accept no compromises
Showing 1 - 25 of 70 RSS Feed

CVE-2014-0224

Status Candidate

Overview

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.

Related Files

HP Security Bulletin HPSBST03642 3
Posted Jan 25, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03642 3 - Security vulnerabilities in OpenSSL and OpenSSH were addressed in HPE StoreVirtual products using LeftHand OS. These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely resulting in disclosure of information, additional OpenSSL and OpenSSH vulnerabilities which could be remotely exploited resulting in arbitrary code execution, unauthorized access, disclosure of information, or Denial of Service (DoS). Revision 3 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability, code execution
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470, CVE-2014-3566, CVE-2016-0705
MD5 | 2a7fc4c484132a88fb19a3bff6be7eaa
HP Security Bulletin HPSBST03195 1
Posted Apr 3, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03195 1 - Potential security vulnerabilities have been identified with HP 3PAR Service Processor (SP) running OpenSSL and Bash. The OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely resulting in disclosure of information. The Bash Shell vulnerability known as "Shellshock" which could be exploited remotely resulting in execution of code. Revision 1 of this advisory.

tags | advisory, shell, vulnerability, bash
advisories | CVE-2014-0224, CVE-2014-3566, CVE-2014-6271, CVE-2014-7169
MD5 | a3597b64c42716642c509ae51cfced26
Mandriva Linux Security Advisory 2015-062
Posted Mar 27, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-062 - Multiple vulnerabilities has been discovered and corrected in openssl. The updated packages have been upgraded to the 1.0.1m version where these security flaws has been fixed.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0160, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470, CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206, CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0293
MD5 | 9412decee50df63b317420ad5180fc9f
HP Security Bulletin HPSBPI03107 2
Posted Mar 9, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI03107 2 - A potential security vulnerability has been identified with certain HP LaserJet Printers, MFPs and certain HP OfficeJet Enterprise Printers using OpenSSL. The vulnerability could be exploited remotely to allow remote unauthorized access. Note: This OpenSSL vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP printer products. This bulletin notifies HP Printer customers about impacted products. Revision 2 of this advisory.

tags | advisory, remote
advisories | CVE-2014-0224
MD5 | a26fa68ef801b0d0766ccd5fefe1e021
HP Security Bulletin HPSBST03265
Posted Mar 5, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03265 - Potential security vulnerabilities have been identified with the HP VMA SAN Gateway running OpenSSL and Bash Shell. These vulnerabilities ("Padding Oracle on Downgraded Legacy Encryption" or "POODLE", Heartbleed, and Shellshock) could be exploited remotely to create a Denial of Service (DoS), allow unauthorized access, or disclose information. Revision 1 of this advisory.

tags | advisory, denial of service, shell, vulnerability, bash
advisories | CVE-2014-0224, CVE-2014-3566, CVE-2014-6271
MD5 | b756d240bc0672bd429e2cbbf578a649
HP Security Bulletin HPSBMU03216 2
Posted Feb 9, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03216 2 - Potential security vulnerabilities have been identified with HP Service Manager running SSLv3. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), unauthorized access or disclosure of information. Revision 2 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2014-0224, CVE-2014-3509, CVE-2014-3511, CVE-2014-5139
MD5 | b5babfa0f5e54df79df4f54e832a61bf
HP Security Bulletin HPSBST03106 2
Posted Dec 10, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03106 2 - A potential security vulnerability has been identified in the HP P2000 G3 MSA Array System, the HP MSA 2040 Storage, and the HP MSA 1040 Storage running OpenSSL. This vulnerability could be exploited remotely resulting in unauthorized access or disclosure of information. Revision 2 of this advisory.

tags | advisory
advisories | CVE-2014-0224
MD5 | 8213f4bca976cbbda284fa980819dd7d
HP Security Bulletin HPSBHF03052 2
Posted Nov 21, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03052 2 - Potential security vulnerabilities have been identified with HP Network Products running OpenSSL. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, modify or disclose information. Revision 2 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2010-5298, CVE-2014-0198, CVE-2014-0224
MD5 | a9008f2f3c90dcd47c4526d8ff4e967a
HP Security Bulletin HPSBHF03145
Posted Oct 20, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03145 - A potential security vulnerability has been identified with HP Integrity Superdome X and HP ConvergedSystem 900 for SAP HANA. This is the Bash Shell vulnerability known as "Shellshock" which could be exploited remotely to allow execution of code. This vulnerability allows users that have been granted access to a shell script to escalate privilege and execute unrestricted commands at the same security level as the Bash script. Revision 1 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-0224, CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169
MD5 | fc84e703ad22278aaa0ed472da184f16
HP Security Bulletin HPSBST03097
Posted Oct 20, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03097 - A potential security vulnerability has been identified with HP Command View for Tape Libraries (CVTL) running OpenSSL with SMI-S client when retrieving information from legacy tape libraries. The OpenSSL vulnerability could be exploited remotely resulting in unauthorized access or disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-0224
MD5 | 6eb673dc9935135eef7f473b83ac1661
HP Security Bulletin HPSBST03103
Posted Sep 25, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03103 - A potential security vulnerability has been identified with HP Storage Enterprise Virtual Array (EVA) Command View Suite. The vulnerability could be exploited to allow remote unauthorized access and disclosure of information. This OpenSSL vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP Software products. This bulletin notifies HP Software customers about products affected by the OpenSSL vulnerabilities. Note: OpenSSL vulnerabilities are vulnerabilities found in the OpenSSL product cryptographic software library product. This weakness potentially allows a Man in the Middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The impacted products appear in the list below are vulnerable due to embedding of OpenSSL standard release software. Revision 1 of this advisory.

tags | advisory, remote, vulnerability
advisories | CVE-2014-0224
MD5 | e81e1b90b54765140868a35f6cbf14e9
HP Security Bulletin HPSBPI03107
Posted Sep 22, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI03107 - A potential security vulnerability has been identified with certain HP LaserJet Printers, MFPs and certain HP OfficeJet Enterprise Printers using OpenSSL. The vulnerability could be exploited remotely to allow remote unauthorized access. Note: This OpenSSL vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP printer products. This bulletin notifies HP Printer customers about impacted products. Revision 1 of this advisory.

tags | advisory, remote
advisories | CVE-2014-0224
MD5 | b509c7f749249bc087c82ba43998458a
Apple Security Advisory 2014-09-17-3
Posted Sep 19, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-09-17-3 - OS X Mavericks 10.9.5 and Security Update 2014-004 are now available and address PHP code execution, Bluetooth API validation, PDF handling, and various other vulnerabilities.

tags | advisory, php, vulnerability, code execution
systems | apple, osx
advisories | CVE-2013-7345, CVE-2014-0076, CVE-2014-0185, CVE-2014-0195, CVE-2014-0207, CVE-2014-0221, CVE-2014-0224, CVE-2014-0237, CVE-2014-0238, CVE-2014-1391, CVE-2014-1943, CVE-2014-2270, CVE-2014-2525, CVE-2014-3470, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3515, CVE-2014-3981, CVE-2014-4049, CVE-2014-4350, CVE-2014-4374, CVE-2014-4376, CVE-2014-4377, CVE-2014-4378, CVE-2014-4379, CVE-2014-4381
MD5 | fc28042ffd26443278d5bacc74e2c78e
HP Security Bulletin HPSBST03106
Posted Sep 11, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03106 - A potential security vulnerability has been identified in HP P2000 G3 MSA Array System running OpenSSL. This vulnerability could be exploited remotely resulting in unauthorized access or disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-0224
MD5 | df182296eaae3aa510bff8454eec38a6
HP Security Bulletin HPSBMU03083 2
Posted Sep 4, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03083 2 - A potential security vulnerability has been identified with HP BladeSystem c-Class Virtual Connect Firmware running OpenSSL. This vulnerability could be exploited remotely resulting in unauthorized access or disclosure of information. Revision 2 of this advisory.

tags | advisory
advisories | CVE-2014-0224
MD5 | 166130a9f876e6eba35a28fde5e597b8
HP Security Bulletin HPSBMU03076 2
Posted Aug 26, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03076 2 - Potential security vulnerabilities have been identified with HP Systems Insight Manager running on Linux and Windows which could be exploited remotely resulting in multiple vulnerabilities. Revision 2 of this advisory.

tags | advisory, vulnerability
systems | linux, windows
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
MD5 | fc0fb1a5c99c50587972068ea54dd519
HP Security Bulletin HPSBST03098
Posted Aug 22, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03098 - A potential security vulnerability has been identified with HP StoreEver MSL6480 Tape Library running OpenSSL. The OpenSSL vulnerability could be exploited remotely resulting in unauthorized access or disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-0224
MD5 | 281dfaca84e63b03d2aaca9824fbeced
HP Security Bulletin HPSBMU03101
Posted Aug 20, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03101 - A potential security vulnerability has been identified with HP Asset Manager and CloudSystem Chargeback running OpenSSL. The vulnerability could be exploited remotely to allow disclosure information or unauthorized access. This OpenSSL vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP Software products. This bulletin notifies HP Software customers about products affected by this OpenSSL vulnerability. Note: OpenSSL vulnerabilities, are found in the OpenSSL product cryptographic software library product. This weakness potentially allows Man in the Middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The impacted products appear in the list below are vulnerable due to embedding of OpenSSL standard release software. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2014-0224
MD5 | 0a545b1a67f268b63203b04c44fc100e
HP Security Bulletin HPSBMU03094
Posted Aug 20, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03094 - A potential security vulnerability has been identified with HP Connect-IT running OpenSSL. The vulnerability could be exploited remotely to allow disclosure information or unauthorized access. This OpenSSL vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP Software products. This bulletin notifies HP Software customers about products affected by this OpenSSL vulnerability. Note: OpenSSL vulnerabilities, are found in the OpenSSL product cryptographic software library product. This weakness potentially allows Man in the Middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The impacted products appear in the list below are vulnerable due to embedding of OpenSSL standard release software. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2014-0224
MD5 | fb78053a11e948dcbf72445f275285e4
EMC Documentum Code Execution / DQL Injection
Posted Aug 19, 2014
Site emc.com

EMC Documentum suffers from code execution, DQL injection, information disclosure, and multiple openssl vulnerabilities. Nicolas Gregoire provided the following PoC for the DQL injection: x'+UNION+ALL+SELECT+'z',user_os_name,user_name,default_folder+FROM+dm_user+ENABLE+(RETURN_TOP+10);

tags | advisory, vulnerability, code execution, info disclosure
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-2520, CVE-2014-2521, CVE-2014-3470, CVE-2014-4618
MD5 | 195d54f55c648fad9271c1531c1e58bd
Ubuntu Security Notice USN-2232-4
Posted Aug 18, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2232-4 - USN-2232-1 fixed vulnerabilities in OpenSSL. One of the patch backports for Ubuntu 10.04 LTS caused a regression for certain applications. This update fixes the problem.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
MD5 | 9d238865528a67ca94e99c7fd79ce21e
HP Security Bulletin HPSBHF03088
Posted Aug 14, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03088 - A potential security vulnerability has been identified with the HP Integrity SD2 CB900s i2 and i4 Servers running OpenSSL. This vulnerability could be exploited remotely resulting in unauthorized access or disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-0224
MD5 | 236c0057897a0e841c58575327682599
HP Security Bulletin HPSBMU03089
Posted Aug 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03089 - A potential security vulnerability has been identified with HP Executive Scorecard running OpenSSL. The vulnerability could be exploited remotely to allow disclosure information. This OpenSSL vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP Software products. This bulletin notifies HP Software customers about products affected by the OpenSSL vulnerabilities Note: OpenSSL vulnerabilities, are vulnerabilities found in the OpenSSL product cryptographic software library product. This weakness potentially allows Man in the Middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The impacted products appear in the list below are vulnerable due to embedding of OpenSSL standard release software. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2014-0224
MD5 | 815091302c2735025ef38a270df07936
HP Security Bulletin HPSBMU03062
Posted Aug 8, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03062 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH), HP Smart Update Manager (SUM), and HP Version Control Agent (VCA) running on Linux and Windows. These components of HP Insight Control server deployment could be exploited remotely resulting in denial of service (DoS), code execution, unauthorized access, or disclosure of information. HP Insight Control server deployment packages HP System Management Homepage (SMH) and HP Version Control Agent (VCA), and HP Smart Update Manager (SUM) and deploys them through the following components. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, windows
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
MD5 | a5b9594c915060ca771d3ef479ffd948
HP Security Bulletin HPSBMU03083
Posted Aug 5, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03083 - A potential security vulnerability has been identified with HP BladeSystem c-Class Virtual Connect Firmware running OpenSSL. This vulnerability could be exploited remotely resulting in unauthorized access or disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-0224
MD5 | ee6128cf9601d37058846e1c6f6e17a2
Page 1 of 3
Back123Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    11 Files
  • 21
    Jul 21st
    4 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close