Download
| Alert*
oval:org.secpod.oval:def:37379
OpenSSL 1.1.0 (64 bit) is installed oval:org.secpod.oval:def:38023 The host is installed with OpenSSL 1.1.0 before 1.1.0c and is prone to a heap based buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle TLS connections. Successful exploitation allows remote attackers to crash OpenSSL. oval:org.secpod.oval:def:38024 The host is installed with OpenSSL 1.1.0 before 1.1.0c and is prone to a CMS null pointer dereference vulnerability. A flaw is present in the application, which fails to properly handle ASN.1 CHOICE type. Successful exploitation allows remote attackers to result in a NULL value being passed to the s ... oval:org.secpod.oval:def:39102 The host is installed with OpenSSL 1.1.0 before 1.1.0e and is prone to a denial of service vulnerability. A flaw is present in the application, which fails handle a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa). Suc ... oval:org.secpod.oval:def:38964 The host is installed with OpenSSL 1.1.0 before 1.1.0d and is prone to a null pointer dereference vulnerability. A flaw is present in the application, which fails through unknown vectors. Successful exploitation allows remote attackers to perform an out-of-bounds read resulting in a crash. oval:org.secpod.oval:def:48611 The host is installed with OpenSSL 1.1.0 through 1.1.0i or 1.1.1 and is prone to a timing side channel attack vulnerability. A flaw is present in the ECDSA algorithm. On successful exploitation, an attacker could use variations in the signing algorithm to recover the private key. oval:org.secpod.oval:def:51005 The host is installed with OpenSSL 1.1.0 through 1.1.0j or through 1.1.1b or Oracle VM VirtualBox 5.2.x before 5.2.32 or 6.0.10 and is prone to an information disclosure vulnerability. A flaw is present in the way the ChaCha20-Poly1305 cipher uses reused nonce values. On successful exploitation, an ... oval:org.secpod.oval:def:37399 The host is installed with OpenSSL 1.1.0a and is prone to an use-after-free vulnerability. A flaw is present in the application, which fails to properly handle a crafted TLS session. Successful exploitation allows remote attackers to cause a denial of service (use-after-free) or possibly execute arb ... oval:org.secpod.oval:def:58642 The host is installed with OpenSSL 1.1.0 through 1.1.0k, 1.0.2 through 1.0.2s or 1.1.1 through 1.1.1c and is prone to a padding Oracle attack vulnerability. A flaw is present in the application which fails to handle the public RSA key. Successful exploitation allows an attacker to recover a CMS/PKCS ... oval:org.secpod.oval:def:44771 The host is installed with OpenSSL 1.1.0 before 1.1.0h or OpenSSL 1.0.2b before 1.0.2n or MySQL Server prior to 5.6.40, 5.7.22 or 8.0.11 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle malicious input to a stack. Successful expl ... oval:org.secpod.oval:def:58644 The host is installed with OpenSSL 1.1.0 through 1.1.0k, 1.0.2 through 1.0.2s or 1.1.1 through 1.1.1c, Oracle VM VirtualBox before 5.2.34, prior to 6.0.14 or Oracle MySQL Server through 5.6.46, 5.7.26 or 8.0.18and is prone to a ECDSA remote timing attack vulnerability. A flaw is present in the appli ... oval:org.secpod.oval:def:45288 The host is installed with OpenSSL 1.1.0 through 1.1.0h or OpenSSL 1.0.2b through 1.0.2n and is prone to a cache timing side channel attack vulnerability. A flaw is present in the application, which fails to properly handle malicious input to a stack. Successful exploitation can allow attackers to c ... oval:org.secpod.oval:def:38963 The host is installed with OpenSSL 1.1.0 before 1.1.0d or 1.0.2 before 1.0.2k and is prone to an unspecified vulnerability. A flaw is present in the application, which fails through unknown vectors. Successful exploitation allows remote attackers to cause unknown impact. oval:org.secpod.oval:def:38025 The host is installed with OpenSSL 1.1.0 before 1.1.0c and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to properly handle specially crafted input. Successful exploitation allows remote attackers to cause transient authentication and key negotiation fai ... oval:org.secpod.oval:def:51450 The host is installed with OpenSSL 1.1.0 through 1.1.0h or OpenSSL 1.0.2 through 1.0.2p and is prone to a microarchitecture timing side channel attack vulnerability. A flaw is present in the application, which fails to properly handle an issue in ECDSA signature generation. Successful exploitation c ... oval:org.secpod.oval:def:49221 The host is installed with OpenSSL 1.1.0 through 1.1.0i, 1.0.2 through 1.0.2p or 1.1.1 and is prone to a timing side channel attack vulnerability. A flaw is present in the DSA algorithm. On successful exploitation, an attacker could use variations in the signing algorithm to recover the private key. oval:org.secpod.oval:def:46150 The host is installed with OpenSSL 1.1.0 through 1.1.0h or OpenSSL 1.0.2 through 1.0.2o or Oracle VM VirtualBox before 5.2.20 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a key agreement issue in a TLS handshake using a DH(E) ... |