exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 70 RSS Feed

CVE-2014-0224

Status Candidate

Overview

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.

Related Files

HP Security Bulletin HPSBST03642 3
Posted Jan 25, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03642 3 - Security vulnerabilities in OpenSSL and OpenSSH were addressed in HPE StoreVirtual products using LeftHand OS. These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely resulting in disclosure of information, additional OpenSSL and OpenSSH vulnerabilities which could be remotely exploited resulting in arbitrary code execution, unauthorized access, disclosure of information, or Denial of Service (DoS). Revision 3 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability, code execution
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470, CVE-2014-3566, CVE-2016-0705
SHA-256 | 864bcff09d4a86c839035348112fa45614c1f5e5a95ea128a61d9122002eb2f1
HP Security Bulletin HPSBST03195 1
Posted Apr 3, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03195 1 - Potential security vulnerabilities have been identified with HP 3PAR Service Processor (SP) running OpenSSL and Bash. The OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "Poodle", which could be exploited remotely resulting in disclosure of information. The Bash Shell vulnerability known as "Shellshock" which could be exploited remotely resulting in execution of code. Revision 1 of this advisory.

tags | advisory, shell, vulnerability, bash
advisories | CVE-2014-0224, CVE-2014-3566, CVE-2014-6271, CVE-2014-7169
SHA-256 | 6a809ea757ff22870a3e4f96354ac184c8c6886fa4f952676c8a777eb3d928e2
Mandriva Linux Security Advisory 2015-062
Posted Mar 27, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-062 - Multiple vulnerabilities has been discovered and corrected in openssl. The updated packages have been upgraded to the 1.0.1m version where these security flaws has been fixed.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0160, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470, CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206, CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0293
SHA-256 | e171ec43c2e20ccaebff7416a52645d7f17fe5f2ac7aa5376af3eb0518dd7115
HP Security Bulletin HPSBPI03107 2
Posted Mar 9, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI03107 2 - A potential security vulnerability has been identified with certain HP LaserJet Printers, MFPs and certain HP OfficeJet Enterprise Printers using OpenSSL. The vulnerability could be exploited remotely to allow remote unauthorized access. Note: This OpenSSL vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP printer products. This bulletin notifies HP Printer customers about impacted products. Revision 2 of this advisory.

tags | advisory, remote
advisories | CVE-2014-0224
SHA-256 | c1ad504494d3cdd80a5c5cdc4156f38730c673b2d60c7e2e87ea3ef6f4099a3a
HP Security Bulletin HPSBST03265
Posted Mar 5, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03265 - Potential security vulnerabilities have been identified with the HP VMA SAN Gateway running OpenSSL and Bash Shell. These vulnerabilities ("Padding Oracle on Downgraded Legacy Encryption" or "POODLE", Heartbleed, and Shellshock) could be exploited remotely to create a Denial of Service (DoS), allow unauthorized access, or disclose information. Revision 1 of this advisory.

tags | advisory, denial of service, shell, vulnerability, bash
advisories | CVE-2014-0224, CVE-2014-3566, CVE-2014-6271
SHA-256 | 92118da9cc0dbaddd32d8fde76690a96c700f87356ab76b9c4e352f73d6ee51a
HP Security Bulletin HPSBMU03216 2
Posted Feb 9, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03216 2 - Potential security vulnerabilities have been identified with HP Service Manager running SSLv3. The vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), unauthorized access or disclosure of information. Revision 2 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2014-0224, CVE-2014-3509, CVE-2014-3511, CVE-2014-5139
SHA-256 | d6e4d8db5b70219011e3b645dfcaaf14015a67c7e5e692382493804c69e12e82
HP Security Bulletin HPSBST03106 2
Posted Dec 10, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03106 2 - A potential security vulnerability has been identified in the HP P2000 G3 MSA Array System, the HP MSA 2040 Storage, and the HP MSA 1040 Storage running OpenSSL. This vulnerability could be exploited remotely resulting in unauthorized access or disclosure of information. Revision 2 of this advisory.

tags | advisory
advisories | CVE-2014-0224
SHA-256 | be2cd87e90b37f347ee2785aa375eeca258a257d0f41f1b4c94608614ad64569
HP Security Bulletin HPSBHF03052 2
Posted Nov 21, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03052 2 - Potential security vulnerabilities have been identified with HP Network Products running OpenSSL. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, modify or disclose information. Revision 2 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2010-5298, CVE-2014-0198, CVE-2014-0224
SHA-256 | 05b5388c45bab42768c86cb307b795bd77831c2a0e62454db751fab2eff1be37
HP Security Bulletin HPSBHF03145
Posted Oct 20, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03145 - A potential security vulnerability has been identified with HP Integrity Superdome X and HP ConvergedSystem 900 for SAP HANA. This is the Bash Shell vulnerability known as "Shellshock" which could be exploited remotely to allow execution of code. This vulnerability allows users that have been granted access to a shell script to escalate privilege and execute unrestricted commands at the same security level as the Bash script. Revision 1 of this advisory.

tags | advisory, shell, bash
advisories | CVE-2014-0224, CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169
SHA-256 | 2fd50d7e08d80f7519616b15757f4e909dcbfe0263378c1519b97902f322248d
HP Security Bulletin HPSBST03097
Posted Oct 20, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03097 - A potential security vulnerability has been identified with HP Command View for Tape Libraries (CVTL) running OpenSSL with SMI-S client when retrieving information from legacy tape libraries. The OpenSSL vulnerability could be exploited remotely resulting in unauthorized access or disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-0224
SHA-256 | 5eb61de660f6205596a411c2a8cb77b1793adf6289a21507904b04101d7404e9
HP Security Bulletin HPSBST03103
Posted Sep 25, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03103 - A potential security vulnerability has been identified with HP Storage Enterprise Virtual Array (EVA) Command View Suite. The vulnerability could be exploited to allow remote unauthorized access and disclosure of information. This OpenSSL vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP Software products. This bulletin notifies HP Software customers about products affected by the OpenSSL vulnerabilities. Note: OpenSSL vulnerabilities are vulnerabilities found in the OpenSSL product cryptographic software library product. This weakness potentially allows a Man in the Middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The impacted products appear in the list below are vulnerable due to embedding of OpenSSL standard release software. Revision 1 of this advisory.

tags | advisory, remote, vulnerability
advisories | CVE-2014-0224
SHA-256 | 882f09e4ae66f5476a8646fa21caa2060ff6252423c643fc39c47a7720edd173
HP Security Bulletin HPSBPI03107
Posted Sep 22, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBPI03107 - A potential security vulnerability has been identified with certain HP LaserJet Printers, MFPs and certain HP OfficeJet Enterprise Printers using OpenSSL. The vulnerability could be exploited remotely to allow remote unauthorized access. Note: This OpenSSL vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP printer products. This bulletin notifies HP Printer customers about impacted products. Revision 1 of this advisory.

tags | advisory, remote
advisories | CVE-2014-0224
SHA-256 | c630d7cb333d249c31f5bfb55e2236a3d8bbab6a9929e9aed07b2ff46802f312
Apple Security Advisory 2014-09-17-3
Posted Sep 19, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-09-17-3 - OS X Mavericks 10.9.5 and Security Update 2014-004 are now available and address PHP code execution, Bluetooth API validation, PDF handling, and various other vulnerabilities.

tags | advisory, php, vulnerability, code execution
systems | apple, osx
advisories | CVE-2013-7345, CVE-2014-0076, CVE-2014-0185, CVE-2014-0195, CVE-2014-0207, CVE-2014-0221, CVE-2014-0224, CVE-2014-0237, CVE-2014-0238, CVE-2014-1391, CVE-2014-1943, CVE-2014-2270, CVE-2014-2525, CVE-2014-3470, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3515, CVE-2014-3981, CVE-2014-4049, CVE-2014-4350, CVE-2014-4374, CVE-2014-4376, CVE-2014-4377, CVE-2014-4378, CVE-2014-4379, CVE-2014-4381
SHA-256 | 4e7c77251432e1559177fbfc860df8439663744f27a763ac3194f1ebdf0e44e0
HP Security Bulletin HPSBST03106
Posted Sep 11, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03106 - A potential security vulnerability has been identified in HP P2000 G3 MSA Array System running OpenSSL. This vulnerability could be exploited remotely resulting in unauthorized access or disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-0224
SHA-256 | 6891a70dfa7d48dde4bae12899b26516b067ffccc859961ca28b52e4c6c9c942
HP Security Bulletin HPSBMU03083 2
Posted Sep 4, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03083 2 - A potential security vulnerability has been identified with HP BladeSystem c-Class Virtual Connect Firmware running OpenSSL. This vulnerability could be exploited remotely resulting in unauthorized access or disclosure of information. Revision 2 of this advisory.

tags | advisory
advisories | CVE-2014-0224
SHA-256 | ce35fcb9e956bce111332525cf71333def719138641d6da623d6b849c7e7c7b0
HP Security Bulletin HPSBMU03076 2
Posted Aug 26, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03076 2 - Potential security vulnerabilities have been identified with HP Systems Insight Manager running on Linux and Windows which could be exploited remotely resulting in multiple vulnerabilities. Revision 2 of this advisory.

tags | advisory, vulnerability
systems | linux, windows
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | 74c6011fdf049e842deed96044d5db0c591aa6e4838740959a4510208f32ffef
HP Security Bulletin HPSBST03098
Posted Aug 22, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03098 - A potential security vulnerability has been identified with HP StoreEver MSL6480 Tape Library running OpenSSL. The OpenSSL vulnerability could be exploited remotely resulting in unauthorized access or disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-0224
SHA-256 | 6b12926594ba8f7c8d70b5d90a9ce15f32ac8dc1659bf4d15b061fb5f94c66a3
HP Security Bulletin HPSBMU03101
Posted Aug 20, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03101 - A potential security vulnerability has been identified with HP Asset Manager and CloudSystem Chargeback running OpenSSL. The vulnerability could be exploited remotely to allow disclosure information or unauthorized access. This OpenSSL vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP Software products. This bulletin notifies HP Software customers about products affected by this OpenSSL vulnerability. Note: OpenSSL vulnerabilities, are found in the OpenSSL product cryptographic software library product. This weakness potentially allows Man in the Middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The impacted products appear in the list below are vulnerable due to embedding of OpenSSL standard release software. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2014-0224
SHA-256 | 5d131e19c74508e54a0fb0b1a8b26b636d5c559cc31f1fba60c84afc59abd798
HP Security Bulletin HPSBMU03094
Posted Aug 20, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03094 - A potential security vulnerability has been identified with HP Connect-IT running OpenSSL. The vulnerability could be exploited remotely to allow disclosure information or unauthorized access. This OpenSSL vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP Software products. This bulletin notifies HP Software customers about products affected by this OpenSSL vulnerability. Note: OpenSSL vulnerabilities, are found in the OpenSSL product cryptographic software library product. This weakness potentially allows Man in the Middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The impacted products appear in the list below are vulnerable due to embedding of OpenSSL standard release software. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2014-0224
SHA-256 | 156f676c821faa0780e9c47395871260abe84199c340cefaa2510d6f8b6742d1
EMC Documentum Code Execution / DQL Injection
Posted Aug 19, 2014
Site emc.com

EMC Documentum suffers from code execution, DQL injection, information disclosure, and multiple openssl vulnerabilities. Nicolas Gregoire provided the following PoC for the DQL injection: x'+UNION+ALL+SELECT+'z',user_os_name,user_name,default_folder+FROM+dm_user+ENABLE+(RETURN_TOP+10);

tags | advisory, vulnerability, code execution, info disclosure
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-2520, CVE-2014-2521, CVE-2014-3470, CVE-2014-4618
SHA-256 | 8519416c566585987d0c1b89564e5ddbeb78d80955a30917dd2386336520cb34
Ubuntu Security Notice USN-2232-4
Posted Aug 18, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2232-4 - USN-2232-1 fixed vulnerabilities in OpenSSL. One of the patch backports for Ubuntu 10.04 LTS caused a regression for certain applications. This update fixes the problem.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | 67e0e8644e9b976275e227eeae25d58569e1a29be71eb344aa1092fdbe47be4d
HP Security Bulletin HPSBHF03088
Posted Aug 14, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBHF03088 - A potential security vulnerability has been identified with the HP Integrity SD2 CB900s i2 and i4 Servers running OpenSSL. This vulnerability could be exploited remotely resulting in unauthorized access or disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-0224
SHA-256 | 14d7a31200210d301590ec06253545a6892912123653b48f6f1a1c0c59d866ad
HP Security Bulletin HPSBMU03089
Posted Aug 12, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03089 - A potential security vulnerability has been identified with HP Executive Scorecard running OpenSSL. The vulnerability could be exploited remotely to allow disclosure information. This OpenSSL vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP Software products. This bulletin notifies HP Software customers about products affected by the OpenSSL vulnerabilities Note: OpenSSL vulnerabilities, are vulnerabilities found in the OpenSSL product cryptographic software library product. This weakness potentially allows Man in the Middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The impacted products appear in the list below are vulnerable due to embedding of OpenSSL standard release software. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2014-0224
SHA-256 | d854fc6c01d15af293b74d065d3d1747b841e3cac51232655a55481b5756ce47
HP Security Bulletin HPSBMU03062
Posted Aug 8, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03062 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH), HP Smart Update Manager (SUM), and HP Version Control Agent (VCA) running on Linux and Windows. These components of HP Insight Control server deployment could be exploited remotely resulting in denial of service (DoS), code execution, unauthorized access, or disclosure of information. HP Insight Control server deployment packages HP System Management Homepage (SMH) and HP Version Control Agent (VCA), and HP Smart Update Manager (SUM) and deploys them through the following components. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, windows
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | 30ec904a6c5c9b83f25c8416bbe55a4e98f45470d07086d87abb9523fa9c1f14
HP Security Bulletin HPSBMU03083
Posted Aug 5, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03083 - A potential security vulnerability has been identified with HP BladeSystem c-Class Virtual Connect Firmware running OpenSSL. This vulnerability could be exploited remotely resulting in unauthorized access or disclosure of information. Revision 1 of this advisory.

tags | advisory
advisories | CVE-2014-0224
SHA-256 | 73a42dd1d205af075ac13a53980fa2d8b783c0e087511fc3a802fccf142ae482
Page 1 of 3
Back123Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close