OpenSSL suffers from SSL/TLS MITM, DTLS recursion, DTLS invalid fragment, SSL_MODE_RELEASE_BUFFERS NULL pointer dereference, session injection, and various other vulnerabilities.
c8a76479616787fe605580247ae03de77e71fa40907ab2828faf37a7315964eeTor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
6bf7942e93b8919a7d01a601390c2a8e7c32d6d53713a73c02d734bad9bd694cEMC Documentum Content Server contains fixes for multiple security vulnerabilities that could be potentially exploited by malicious users to compromise the affected system. These include privilege escalation, shell injection, and DQL injection vulnerabilities.
7339b82212d868edf9b0568c445dd25b82f5c385257cb66109037e04fc9b02adLynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
f7603e90111f5141cea79c8f61a8f4d709e76f3839bec3d011506e896dd977d4httpry is a specialized packet sniffer designed for displaying and logging HTTP traffic. It is not intended to perform analysis itself, but instead to capture, parse, and log the traffic for later analysis. It can be run in real-time displaying the live traffic on the wire, or as a daemon process that logs to an output file. It is written to be as lightweight and flexible as possible, so that it can be easily adaptable to different applications. It does not display the raw HTTP data transferred, but instead focuses on parsing and displaying the request/response line along with associated header fields.
ef53454f895f68005f7b9ab634d1b433c4df839eacea9109e4ee48d4296fb613FreeBSD Security Advisory - Multiple OpenSSL vulnerabilities have been addressed. Receipt of an invalid DTLS fragment on an OpenSSL DTLS client or server can lead to a buffer overrun. Receipt of an invalid DTLS handshake on an OpenSSL DTLS client can lead the code to unnecessary recurse. Carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. Carefully crafted packets can lead to a NULL pointer deference in OpenSSL TLS client code if anonymous ECDH ciphersuites are enabled.
0861adc148689cbdc960e551b28a4d26bf87ecf2fde76c62e5a15d705b29066eCloudera Manager versions 4.8.2 and below and 5.0.0 suffer from a sensitive configuration value exposure.
01a3bb6418266f86dc34fcb8e291c900d84c0c00dcf003ba6588bd86a7d761b5HP Security Bulletin HPSBMU03029 2 - A potential security vulnerability has been identified with HP Insight Control server migration running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.
1e74c0ccaa7df002b779d8233fe2743dc52cabe1d816990cc681de7247931756DevExpress ASP.NET File Manager versions 10.2 through 13.2.8 suffer from a directory traversal vulnerability.
394a34f5bb9c0db271438b8c89cbdc148df7951f648d6063157e850611f77962Linux x86 /bin/nc -le /bin/sh -vp 17771 shellcode that is 58 bytes.
52e8e9bfc994f4ecf6dc3eb42159bdd48ad25b6e4c50de08ff04fa39236db56bEMC Documentum Digital Asset Manager (DAM) announces a security fix to address blind DQL (Documentum Query Language) injection vulnerability. The DAM thumbnail proxy server allows unauthenticated users to query objects using a vulnerable URL query string parameter. A malicious attacker can potentially conduct Blind DQL injection attacks using the vulnerable parameter to infer or modify the database contents. EMC Documentum Digital Asset Manager versions 6.5 SP3 through SP6 are affected.
91095ede0e45fd5a70e325ef49ee1a0b47012f04bd0ecbd47837a21f92c3fdf2HP Security Bulletin HPSBMU03033 3 - A potential security vulnerability has been identified with HP Insight Control software components running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 3 of this advisory.
26450869ed7e8e9888feb1b30e20846859e3b7d1ef71705fb6a67553eaba919dHP Security Bulletin HPSBMU03028 2 - A potential security vulnerability has been identified with HP Matrix Operating Environment and HP CloudSystem Matrix software components running OpenSSL. This is the OpenSSL vulnerability known as "Heartbleed" which could be exploited remotely resulting in disclosure of information. Revision 2 of this advisory.
ac167e598819b0170873d5d1318b3a3bf755767159a7cd628be5af23f20fd934Debian Linux Security Advisory 2949-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.
45405d468e8010f880354b2ce2dd7801de3e4c470ba76a2d1bd51a96f14afe54Debian Linux Security Advisory 2950-1 - Multiple vulnerabilities have been discovered in OpenSSL.
4c8bceba399e16586ea86f1b94f7aa04795bdcfa642dec68a184325f766c871eRed Hat Security Advisory 2014-0632-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.
456daeb2b1a4d8164284a12263830d1da43679e8b1b2302b20336cadbfc10a96Red Hat Security Advisory 2014-0633-01 - Red Hat JBoss Enterprise Web Platform is a platform for Java applications, which integrates the JBoss Web Server with JBoss Hibernate and JBoss Seam. OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.
537737f3568e241e4468db62fdb61998a5e7c87b43b82fad30f343feeb511a13Red Hat Security Advisory 2014-0630-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.
eff4ba3a1b813768ab55e70b7b90c92170e78c7163c723bcf93bedd5b2fdce4cRed Hat Security Advisory 2014-0631-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server.
5be5866aa0d31cbf39c74ef600a5424cfb9918d15893a6ef2d8fe5666e6c9522Red Hat Security Advisory 2014-0629-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library.
1fa76c69d35abf6d7fc2bde2bc1b5526dcf99c47445ce6408bb66c00ff64f9a8Debian Linux Security Advisory 2945-1 - Thomas Stangner discovered a vulnerability in chkrootkit, a rootkit detector, which may allow local attackers to gain root access when /tmp is mounted without the noexec option.
4b40aa0f2ad33b2e2636d7b46693b635f936d7615ef89487925b8fef3321390fRed Hat Security Advisory 2014-0628-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL.
45ac970580285e45f60c7ada7cf8c6e1a95037ba799213a4c6ba5b817da76fd1Red Hat Security Advisory 2014-0626-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL.
ab8c9baf481a1393d8cd85d7b34d357e818678e6943a98f63ce4bb58406c836eRed Hat Security Advisory 2014-0627-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL.
729b6ba8c002c09f11ac83a43142a228466c6c98eb507769932ee4dfcf04d79eRed Hat Security Advisory 2014-0625-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL.
3d88b7a9e688d54a5fad1e381be0cca426e56f5d1e4dd8bf942ff0e19e035199
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed