems. Additionally a follow-up fix for CVE-2015-0209 is applied. For reference the original advisory text follows. Multiple vulnerabilities have been discovere ...

oval:org.secpod.oval:def:602003
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-0286 Stephen Henson discovered that the ASN1_TYPE_cmp function can be crashed, resulting in denial of service. CVE-2015 ...

oval:org.secpod.oval:def:108526
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:702469
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:203581
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid pointer use flaw was found in OpenSSL"s ASN1_TYPE_cmp function. A remote attacker could crash a TLS/SSL client or serve ...

oval:org.secpod.oval:def:1200089
A use-after-free flaw was found in the way OpenSSL importrf certain Elliptic Curve private keys. An attacker could use this flaw to crash OpenSSL, if a specially-crafted certificate was imported. A denial of service flaw was found in the way OpenSSL handled certain SSLv2 messages. A malicious client ...

oval:org.secpod.oval:def:23959
The host is installed with OpenSSL 1.0.2 before 1.0.2a and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle crafted RSA PSS parameters to an endpoint that uses the certificate-verification feature. Successful exploitation allows remote attack ...

oval:org.secpod.oval:def:23958
The host is installed with OpenSSL 1.0.2 before 1.0.2a and is prone to a denial of service vulnerability. A flaw is present in the application, which does not properly isolate the state information of independent data streams. Successful exploitation allows remote attacker to cause a denial of servi ...

oval:org.secpod.oval:def:203574
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid pointer use flaw was found in OpenSSL"s ASN1_TYPE_cmp function. A remote attacker could crash a TLS/SSL client or serve ...

oval:org.secpod.oval:def:1500952
An invalid pointer use flaw was found in OpenSSL's ASN1_TYPE_cmp() function. A remote attacker could crash a TLS/SSL client or server using OpenSSL via a specially crafted X.509 certificate when the attacker-supplied certificate was verified by the application.

oval:org.secpod.oval:def:1500953
An invalid pointer use flaw was found in OpenSSL's ASN1_TYPE_cmp() function. A remote attacker could crash a TLS/SSL client or server using OpenSSL via a specially crafted X.509 certificate when the attacker-supplied certificate was verified by the application.

oval:org.secpod.oval:def:23963
The host is installed with OpenSSL 1.0.2 before 1.0.2a and is prone to a security bypass vulnerability. A flaw is present in the application, which does not ensure that the PRNG is seeded before proceeding with a handshake. Successful exploitation allows remote attacker to defeat cryptographic prote ...

oval:org.secpod.oval:def:23955
The host is installed with OpenSSL 0.9.8 before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m or 1.0.2 before 1.0.2a and is prone to a denial of service vulnerability. A flaw is present in the application, which does not properly handle a lack of outer ContentInfo. Successful exploitation allows ...

oval:org.secpod.oval:def:23954
The host is installed with OpenSSL 0.9.8 before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m or 1.0.2 before 1.0.2a and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle an invalid certificate key. Successful exploitation allows remote at ...

oval:org.secpod.oval:def:23953
The host is installed with OpenSSL 0.9.8 before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m or 1.0.2 before 1.0.2a and is prone to a denial of service vulnerability. A flaw is present in the application, which does not reinitialize CHOICE and ADB data structures. Successful exploitation allows ...

oval:org.secpod.oval:def:23952
The host is installed with OpenSSL 0.9.8 before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m or 1.0.2 before 1.0.2a and is prone to a denial of service vulnerability. A flaw is present in the application, which does not properly perform boolean-type comparisons. Successful exploitation allows r ...

oval:org.secpod.oval:def:23961
The host is installed with OpenSSL 1.0.2 before 1.0.2a and is prone to a denial of service vulnerability. A flaw is present in the application, which does not properly handle an invalid signature_algorithms extension in the ClientHello message during a renegotiation. Successful exploitation allows r ...

oval:org.secpod.oval:def:23960
The host is installed with OpenSSL 1.0.2 before 1.0.2a and is prone to a denial of service vulnerability. A flaw is present in the application, which does not properly handle certain non-blocking I/O cases. Successful exploitation allows remote attacker to cause a denial of service (pointer corrupti ...

oval:org.secpod.oval:def:25305
The host is installed with Apple Mac OS X or Server 10.10.x through 10.10.3 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle a crafted CLIENT-MASTER-KEY message. Successful exploitation allows remote attackers to cause denial of service ( ...

oval:org.secpod.oval:def:23956
The host is installed with OpenSSL 0.9.8 before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m or 1.0.2 before 1.0.2a and is prone to a denial of service vulnerability. A flaw is present in the application, which does not properly handle a crafted CLIENT-MASTER-KEY message. Successful exploitatio ...

oval:org.secpod.oval:def:23962
The host is installed with OpenSSL 1.0.2 before 1.0.2a and is prone to a denial of service vulnerability. A flaw is present in the application, which does not properly handle a ClientKeyExchange message with a length of zero when client authentication and an ephemeral Diffie-Hellman ciphersuite are ...

oval:org.secpod.oval:def:203645
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could ...

oval:org.secpod.oval:def:203644
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could ...

oval:org.secpod.oval:def:25118
The host is installed with OpenSSL 0.9.8 before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m or 1.0.2 before 1.0.2a and is prone to a NULL pointer dereference and application crash crash vulnerability. A flaw is present in the application, which fails to handle a PKCS#7 blob. Successful exploit ...

oval:org.secpod.oval:def:25119
The host is installed with OpenSSL 0.9.8 before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m or 1.0.2 before 1.0.2a and is prone to a out-of-bounds read and application crash crash vulnerability. A flaw is present in the application, which fails to handle a crafted length field in ASN1_TIME dat ...

oval:org.secpod.oval:def:25120
The host is installed with OpenSSL 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n or 1.0.2 before 1.0.2b and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle ECParameters structures in which the curve is over a malformed binary pol ...

oval:org.secpod.oval:def:25116
The host is installed with OpenSSL 0.9.8 before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m or 1.0.2 before 1.0.2a and is prone to a denial of service vulnerability. A flaw is present in the application, which does not reinitialize CHOICE and ADB data structures. Successful exploitation allows ...

oval:org.secpod.oval:def:25117
The host is installed with OpenSSL 0.9.8 before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m or 1.0.2 before 1.0.2a and is prone to a double free or an application crash vulnerability. A flaw is present in the application, which fails to handle a NewSessionTicket during an attempt to reuse a ti ...

oval:org.secpod.oval:def:1501037
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could ...

oval:org.secpod.oval:def:1501036
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could ...

oval:org.secpod.oval:def:501577
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could ...

oval:org.secpod.oval:def:33380
The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base

oval:org.secpod.oval:def:37854
The host is missing a security update according to Apple advisory, APPLE-SA-2016-10-27-1. The update is required to fix multiple arbitrary code execution vulnerabilities. The flaws are present in the application, which fails to handle unknown vectors. Successful exploitation allows attackers to caus ...

oval:org.secpod.oval:def:37852
The host is installed with Xcode before 8.1 on Apple Mac OS X 10.11.5 or later and is prone to an arbitrary code execution vulnerability. A flaw is present in the Node.js, which fails to handle unknown vectors. Successful exploitation allows attackers to cause unexpected application termination or a ...

oval:org.secpod.oval:def:37851
The host is installed with Xcode before 8.1 on Apple Mac OS X 10.11.5 or later and is prone to an arbitrary code execution vulnerability. A flaw is present in the Node.js, which fails to handle unknown vectors. Successful exploitation allows attackers to cause unexpected application termination or a ...

oval:org.secpod.oval:def:1200112
A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication. A memory leak vulnerability was ...

oval:org.secpod.oval:def:501726
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked cou ...

oval:org.secpod.oval:def:31680
The host is installed with OpenSSL 1.0.2 before 1.0.2e and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite. Successful exploi ...

oval:org.secpod.oval:def:31679
The host is installed with OpenSSL 1.0.1 before 1.0.1q or 1.0.2 before 1.0.2e, Oracle MySQL 5.6.x through 5.6.28 or 5.7.x through 5.7.10 and is prone to a null pointer dereference vulnerability. A flaw is present in the application, which fails to properly handle an RSA PSS ASN.1 signature that lack ...

oval:org.secpod.oval:def:203783
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked cou ...

oval:org.secpod.oval:def:203782
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked cou ...

oval:org.secpod.oval:def:602296
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-3194 Loic Jonas Etienne of Qnective AG discovered that the signature verification routines will crash with a NULL point ...

oval:org.secpod.oval:def:1501274
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked cou ...

oval:org.secpod.oval:def:109986
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:109800
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:702871
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:32715
The host is installed with OpenSSL 1.0.1 before 1.0.1r, 1.0.2 before 1.0.2f or VM VirtualBox 5.0.x before 5.0.16 and is prone to a privilege escalation vulnerability. A flaw is present in SSLv2, which doesn't block disabled ciphers. Successful exploitation allows remote attackers to negotiate SSLv2 ...

oval:org.secpod.oval:def:501727
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to caus ...

oval:org.secpod.oval:def:31678
The host is installed with OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, 1.0.2 before 1.0.2e, VM VirtualBox 4.3.x before 4.3.36 or 5.0.x before 5.0.14 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle err ...

oval:org.secpod.oval:def:203787
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to caus ...

oval:org.secpod.oval:def:110097
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:32716
The host is installed with OpenSSL 1.0.1 before 1.0.1r or 1.0.2 before 1.0.2f and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle SSL_OP_SINGLE_DH_USE option. Successful exploitation allows remote attackers to crash the service or l ...

oval:org.secpod.oval:def:702947
openssl: Secure Socket Layer cryptographic library and tools OpenSSL could be made to expose sensitive information over the network.

oval:org.secpod.oval:def:1501268
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked cou ...

oval:org.secpod.oval:def:1500983
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could m ...

oval:org.secpod.oval:def:35814
The host is installed with OpenSSL 1.0.1 through 1.0.1t or 1.0.2 through 1.0.2h and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly use pointer arithmetic for heap-buffer boundary checks. Successful exploitation allows remote attackers to ...

oval:org.secpod.oval:def:37187
The host is installed with OpenSSL 1.0.1 through 1.0.1t or 1.0.2 through 1.0.2h and is prone to a denial of service vulnerability. A flaw is present in BN_bn2dec function, which fails to properly validate division results. Successful exploitation allows remote attackers to cause a denial of service ...

oval:org.secpod.oval:def:37186
The host is installed with OpenSSL 1.0.1 through 1.0.1t or 1.0.2 through 1.0.2h and is prone to a denial of service vulnerability. A flaw is present in Anti-Replay feature in the DTLS implementation, which mishandles early use of a new epoch number in conjunction with a large sequence number. Succes ...

oval:org.secpod.oval:def:37185
The host is installed with OpenSSL 1.0.1 through 1.0.1t or 1.0.2 through 1.0.2h and is prone to a denial of service vulnerability. A flaw is present in DTLS implementation, which fails to properly restrict the lifetime of queue entries associated with unused out-of-order messages. Successful exploit ...

oval:org.secpod.oval:def:36412
The host is installed with OpenSSL 1.0.1 through 1.0.1t or 1.0.2 through 1.0.2h and is prone to a denial of service vulnerability. A flaw is present in the application, which mishandles a crafted time-stamp file through "openssl ts" command. Successful exploitation allows remote attackers to cause a ...

oval:org.secpod.oval:def:602624
It was discovered that the original patch applied for CVE-2016-2182 in DSA-3673-1 was incomplete, causing a regression when parsing certificates. Updated packages are now available to address this problem.

oval:org.secpod.oval:def:35813
The host is installed with OpenSSL 1.0.1 through 1.0.1t or 1.0.2 through 1.0.2h and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly ensure the use of constant-time operations. Successful exploitation allows local users to easily discover a D ...

oval:org.secpod.oval:def:703283
openssl: Secure Socket Layer cryptographic library and tools Details: USN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182 was incomplete and caused a regression when parsing certificates. This update fixes the problem. We apologize for the inconvenience. Original advisory USN-308 ...

oval:org.secpod.oval:def:37189
The host is installed with OpenSSL 1.0.1 through 1.0.1t or 1.0.2 through 1.0.2h and is prone to an integer overflow vulnerability. A flaw is present in MDC2_Update function, which fails through unknown vectors. Successful exploitation allows remote attackers to cause a denial of service (out-of-boun ...

oval:org.secpod.oval:def:37188
The host is installed with OpenSSL 1.0.1 through 1.0.1t or 1.0.2 through 1.0.2h and is prone to a denial of service vulnerability. A flaw is present in tls_decrypt_ticket function, which fails to consider the HMAC size during validation of the ticket length. Successful exploitation allows remote att ...

oval:org.secpod.oval:def:37786
The host is installed with Oracle VM VirtualBox 5.0.x before 5.0.28 or 5.1.x before 5.1.8 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation can result in unauthorized ability to cause a hang or f ...

oval:org.secpod.oval:def:1600452
A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enab ...

oval:org.secpod.oval:def:37382
The host is installed with OpenSSL 1.0.1 through 1.0.1t or 1.0.2 through 1.0.2h and is prone to a denial of service vulnerability. A flaw is present in the application, which properly handle message length checks. Successful exploitation allows remote attackers to cause a denial of service.

oval:org.secpod.oval:def:37380
The host is installed with OpenSSL 1.0.1 through 1.0.1t, 1.0.2 through 1.0.2h or 1.1.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle OCSP Status Request extension. Successful exploitation allows remote attackers to cause a den ...

oval:org.secpod.oval:def:38025
The host is installed with OpenSSL 1.1.0 before 1.1.0c and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle specially crafted input. Successful exploitation allows remote attackers to cause transient authentication and key negotiation fai ...

oval:org.secpod.oval:def:111384
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:111444
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:38963
The host is installed with OpenSSL 1.1.0 before 1.1.0d or 1.0.2 before 1.0.2k and is prone to an unspecified vulnerability. A flaw is present in the application, which fails through unknown vectors. Successful exploitation allows remote attackers to cause unknown impact.

oval:org.secpod.oval:def:41382
The host is installed with Oracle MySQL Server through 5.6.35 or 5.7.17 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Security: Encryption (OpenSSL). Successful exploitation allows attackers to affect Confidential ...

oval:org.secpod.oval:def:109202
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:109227
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:602137
Multiple vulnerabilities were discovered in OpenSSL, a Secure Sockets Layer toolkit. CVE-2014-8176 Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that an invalid memory free could be triggered when buffering DTLS data. This could allow remote attackers to cause a denial of service ...

oval:org.secpod.oval:def:1501059
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An out-of-bounds read flaw was found in the X509_cmp_time function of OpenSSL. A specially crafted X.509 certificate or a Certific ...

oval:org.secpod.oval:def:203662
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An out-of-bounds read flaw was found in the X509_cmp_time function of OpenSSL. A specially crafted X.509 certificate or a Certific ...

oval:org.secpod.oval:def:25420
The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base

oval:org.secpod.oval:def:1200038
LOGJAM: A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange . An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in wh ...

oval:org.secpod.oval:def:33775
The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base

oval:org.secpod.oval:def:1501275
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked cou ...

oval:org.secpod.oval:def:501585
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An out-of-bounds read flaw was found in the X509_cmp_time function of OpenSSL. A specially crafted X.509 certificate or a Certific ...

oval:org.secpod.oval:def:109274
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:109268
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:602398
Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit. CVE-2016-0702 Yuval Yarom from the University of Adelaide and NICTA, Daniel Genkin from Technion and Tel Aviv University, and Nadia Heninger from the University of Pennsylvania discovered a side-channel attack which m ...

oval:org.secpod.oval:def:1600367
A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicl ...

oval:org.secpod.oval:def:33155
The host is installed with OpenSSL 1.0.1 before 1.0.1s or 1.0.2 before 1.0.2g and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle the SSLv2 protocol which sends ServerVerify message before establishing that a client possesses certain ...

oval:org.secpod.oval:def:501772
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to de ...

oval:org.secpod.oval:def:501773
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to de ...

oval:org.secpod.oval:def:501779
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to de ...

oval:org.secpod.oval:def:203862
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to de ...

oval:org.secpod.oval:def:203850
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to de ...

oval:org.secpod.oval:def:203851
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to de ...

oval:org.secpod.oval:def:203855
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to de ...

oval:org.secpod.oval:def:34943
The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base

oval:org.secpod.oval:def:502153
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to de ...

oval:org.secpod.oval:def:400662
This update for compat-openssl098 fixes various security issues and bugs: Security issues fixed: - CVE-2016-0800 aka the "DROWN" attack : OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher sui ...

oval:org.secpod.oval:def:1501379
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to dec ...

oval:org.secpod.oval:def:400661
This update for openssl fixes various security issues: Security issues fixed: - CVE-2016-0800 aka the "DROWN" attack : OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenba ...

oval:org.secpod.oval:def:1501381
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to dec ...

oval:org.secpod.oval:def:1501380
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to dec ...

oval:org.secpod.oval:def:1501386
A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. It was discovered that the SSL ...

oval:org.secpod.oval:def:1501390
A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. It was discovered that the SSL ...

oval:org.secpod.oval:def:1600333
A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. It was discovered that the SSL ...

oval:org.secpod.oval:def:400742
This update for openssl fixes various security issues and bugs: Security issues fixed: - CVE-2016-0800 aka the "DROWN" attack : OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a B ...

oval:org.secpod.oval:def:203849
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to de ...

oval:org.secpod.oval:def:1600397
A vulnerability was discovered that allows a man-in-the-middle attacker to use a padding oracle attack to decrypt traffic on a connection using an AES CBC cipher with a server supporting AES-NI. It was discovered that the ASN.1 parser can misinterpret a large universal tag as a negative value. If an ...

oval:org.secpod.oval:def:36411
The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base

oval:org.secpod.oval:def:110462
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:110570
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. This package contains Windows libraries and development tools.

oval:org.secpod.oval:def:34271
The host is installed with OpenSSL 1.0.1 before 1.0.1t or 1.0.2 before 1.0.2h or Oracle MySQL 5.6.x through 5.6.30 or 5.7.x through 5.7.12 and is prone to a heap overflow vulnerability. A flaw is present in the application, which fails to handle very large amounts of input data. Successful exploitat ...

oval:org.secpod.oval:def:34272
The host is installed with OpenSSL 1.0.1 before 1.0.1t or 1.0.2 before 1.0.2h and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows MITM attackers to use a padding oracle attack to decrypt ...

oval:org.secpod.oval:def:34270
The host is installed with OpenSSL 1.0.1 before 1.0.1t or 1.0.2 before 1.0.2h and is prone to a heap overflow vulnerability. A flaw is present in the application, which fails to handle very large amounts of input data. Successful exploitation allows remote attackers to supply very large amounts of i ...

oval:org.secpod.oval:def:1501503
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:38969
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to dec ...

oval:org.secpod.oval:def:400786
This update for openssl fixes the following issues: - CVE-2016-2108: Memory corruption in the ASN.1 encoder - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check - CVE-2016-2105: EVP_EncodeUpdate overflow - CVE-2016-2106: EVP_EncryptUpdate overflow - CVE-2016-2109: ASN.1 BIO excessive memory a ...

oval:org.secpod.oval:def:501818
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to creat ...

oval:org.secpod.oval:def:501822
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to creat ...

oval:org.secpod.oval:def:400644
This update for compat-openssl098 fixes the following issues: - CVE-2016-2108: Memory corruption in the ASN.1 encoder - CVE-2016-2105: EVP_EncodeUpdate overflow - CVE-2016-2106: EVP_EncryptUpdate overflow - CVE-2016-2109: ASN.1 BIO excessive memory allocation - CVE-2016-0702: Side channel attack ...

oval:org.secpod.oval:def:703087
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:110488
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:204130
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to creat ...

oval:org.secpod.oval:def:1501454
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. This package contains Windows libraries and development tools.

oval:org.secpod.oval:def:1501463
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create ...

oval:org.secpod.oval:def:400727
This update for openssl fixes the following issues: - CVE-2016-2108: Memory corruption in the ASN.1 encoder - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check - CVE-2016-2105: EVP_EncodeUpdate overflow - CVE-2016-2106: EVP_EncryptUpdate overflow - CVE-2016-2109: ASN.1 BIO excessive memory a ...

oval:org.secpod.oval:def:203932
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to creat ...

oval:org.secpod.oval:def:34273
The host is installed with OpenSSL 1.0.1 before 1.0.1o or 1.0.2 before 1.0.2c and is prone to a memory corruption vulnerability. A flaw is present in the ASN.1 parser, which does not normally create "negative zeroes". Successful exploitation allows remote attackers to can cause a buffer underflow wi ...

oval:org.secpod.oval:def:34269
The host is installed with OpenSSL 1.0.1 before 1.0.1t or 1.0.2 before 1.0.2h and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle crafted ASN.1 data. Successful exploitation allows remote attackers to cause allocation of large amounts of mem ...

oval:org.secpod.oval:def:501829
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to creat ...

oval:org.secpod.oval:def:203943
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to creat ...

oval:org.secpod.oval:def:1501483
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create ...

oval:org.secpod.oval:def:1501604
The host is installed with OpenSSL or NSS and is prone to a birthday attack vulnerability. A flaw is present in 3DES cipher as used in TLS protocol, which fails to renegotiate running connections. Successful exploitation could allow attackers to recover partial plaintext information.

oval:org.secpod.oval:def:204094
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiat ...

oval:org.secpod.oval:def:204093
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiat ...

oval:org.secpod.oval:def:38971
The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base

oval:org.secpod.oval:def:501879
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiat ...

oval:org.secpod.oval:def:602621
Several vulnerabilities were discovered in OpenSSL: CVE-2016-2177 Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/ CVE-2016-2178 Cesar Pereida, Billy Brumley and ...

oval:org.secpod.oval:def:1600457
It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system. It was discovered that the Dat ...

oval:org.secpod.oval:def:37387
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:1501583
Several vulnerabilities were discovered in OpenSSL: CVE-2016-2177 Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/ CVE-2016-2178 Cesar Pereida, Billy Brumley and ...

oval:org.secpod.oval:def:1501581
Several vulnerabilities were discovered in OpenSSL: CVE-2016-2177 Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/ CVE-2016-2178 Cesar Pereida, Billy Brumley and ...

oval:org.secpod.oval:def:703280
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:33182
The host is installed with OpenSSL 1.0.1 before 1.0.1s or 1.0.2 before 1.0.2g and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to verify successful allocation of certain memory. Successful exploitation allows remote attackers to cause a denial of s ...

oval:org.secpod.oval:def:34891
The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base

oval:org.secpod.oval:def:38965
The host is installed with OpenSSL 1.1.0 before 1.1.0d or 1.0.2 before 1.0.2k or MySQL Server through 5.6.35 or 5.7.18 is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails through unknown vectors. Successful exploitation allows remote attackers to cause ...

oval:org.secpod.oval:def:39946
The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base

oval:org.secpod.oval:def:703881
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:108520
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:1501771
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501772
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1600507
An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite. A denial of service flaw was found in the way the TLS/SSL protocol defined pro ...

oval:org.secpod.oval:def:501978
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly u ...

oval:org.secpod.oval:def:38970
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:703441
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:602756
Several vulnerabilities were discovered in OpenSSL: CVE-2016-7056 A local timing attack was discovered against ECDSA P-256. CVE-2016-8610 It was discovered that no limit was imposed on alert packets during an SSL handshake. CVE-2017-3731 Robert Swiecki discovered that the RC4-MD5 cipher when running ...

oval:org.secpod.oval:def:112006
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:112007
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:204437
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly u ...

oval:org.secpod.oval:def:204438
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly u ...

oval:org.secpod.oval:def:25312
The host is missing a security update according to Apple advisory, APPLE-SA-2015-06-30-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle a crafted vectors. Successful exploitation leads to information disclosure, security bypas ...

CVE    52
CVE-2015-1794
CVE-2016-0705
CVE-2016-0702
CVE-2016-0799
...
*CPE
cpe:/a:openssl:openssl:1.0.2

© 2013 SecPod Technologies