[Forgot Password]
Login  Register Subscribe

24003

 
 

131401

 
 

103942

 
 

909

 
 

84044

 
 

133

Paid content will be excluded from the download.


Download | Alert*


oval:org.secpod.oval:def:33157
The host is installed with OpenSSL 1.0.1 before 1.0.1s or 1.0.2 before 1.0.2g and is prone to a memory leak vulnerability. A flaw is present in the application, which fails to handle the returned pointer which was sometimes newly allocated and sometimes owned by the callee. Successful exploitation a ...

oval:org.secpod.oval:def:32715
The host is installed with OpenSSL 1.0.1 before 1.0.1r, 1.0.2 before 1.0.2f or VM VirtualBox 5.0.x before 5.0.16 and is prone to a privilege escalation vulnerability. A flaw is present in SSLv2, which doesn't block disabled ciphers. Successful exploitation allows remote attackers to negotiate SSLv2 ...

oval:org.secpod.oval:def:32716
The host is installed with OpenSSL 1.0.1 before 1.0.1r or 1.0.2 before 1.0.2f and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle SSL_OP_SINGLE_DH_USE option. Successful exploitation allows remote attackers to crash the service or l ...

oval:org.secpod.oval:def:1600404
A double-free flaw was found in the way OpenSSL parsed certain malformed DSA private keys. An attacker could create specially crafted DSA private keys that, when processed by an application compiled against OpenSSL, could cause the application to crash. The ssl_verify_server_cert function in sql-co ...

oval:org.secpod.oval:def:33160
The host is installed with OpenSSL 1.0.1 before 1.0.1s or 1.0.2 before 1.0.2g and is prone to a side-channel attack vulnerability. A flaw is present in the application, which fails to handle use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. Successful exploitation allows remot ...

oval:org.secpod.oval:def:33156
The host is installed with OpenSSL 1.0.1 before 1.0.1s or 1.0.2 before 1.0.2g, Oracle MySQL 5.6.x through 5.6.29 or 5.7.x through 5.7.11 and is prone to a double free vulnerability. A flaw is present in the application, which fails to properly handle malformed DSA private key. Successful exploitatio ...

oval:org.secpod.oval:def:33158
The host is installed with OpenSSL 1.0.1 before 1.0.1s or 1.0.2 before 1.0.2g and is prone to a null pointer deref/heap corruption vulnerability. A flaw is present in the application, which fails to handle user developed applications generated config file data. Successful exploitation leads to NULL ...

oval:org.secpod.oval:def:33159
The host is installed with OpenSSL 1.0.1 before 1.0.1s or 1.0.2 before 1.0.2g and is prone to a data overflow vulnerability. A flaw is present in the application, which fails to handle both |fmtstr| function and |doapr_outch| function which attempts to write to an OOB memory location. Successful exp ...

oval:org.secpod.oval:def:34273
The host is installed with OpenSSL 1.0.1 before 1.0.1o or 1.0.2 before 1.0.2c and is prone to a memory corruption vulnerability. A flaw is present in the ASN.1 parser, which does not normally create "negative zeroes". Successful exploitation allows remote attackers to can cause a buffer underflow wi ...

oval:org.secpod.oval:def:203943
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to creat ...

oval:org.secpod.oval:def:1501483
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create ...

oval:org.secpod.oval:def:33182
The host is installed with OpenSSL 1.0.1 before 1.0.1s or 1.0.2 before 1.0.2g and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to verify successful allocation of certain memory. Successful exploitation allows remote attackers to cause a denial of s ...

oval:org.secpod.oval:def:34891
The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base

oval:org.secpod.oval:def:204175
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid pointer use flaw was found in OpenSSL"s ASN1_TYPE_cmp function. A remote attacker could crash a TLS/SSL client or serve ...

oval:org.secpod.oval:def:33161
The host is installed with OpenSSL 1.0.2, 1.0.1 before 1.0.1m, 1.0.0 before 1.0.0r or 0.9.8ze and earlier versions and is prone to a divide-and-conquer key recovery attack vulnerability. A flaw is present in the application, which fails to handle s2_srvr.c which do not enforce that clear-key-length ...

oval:org.secpod.oval:def:33162
The host is installed with OpenSSL 1.0.2, 1.0.1 before 1.0.1m, 1.0.0 before 1.0.0r or 0.9.8ze and earlier versions and is prone to a DROWN attack vulnerability. A flaw is present in the application, which fails to handle s2_srvr.c overwriting the wrong bytes in the master-key when applying Bleichenb ...

oval:org.secpod.oval:def:400786
This update for openssl fixes the following issues: - CVE-2016-2108: Memory corruption in the ASN.1 encoder - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check - CVE-2016-2105: EVP_EncodeUpdate overflow - CVE-2016-2106: EVP_EncryptUpdate overflow - CVE-2016-2109: ASN.1 BIO excessive memory a ...

oval:org.secpod.oval:def:1600397
A vulnerability was discovered that allows a man-in-the-middle attacker to use a padding oracle attack to decrypt traffic on a connection using an AES CBC cipher with a server supporting AES-NI. It was discovered that the ASN.1 parser can misinterpret a large universal tag as a negative value. If an ...

oval:org.secpod.oval:def:36411
The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base

oval:org.secpod.oval:def:400644
This update for compat-openssl098 fixes the following issues: - CVE-2016-2108: Memory corruption in the ASN.1 encoder - CVE-2016-2105: EVP_EncodeUpdate overflow - CVE-2016-2106: EVP_EncryptUpdate overflow - CVE-2016-2109: ASN.1 BIO excessive memory allocation - CVE-2016-0702: Side channel attack ...

oval:org.secpod.oval:def:204130
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to creat ...

oval:org.secpod.oval:def:1501454
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. This package contains Windows libraries and development tools.

oval:org.secpod.oval:def:34271
The host is installed with OpenSSL 1.0.1 before 1.0.1t or 1.0.2 before 1.0.2h or Oracle MySQL 5.6.x through 5.6.30 or 5.7.x through 5.7.12 and is prone to a heap overflow vulnerability. A flaw is present in the application, which fails to handle very large amounts of input data. Successful exploitat ...

oval:org.secpod.oval:def:34272
The host is installed with OpenSSL 1.0.1 before 1.0.1t or 1.0.2 before 1.0.2h and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation allows MITM attackers to use a padding oracle attack to decrypt ...

oval:org.secpod.oval:def:34270
The host is installed with OpenSSL 1.0.1 before 1.0.1t or 1.0.2 before 1.0.2h and is prone to a heap overflow vulnerability. A flaw is present in the application, which fails to handle very large amounts of input data. Successful exploitation allows remote attackers to supply very large amounts of i ...

oval:org.secpod.oval:def:1501463
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create ...

oval:org.secpod.oval:def:1501503
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:34269
The host is installed with OpenSSL 1.0.1 before 1.0.1t or 1.0.2 before 1.0.2h and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to handle crafted ASN.1 data. Successful exploitation allows remote attackers to cause allocation of large amounts of mem ...

oval:org.secpod.oval:def:400727
This update for openssl fixes the following issues: - CVE-2016-2108: Memory corruption in the ASN.1 encoder - CVE-2016-2107: Padding oracle in AES-NI CBC MAC check - CVE-2016-2105: EVP_EncodeUpdate overflow - CVE-2016-2106: EVP_EncryptUpdate overflow - CVE-2016-2109: ASN.1 BIO excessive memory a ...

oval:org.secpod.oval:def:38969
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to dec ...

oval:org.secpod.oval:def:203932
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to creat ...

oval:org.secpod.oval:def:38552
The host is installed with Apple Mac OS X or Server 10.11.6 or 10.12.x through 10.12.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle unknown vectors. Successful exploitation could allow attackers to cause a denial of service.

oval:org.secpod.oval:def:1600452
A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enab ...

oval:org.secpod.oval:def:37382
The host is installed with OpenSSL 1.0.1 through 1.0.1t or 1.0.2 through 1.0.2h and is prone to a denial of service vulnerability. A flaw is present in the application, which properly handle message length checks. Successful exploitation allows remote attackers to cause a denial of service.

oval:org.secpod.oval:def:37380
The host is installed with OpenSSL 1.0.1 through 1.0.1t, 1.0.2 through 1.0.2h or 1.1.0 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle OCSP Status Request extension. Successful exploitation allows remote attackers to cause a den ...

oval:org.secpod.oval:def:37786
The host is installed with Oracle VM VirtualBox 5.0.x before 5.0.28 or 5.1.x before 5.1.8 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle unknown vectors. Successful exploitation can result in unauthorized ability to cause a hang or f ...

oval:org.secpod.oval:def:37774
The host is installed with Oracle MySQL Server through 5.6.33 or 5.7.15 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Security: Encryption. Successful exploitation allows attackers to affect Availability.

oval:org.secpod.oval:def:1501809
The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls . Security Fix: * A denial of service flaw was found in the way the ...

oval:org.secpod.oval:def:39002
gnutls28: GNU TLS library - gnutls26: GNU TLS library Several security issues were fixed in GnuTLS.

oval:org.secpod.oval:def:1600524
A denial of service flaw was found in the way the TLS/SSL protocol definedprocessing of ALERT packets during a connection handshake. A remote attackercould use this flaw to make a TLS/SSL server consume an excessive amount of CPUand fail to accept connections form other clients. Multiple flaws were ...

oval:org.secpod.oval:def:38972
The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base

oval:org.secpod.oval:def:703445
gnutls28: GNU TLS library - gnutls26: GNU TLS library Several security issues were fixed in GnuTLS.

oval:org.secpod.oval:def:501818
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to creat ...

oval:org.secpod.oval:def:501822
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to creat ...

oval:org.secpod.oval:def:501829
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to creat ...

oval:org.secpod.oval:def:38963
The host is installed with OpenSSL 1.1.0 before 1.1.0d or 1.0.2 before 1.0.2k and is prone to an unspecified vulnerability. A flaw is present in the application, which fails through unknown vectors. Successful exploitation allows remote attackers to cause unknown impact.

oval:org.secpod.oval:def:38965
The host is installed with OpenSSL 1.1.0 before 1.1.0d or 1.0.2 before 1.0.2k or MySQL Server through 5.6.35 or 5.7.18 is prone to an out-of-bounds read vulnerability. A flaw is present in the application, which fails through unknown vectors. Successful exploitation allows remote attackers to cause ...

oval:org.secpod.oval:def:1501771
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:1501772
The advisory is missing the security advisory description. For more information please visit the reference link

oval:org.secpod.oval:def:602756
Several vulnerabilities were discovered in OpenSSL: CVE-2016-7056 A local timing attack was discovered against ECDSA P-256. CVE-2016-8610 It was discovered that no limit was imposed on alert packets during an SSL handshake. CVE-2017-3731 Robert Swiecki discovered that the RC4-MD5 cipher when running ...

oval:org.secpod.oval:def:204437
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly u ...

oval:org.secpod.oval:def:204438
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly u ...

oval:org.secpod.oval:def:41382
The host is installed with Oracle MySQL Server through 5.6.35 or 5.7.17 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Security: Encryption (OpenSSL). Successful exploitation allows attackers to affect Confidential ...

oval:org.secpod.oval:def:1600507
An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite. A denial of service flaw was found in the way the TLS/SSL protocol defined pro ...

oval:org.secpod.oval:def:501978
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly u ...

oval:org.secpod.oval:def:39946
The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base

oval:org.secpod.oval:def:38970
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:703441
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:113571
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:703881
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:603154
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3735 It was discovered that OpenSSL is prone to a one-byte buffer overread while parsing a malformed IPAddressFamily ex ...

oval:org.secpod.oval:def:603153
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3735 It was discovered that OpenSSL is prone to a one-byte buffer overread while parsing a malformed IPAddressFamily ex ...

oval:org.secpod.oval:def:43056
The host is installed with Apple Mac OS X 10.13.1 or 10.12.6 or 10.11.6 and is prone to an out-of-bounds read vulnerability. The flaw is present in the application, which fails to properly handle an out-of-bounds read issue, which existed in X.509 IPAddressFamily parsing. Successful exploitation all ...

oval:org.secpod.oval:def:43224
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:113486
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:113480
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:703928
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:603217
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3737 David Benjamin of Google reported that OpenSSL does not properly handle SSL_read and SSL_write while being invoked ...

oval:org.secpod.oval:def:33155
The host is installed with OpenSSL 1.0.1 before 1.0.1s or 1.0.2 before 1.0.2g and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle the SSLv2 protocol which sends ServerVerify message before establishing that a client possesses certain ...

oval:org.secpod.oval:def:400662
This update for compat-openssl098 fixes various security issues and bugs: Security issues fixed: - CVE-2016-0800 aka the "DROWN" attack : OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher sui ...

oval:org.secpod.oval:def:1501379
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to dec ...

oval:org.secpod.oval:def:400661
This update for openssl fixes various security issues: Security issues fixed: - CVE-2016-0800 aka the "DROWN" attack : OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenba ...

oval:org.secpod.oval:def:1501381
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to dec ...

oval:org.secpod.oval:def:1501380
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to dec ...

oval:org.secpod.oval:def:1501386
A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. It was discovered that the SSL ...

oval:org.secpod.oval:def:1501390
A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. It was discovered that the SSL ...

oval:org.secpod.oval:def:203862
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to de ...

oval:org.secpod.oval:def:1600333
A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. It was discovered that the SSL ...

oval:org.secpod.oval:def:203850
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to de ...

oval:org.secpod.oval:def:203851
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to de ...

oval:org.secpod.oval:def:203855
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to de ...

oval:org.secpod.oval:def:1600367
A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicl ...

oval:org.secpod.oval:def:400742
This update for openssl fixes various security issues and bugs: Security issues fixed: - CVE-2016-0800 aka the "DROWN" attack : OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a B ...

oval:org.secpod.oval:def:203849
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to de ...

oval:org.secpod.oval:def:34943
The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base

oval:org.secpod.oval:def:502153
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 protocol. An attacker can potentially use this flaw to de ...

oval:org.secpod.oval:def:43036
The host is installed with Apple Mac OS 10.13.1 or 10.12.6 or 10.11.6 and is prone to multiple vulnerabilities. The flaw is present in the application, which fails to properly handle multiple issues. Successful exploitation allows remote attackers to execute arbitrary code or read restricted memory.

oval:org.secpod.oval:def:602621
Several vulnerabilities were discovered in OpenSSL: CVE-2016-2177 Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/ CVE-2016-2178 Cesar Pereida, Billy Brumley and ...

oval:org.secpod.oval:def:1600457
It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system. It was discovered that the Dat ...

oval:org.secpod.oval:def:1501604
The host is installed with OpenSSL or NSS and is prone to a birthday attack vulnerability. A flaw is present in 3DES cipher as used in TLS protocol, which fails to renegotiate running connections. Successful exploitation could allow attackers to recover partial plaintext information.

oval:org.secpod.oval:def:204094
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiat ...

oval:org.secpod.oval:def:204093
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiat ...

oval:org.secpod.oval:def:37387
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:1501583
Several vulnerabilities were discovered in OpenSSL: CVE-2016-2177 Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/ CVE-2016-2178 Cesar Pereida, Billy Brumley and ...

oval:org.secpod.oval:def:1501581
Several vulnerabilities were discovered in OpenSSL: CVE-2016-2177 Guido Vranken discovered that OpenSSL uses undefined pointer arithmetic. Additional information can be found at https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/ CVE-2016-2178 Cesar Pereida, Billy Brumley and ...

oval:org.secpod.oval:def:38971
The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base

oval:org.secpod.oval:def:703280
openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL.

oval:org.secpod.oval:def:501879
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiat ...

oval:org.secpod.oval:def:1800846
CVE-2017-3731: Truncated packet could crash via OOB read If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the cra ...

oval:org.secpod.oval:def:1800292
CVE-2017-3735: Malformed X.509 IPAdressFamily could cause OOB read If an X.509 certificate has a malformed IPAddressFamily extension,OpenSSL could do a one-byte buffer overread. The most likely result would be an erroneous display of the certificate in text format. Fixed In Version openssl 1.0.2m, o ...

oval:org.secpod.oval:def:1800596
CVE-2017-3737: Read/write after SSL object in error state OpenSSL 1.0.2 introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This wo ...

oval:org.secpod.oval:def:38489
The host is missing a critical security update according to Apple advisory, APPLE-SA-2016-12-13-1. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute a ...

oval:org.secpod.oval:def:1800308
CVE-2017-3737: Read/write after SSL object in error state; OpenSSL 1.0.2 introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This w ...

oval:org.secpod.oval:def:1800136
CVE-2017-3737: Read/write after SSL object in error state¶ OpenSSL 1.0.2 introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake thenOpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. Th ...

oval:org.secpod.oval:def:1800417
CVE-2017-3731: Truncated packet could crash via OOB read. If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the cr ...

oval:org.secpod.oval:def:1800554
CVE-2017-3735: Malformed X.509 IPAdressFamily could cause OOB read. If an X.509 certificate has a malformed IPAddressFamily extension,OpenSSL could do a one-byte buffer overread. The most likely result would be an erroneous display of the certificate in text format. Fixed In Version: openssl 1.0.2m, ...

oval:org.secpod.oval:def:1800544
CVE-2016-2183: SWEET32 Mitigation. SWEET32

oval:org.secpod.oval:def:1800624
CVE-2017-3737: Read/write after SSL object in error state. OpenSSL 1.0.2 introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This w ...

oval:org.secpod.oval:def:1800720
CVE-2017-3735: Malformed X.509 IPAdressFamily could cause OOB read; If an X.509 certificate has a malformed IPAddressFamily extension,OpenSSL could do a one-byte buffer over read. The most likely result would be an erroneous display of the certificate in text format. Fixed In Version: openssl 1.0.2m ...

oval:org.secpod.oval:def:603338
Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3738 David Benjamin of Google reported an overflow bug in the AVX2 Montgomery multiplication procedure used in exponent ...

oval:org.secpod.oval:def:502273
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: bn_sqrx8x_internal carry bug on x86_64 * openssl: Read/write after SSL object in error state * openssl: ...

oval:org.secpod.oval:def:110255
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:110297
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:111384
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:111444
The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols.

oval:org.secpod.oval:def:1502170
The advisory is missing the security advisory description. For more information please visit the reference link

CVE    24
CVE-2015-3197
CVE-2017-3735
CVE-2016-0704
CVE-2016-0703
...
*CPE
cpe:/a:openssl:openssl:1.0.2:beta2

© 2013 SecPod Technologies