Exploit the possiblities
Showing 1 - 20 of 20 RSS Feed

CVE-2016-2108

Status Candidate

Overview

The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.

Related Files

HP Security Bulletin HPESBHF03765 1
Posted Jul 26, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBHF03765 1 - Potential security vulnerabilities in OpenSSL have been addressed in HPE Network Products including Comware v7 that is applicable for ConvergedSystem 700 solutions. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or disclosure of sensitive information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176
MD5 | c683a7b3bfd4e5f33311dd9c4610914c
HP Security Bulletin HPESBHF03756 1
Posted Jun 5, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBHF03756 1 - Potential security vulnerabilities with OpenSSL have been addressed for HPE network products including Comware 7, iMC, and VCX. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or disclosure of sensitive information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176
MD5 | 500b8f2098c44c7b3a1c12a8c1e13b95
HP Security Bulletin HPESBGN03698 1
Posted Feb 13, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPESBGN03698 1 - Multiple security vulnerabilities in OpenSSL have been addressed in HPE DDMi. Revision 1 of this advisory.

tags | advisory, vulnerability
advisories | CVE-2016-0800, CVE-2016-2017, CVE-2016-2018, CVE-2016-2107, CVE-2016-2108
MD5 | 8fa3ecd38de9c6ae65492cab860ef23a
Red Hat Security Advisory 2017-0194-01
Posted Jan 25, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0194-01 - This release adds the new Apache HTTP Server 2.4.23 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.6 and includes bug fixes and enhancements.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2016-2108, CVE-2016-2177, CVE-2016-2178, CVE-2016-4459, CVE-2016-6808, CVE-2016-8612
MD5 | 975da83bd9aca9cb9a5340cea42e0844
Red Hat Security Advisory 2017-0193-01
Posted Jan 25, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-0193-01 - This release adds the new Apache HTTP Server 2.4.23 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.6, and includes bug fixes and enhancements.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2016-2108, CVE-2016-2177, CVE-2016-2178, CVE-2016-4459, CVE-2016-6808, CVE-2016-8612
MD5 | 053512a40c8824ef00912d4a3a6321c1
Red Hat Security Advisory 2016-2957-01
Posted Dec 16, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2957-01 - This release of Red Hat JBoss Core Services httpd 2.4.23 serves as a replacement for JBoss Core Services Apache HTTP Server 2.4.6. Security Fix: This update fixes several flaws in OpenSSL.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2012-1148, CVE-2014-3523, CVE-2014-8176, CVE-2015-0209, CVE-2015-0286, CVE-2015-3185, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-3216, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0799, CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109
MD5 | 6a499e1d0b21844f40be708a5b2487c4
Gentoo Linux Security Advisory 201612-16
Posted Dec 7, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201612-16 - Multiple vulnerabilities have been found in OpenSSL, the worst of which allows attackers to conduct a time based side-channel attack. Versions less than 1.0.2j are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176, CVE-2016-2177, CVE-2016-2178, CVE-2016-2180, CVE-2016-2183, CVE-2016-6304, CVE-2016-6305, CVE-2016-6306, CVE-2016-7052
MD5 | f5124381acc5c4e9deed16a7d0aaf863
Red Hat Security Advisory 2016-2073-01
Posted Oct 18, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2073-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library.

tags | advisory, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2842
MD5 | cd7ac945ed5a0a668c9947cebcef2660
Red Hat Security Advisory 2016-2056-01
Posted Oct 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2056-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release includes bug fixes and enhancements, as well as a new release of OpenSSL that addresses a number of outstanding security flaws. For further information, see the knowledge base article linked to in the References section. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 6 are advised to upgrade to these updated packages. Multiple security issues have been addressed.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2015-3183, CVE-2015-3195, CVE-2015-4000, CVE-2016-2105, CVE-2016-2106, CVE-2016-2108, CVE-2016-2109, CVE-2016-3110, CVE-2016-4459
MD5 | 1ea1f4a4c42e4264c025287799499055
Red Hat Security Advisory 2016-2055-01
Posted Oct 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2055-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release includes bug fixes and enhancements, as well as a new release of OpenSSL that addresses a number of outstanding security flaws. For further information, see the knowledge base article linked to in the References section. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 6 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2015-3183, CVE-2015-3195, CVE-2015-4000, CVE-2016-2105, CVE-2016-2106, CVE-2016-2108, CVE-2016-2109, CVE-2016-3110, CVE-2016-4459
MD5 | 0b9225a8efe500fbba09cd0ae097ee1e
Red Hat Security Advisory 2016-2054-01
Posted Oct 12, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-2054-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release includes bug fixes and enhancements, as well as a new release of OpenSSL that addresses a number of outstanding security flaws. For further information, see the knowledge base article linked to in the References section. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 7 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2015-3183, CVE-2015-3195, CVE-2015-4000, CVE-2016-2105, CVE-2016-2106, CVE-2016-2108, CVE-2016-2109, CVE-2016-3110, CVE-2016-4459
MD5 | d2e4c1a95f2124cc43b256a3aa2e0eaf
Apple Security Advisory 2016-07-18-1
Posted Jul 19, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-07-18-1 - OS X El Capitan v10.11.6 and Security Update 2016-004 is now available and addresses arbitrary code execution, information disclosure, and various other vulnerabilities.

tags | advisory, arbitrary, vulnerability, code execution, info disclosure
systems | apple, osx
advisories | CVE-2014-9862, CVE-2016-0718, CVE-2016-1684, CVE-2016-1836, CVE-2016-1863, CVE-2016-1864, CVE-2016-1865, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, CVE-2016-4483, CVE-2016-4582, CVE-2016-4594, CVE-2016-4595, CVE-2016-4596, CVE-2016-4597, CVE-2016-4598, CVE-2016-4599, CVE-2016-4600, CVE-2016-4601, CVE-2016-4602, CVE-2016-4607
MD5 | 596904cffbf32a317a758cee9c7b9650
HP Security Bulletin HPSBGN03620 1
Posted Jun 8, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03620 1 - Security vulnerabilities in OpenSSL were addressed by HPE Helion OpenStack. The vulnerabilities could be exploited resulting in remote unauthorized data access. A security vulnerability in QEMU was addressed by HPE Helion OpenStack. The vulnerability could be exploited resulting in local unauthorized data access. Revision 1 of this advisory.

tags | advisory, remote, local, vulnerability
advisories | CVE-2016-2107, CVE-2016-2108, CVE-2016-3710
MD5 | dcd48871ccc0fee5fe8934b3a6dbbe8e
Red Hat Security Advisory 2016-1137-01
Posted May 31, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1137-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library.

tags | advisory, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2016-2108
MD5 | dd13913a15943588588e3f588b141519
HP Security Bulletin HPSBGN03610 1
Posted May 26, 2016
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03610 1 - Security vulnerabilities in the OpenSSL library could potentially impact HPE IceWall products resulting in Remote arbitrary code execution or Denial of Service (DoS). Revision 1 of this advisory.

tags | advisory, remote, denial of service, arbitrary, vulnerability, code execution
advisories | CVE-2016-2108
MD5 | d72a25fefdd770ed24ef52619a37af77
Red Hat Security Advisory 2016-0996-01
Posted May 10, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0996-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library.

tags | advisory, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2842
MD5 | 53cebf0cff9310fb1df58e16416150e3
Red Hat Security Advisory 2016-0722-01
Posted May 9, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0722-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library.

tags | advisory, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2842
MD5 | bd6dcebb73d8d4732aa9bbb65c976218
Slackware Security Advisory - openssl Updates
Posted May 4, 2016
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New openssl packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176
MD5 | 874179d01a49177c232e24f81614669e
Ubuntu Security Notice USN-2959-1
Posted May 3, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2959-1 - Huzaifa Sidhpurwala, Hanno Boeck, and David Benjamin discovered that OpenSSL incorrectly handled memory when decoding ASN.1 structures. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. Juraj Somorovsky discovered that OpenSSL incorrectly performed padding when the connection uses the AES CBC cipher and the server supports AES-NI. A remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109
MD5 | 4925406da94e0165485ac54ee227166b
Debian Security Advisory 3566-1
Posted May 3, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3566-1 - Several vulnerabilities were discovered in OpenSSL, a Secure Socket Layer toolkit.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176
MD5 | 2c73861f374ae26a66c6684a585a8fed
Page 1 of 1
Back1Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    28 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close