2014-11-06
ALT-BU-2014-3087-1
Branch c7 update bulletin.
Closed vulnerabilities
Published: 2014-06-05
BDU:2015-00125
Уязвимость программного обеспечения Cisco ACE, позволяющая злоумышленнику перехватить сессию
Severity: MEDIUM (4.3)
References:
Published: 1970-01-01
BDU:2015-00126
Уязвимость программного обеспечения Cisco ASA, позволяющая злоумышленнику перехватить сессию
Severity: MEDIUM (4.3)
References:
Published: 1970-01-01
BDU:2015-00127
Уязвимость программного обеспечения Cisco IPS, позволяющая злоумышленнику перехватить сессию
Severity: MEDIUM (4.3)
References:
Published: 1970-01-01
BDU:2015-00128
Уязвимость программного обеспечения Cisco Unified Communications Manager, позволяющая злоумышленнику перехватить сессию
Severity: MEDIUM (4.3)
References:
Published: 2014-10-15
BDU:2015-00640
Уязвимость программного обеспечения OpenSSL, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации
Severity: MEDIUM (5.0)
References:
Published: 2014-10-15
BDU:2015-00641
Уязвимость программного обеспечения OpenSSL, позволяющая удаленному злоумышленнику нарушить конфиденциальность защищаемой информации
Severity: LOW (2.6)
References:
Published: 2014-10-15
BDU:2015-00642
Уязвимость программного обеспечения OpenSSL, позволяющая удаленному злоумышленнику нарушить конфиденциальность защищаемой информации
Severity: MEDIUM (4.3)
References:
Published: 2014-08-06
BDU:2015-00644
Уязвимость программного обеспечения OpenSSL, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации
Severity: MEDIUM (5.0)
References:
Published: 2014-08-06
BDU:2015-00645
Уязвимость программного обеспечения OpenSSL, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
References:
Published: 2014-08-06
BDU:2015-00646
Уязвимость программного обеспечения OpenSSL, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации
Severity: MEDIUM (5.0)
References:
Published: 2014-08-06
BDU:2015-00647
Уязвимость программного обеспечения OpenSSL, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации
Severity: MEDIUM (5.0)
References:
Published: 2014-08-06
BDU:2015-00648
Уязвимость программного обеспечения OpenSSL, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации
Severity: MEDIUM (4.3)
References:
Published: 2014-08-06
BDU:2015-00649
Уязвимость программного обеспечения OpenSSL, позволяющая удаленному злоумышленнику нарушить конфиденциальность защищаемой информации
Severity: MEDIUM (4.3)
References:
Published: 2014-08-06
BDU:2015-00650
Уязвимость программного обеспечения OpenSSL, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: MEDIUM (6.8)
References:
Published: 2014-08-06
BDU:2015-00651
Уязвимость программного обеспечения OpenSSL, позволяющая удаленному злоумышленнику нарушить доступность защищаемой информации
Severity: MEDIUM (4.3)
References:
Published: 2014-08-06
BDU:2015-00652
Уязвимость программного обеспечения OpenSSL, позволяющая удаленному злоумышленнику нарушить защищаемой информации
Severity: MEDIUM (4.3)
References:
Published: 2014-10-15
BDU:2015-00653
Уязвимость программного обеспечения OpenSSL, позволяющая удаленному злоумышленнику нарушить конфиденциальность и доступность защищаемой информации
Severity: HIGH (7.8)
References:
Published: 1970-01-01
BDU:2015-04312
Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: MEDIUM (6.8)
References:
Published: 1970-01-01
BDU:2015-04313
Уязвимости операционной системы SUSE Linux Enterprise, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: MEDIUM (6.8)
References:
Published: 1970-01-01
BDU:2015-05844
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: MEDIUM (6.8)
References:
Published: 1970-01-01
BDU:2015-05845
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: MEDIUM (6.8)
References:
Published: 1970-01-01
BDU:2015-05846
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: MEDIUM (6.8)
References:
Published: 1970-01-01
BDU:2015-05847
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: MEDIUM (6.8)
References:
Published: 1970-01-01
BDU:2015-05848
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: MEDIUM (6.8)
References:
Published: 1970-01-01
BDU:2015-05849
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: MEDIUM (6.8)
References:
Published: 1970-01-01
BDU:2015-05850
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: MEDIUM (6.8)
References:
Published: 1970-01-01
BDU:2015-05851
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: MEDIUM (6.8)
References:
Published: 1970-01-01
BDU:2015-05852
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: MEDIUM (6.8)
References:
Published: 1970-01-01
BDU:2015-05853
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: MEDIUM (6.8)
References:
Published: 1970-01-01
BDU:2015-05854
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: MEDIUM (6.8)
References:
Published: 1970-01-01
BDU:2015-05855
Уязвимости операционной системы openSUSE, позволяющие злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: MEDIUM (6.8)
References:
Published: 2014-06-05
BDU:2015-07477
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
References:
Published: 2014-06-05
BDU:2015-07482
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
References:
Published: 2014-06-05
BDU:2015-07483
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: MEDIUM (6.8)
References:
Published: 2014-06-05
BDU:2015-07485
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: CRITICAL (10.0)
References:
Published: 2014-07-27
BDU:2015-09698
Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: MEDIUM (6.8)
References:
Published: 2014-12-26
BDU:2015-09775
Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: HIGH (7.5)
References:
Published: 2014-04-15
Modified: 2022-08-29
Modified: 2022-08-29
CVE-2010-5298
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.
Severity: MEDIUM (4.0)
References:
- [oss-security] 20140412 Use-after-free race condition,in OpenSSL's read buffer
- http://svnweb.freebsd.org/ports/head/security/openssl/files/patch-ssl-s3_pkt.c?revision=351191&view=markup
- http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/004_openssl.patch.sig
- http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse
- https://rt.openssl.org/Ticket/Display.html?id=3265&user=guest&pass=guest
- [5.5] 004: SECURITY FIX: April 12, 2014
- https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest
- 66801
- http://www.openssl.org/news/secadv_20140605.txt
- https://kb.bluecoat.com/index?page=content&id=SA80
- 20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
- http://www.blackberry.com/btsc/KB36051
- http://www-01.ibm.com/support/docview.wss?uid=swg21676035
- 59438
- 59301
- 59450
- 59721
- http://www-01.ibm.com/support/docview.wss?uid=swg21677695
- 59655
- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm
- 59162
- http://www-01.ibm.com/support/docview.wss?uid=swg21676655
- 58939
- 59666
- http://www-01.ibm.com/support/docview.wss?uid=swg21677828
- 59490
- http://www-01.ibm.com/support/docview.wss?uid=swg21676062
- https://kc.mcafee.com/corporate/index?page=content&id=SB10075
- http://www-01.ibm.com/support/docview.wss?uid=swg21676419
- http://www-01.ibm.com/support/docview.wss?uid=swg21678167
- http://www-01.ibm.com/support/docview.wss?uid=swg21673137
- http://www-01.ibm.com/support/docview.wss?uid=swg21677527
- 59669
- 59413
- 59300
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- http://www.fortiguard.com/advisory/FG-IR-14-018/
- 59342
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- MDVSA-2015:062
- HPSBMU03055
- HPSBHF03052
- HPSBMU03051
- HPSBMU03074
- HPSBGN03068
- HPSBMU03057
- HPSBMU03076
- HPSBMU03056
- HPSBMU03062
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
- SUSE-SU-2015:0743
- https://www.novell.com/support/kb/doc.php?id=7015271
- http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757
- http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756
- http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755
- http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754
- http://www-01.ibm.com/support/docview.wss?uid=swg21683332
- http://www-01.ibm.com/support/docview.wss?uid=swg21677836
- http://www-01.ibm.com/support/docview.wss?uid=swg21676889
- http://www-01.ibm.com/support/docview.wss?uid=swg21676879
- http://www-01.ibm.com/support/docview.wss?uid=swg21676529
- http://www.vmware.com/security/advisories/VMSA-2014-0006.html
- MDVSA-2014:090
- http://www.ibm.com/support/docview.wss?uid=swg24037783
- http://www.ibm.com/support/docview.wss?uid=swg21676356
- http://support.citrix.com/article/CTX140876
- GLSA-201407-05
- 59440
- 59437
- 59287
- 58977
- 58713
- 58337
- FEDORA-2014-9308
- FEDORA-2014-9301
- http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629
- http://advisories.mageia.org/MGASA-2014-0187.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
Published: 2014-06-06
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-0224
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.
Severity: HIGH (7.4)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
References:
- http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc
- http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc
- http://ccsinjection.lepidum.co.jp
- http://ccsinjection.lepidum.co.jp
- http://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-1-7.html
- http://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-1-7.html
- http://esupport.trendmicro.com/solution/en-US/1103813.aspx
- http://esupport.trendmicro.com/solution/en-US/1103813.aspx
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10629
- http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195
- http://kb.juniper.net/InfoCenter/index?page=content&id=KB29195
- http://kb.juniper.net/InfoCenter/index?page=content&id=KB29217
- http://kb.juniper.net/InfoCenter/index?page=content&id=KB29217
- http://linux.oracle.com/errata/ELSA-2014-1053.html
- http://linux.oracle.com/errata/ELSA-2014-1053.html
- FEDORA-2014-9301
- FEDORA-2014-9301
- FEDORA-2014-9308
- FEDORA-2014-9308
- SUSE-SU-2015:0578
- SUSE-SU-2015:0578
- SUSE-SU-2015:0743
- SUSE-SU-2015:0743
- openSUSE-SU-2016:0640
- openSUSE-SU-2016:0640
- openSUSE-SU-2015:0229
- openSUSE-SU-2015:0229
- HPSBUX03046
- HPSBUX03046
- SSRT101590
- SSRT101590
- HPSBOV03047
- HPSBOV03047
- HPSBMU03053
- HPSBMU03053
- HPSBMU03058
- HPSBMU03058
- HPSBMU03057
- HPSBMU03057
- HPSBMU03056
- HPSBMU03056
- HPSBMU03055
- HPSBMU03055
- HPSBMU03051
- HPSBMU03051
- HPSBGN03050
- HPSBGN03050
- HPSBMU03065
- HPSBMU03065
- HPSBMU03070
- HPSBMU03070
- HPSBGN03068
- HPSBGN03068
- HPSBMU03071
- HPSBMU03071
- HPSBMU03074
- HPSBMU03074
- HPSBMU03078
- HPSBMU03078
- HPSBMU03062
- HPSBMU03062
- HPSBMU03089
- HPSBMU03089
- HPSBHF03088
- HPSBHF03088
- HPSBMU03094
- HPSBMU03094
- HPSBMU03101
- HPSBMU03101
- HPSBST03098
- HPSBST03098
- HPSBMU03076
- HPSBMU03076
- HPSBMU03083
- HPSBMU03083
- HPSBST03106
- HPSBST03106
- HPSBPI03107
- HPSBPI03107
- HPSBST03103
- HPSBST03103
- HPSBST03097
- HPSBST03097
- HPSBHF03145
- HPSBHF03145
- HPSBHF03052
- HPSBHF03052
- HPSBMU03216
- HPSBMU03216
- SSRT101818
- SSRT101818
- HPSBST03265
- HPSBST03265
- HPSBST03195
- HPSBST03195
- http://puppetlabs.com/security/cve/cve-2014-0224
- http://puppetlabs.com/security/cve/cve-2014-0224
- RHSA-2014:0624
- RHSA-2014:0624
- RHSA-2014:0626
- RHSA-2014:0626
- RHSA-2014:0627
- RHSA-2014:0627
- RHSA-2014:0630
- RHSA-2014:0630
- RHSA-2014:0631
- RHSA-2014:0631
- RHSA-2014:0632
- RHSA-2014:0632
- RHSA-2014:0633
- RHSA-2014:0633
- RHSA-2014:0680
- RHSA-2014:0680
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- 20140607 Re: More OpenSSL issues
- 20140607 Re: More OpenSSL issues
- 58128
- 58128
- 58337
- 58337
- 58385
- 58385
- 58433
- 58433
- 58492
- 58492
- 58579
- 58579
- 58615
- 58615
- 58639
- 58639
- 58660
- 58660
- 58667
- 58667
- 58713
- 58713
- 58714
- 58714
- 58716
- 58716
- 58719
- 58719
- 58742
- 58742
- 58743
- 58743
- 58745
- 58745
- 58759
- 58759
- 58930
- 58930
- 58939
- 58939
- 58945
- 58945
- 58977
- 58977
- 59004
- 59004
- 59012
- 59012
- 59040
- 59040
- 59043
- 59043
- 59055
- 59055
- 59063
- 59063
- 59093
- 59093
- 59101
- 59101
- 59120
- 59120
- 59126
- 59126
- 59132
- 59132
- 59135
- 59135
- 59142
- 59142
- 59162
- 59162
- 59163
- 59163
- 59167
- 59167
- 59175
- 59175
- 59186
- 59186
- 59188
- 59188
- 59189
- 59189
- 59190
- 59190
- 59191
- 59191
- 59192
- 59192
- 59202
- 59202
- 59211
- 59211
- 59214
- 59214
- 59215
- 59215
- 59223
- 59223
- 59231
- 59231
- 59264
- 59264
- 59282
- 59282
- 59284
- 59284
- 59287
- 59287
- 59300
- 59300
- 59301
- 59301
- 59305
- 59305
- 59306
- 59306
- 59310
- 59310
- 59325
- 59325
- 59338
- 59338
- 59342
- 59342
- 59347
- 59347
- 59354
- 59354
- 59362
- 59362
- 59364
- 59364
- 59365
- 59365
- 59368
- 59368
- 59370
- 59370
- 59374
- 59374
- 59375
- 59375
- 59380
- 59380
- 59383
- 59383
- 59389
- 59389
- 59413
- 59413
- 59429
- 59429
- 59435
- 59435
- 59437
- 59437
- 59438
- 59438
- 59440
- 59440
- 59441
- 59441
- 59442
- 59442
- 59444
- 59444
- 59445
- 59445
- 59446
- 59446
- 59447
- 59447
- 59448
- 59448
- 59449
- 59449
- 59450
- 59450
- 59451
- 59451
- 59454
- 59454
- 59459
- 59459
- 59460
- 59460
- 59483
- 59483
- 59490
- 59490
- 59491
- 59491
- 59495
- 59495
- 59502
- 59502
- 59506
- 59506
- 59514
- 59514
- 59518
- 59518
- 59525
- 59525
- 59528
- 59528
- 59529
- 59529
- 59530
- 59530
- 59589
- 59589
- 59602
- 59602
- 59655
- 59655
- 59659
- 59659
- 59661
- 59661
- 59666
- 59666
- 59669
- 59669
- 59677
- 59677
- 59721
- 59721
- 59784
- 59784
- 59824
- 59824
- 59827
- 59827
- 59878
- 59878
- 59885
- 59885
- 59894
- 59894
- 59916
- 59916
- 59990
- 59990
- 60049
- 60049
- 60066
- 60066
- 60176
- 60176
- 60522
- 60522
- 60567
- 60567
- 60571
- 60571
- 60577
- 60577
- 60819
- 60819
- 61254
- 61254
- 61815
- 61815
- GLSA-201407-05
- GLSA-201407-05
- http://support.apple.com/kb/HT6443
- http://support.apple.com/kb/HT6443
- http://support.citrix.com/article/CTX140876
- http://support.citrix.com/article/CTX140876
- http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15325.html
- http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15325.html
- 20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
- 20140605 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products
- http://www.blackberry.com/btsc/KB36051
- http://www.blackberry.com/btsc/KB36051
- http://www.fortiguard.com/advisory/FG-IR-14-018/
- http://www.fortiguard.com/advisory/FG-IR-14-018/
- http://www.f-secure.com/en/web/labs_global/fsc-2014-6
- http://www.f-secure.com/en/web/labs_global/fsc-2014-6
- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm
- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm
- http://www.ibm.com/support/docview.wss?uid=isg3T1020948
- http://www.ibm.com/support/docview.wss?uid=isg3T1020948
- http://www.ibm.com/support/docview.wss?uid=ssg1S1004678
- http://www.ibm.com/support/docview.wss?uid=ssg1S1004678
- IT02314
- IT02314
- http://www.ibm.com/support/docview.wss?uid=swg21676356
- http://www.ibm.com/support/docview.wss?uid=swg21676356
- http://www.ibm.com/support/docview.wss?uid=swg21676793
- http://www.ibm.com/support/docview.wss?uid=swg21676793
- http://www.ibm.com/support/docview.wss?uid=swg21676877
- http://www.ibm.com/support/docview.wss?uid=swg21676877
- http://www.ibm.com/support/docview.wss?uid=swg24037783
- http://www.ibm.com/support/docview.wss?uid=swg24037783
- http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf
- http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_Release_Notes.pdf
- VU#978508
- VU#978508
- http://www.kerio.com/support/kerio-control/release-history
- http://www.kerio.com/support/kerio-control/release-history
- MDVSA-2014:105
- MDVSA-2014:105
- MDVSA-2014:106
- MDVSA-2014:106
- MDVSA-2015:062
- MDVSA-2015:062
- http://www.novell.com/support/kb/doc.php?id=7015264
- http://www.novell.com/support/kb/doc.php?id=7015264
- http://www.novell.com/support/kb/doc.php?id=7015300
- http://www.novell.com/support/kb/doc.php?id=7015300
- http://www.openssl.org/news/secadv_20140605.txt
- http://www.openssl.org/news/secadv_20140605.txt
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- 1031032
- 1031032
- 1031594
- 1031594
- http://www.splunk.com/view/SP-CAAAM2D
- http://www.splunk.com/view/SP-CAAAM2D
- http://www.tenable.com/blog/nessus-527-and-pvs-403-are-available-for-download
- http://www.tenable.com/blog/nessus-527-and-pvs-403-are-available-for-download
- http://www.vmware.com/security/advisories/VMSA-2014-0006.html
- http://www.vmware.com/security/advisories/VMSA-2014-0006.html
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
- http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
- http://www-01.ibm.com/support/docview.wss?uid=isg400001841
- http://www-01.ibm.com/support/docview.wss?uid=isg400001841
- http://www-01.ibm.com/support/docview.wss?uid=isg400001843
- http://www-01.ibm.com/support/docview.wss?uid=isg400001843
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1020163
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1020172
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1020172
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004690
- http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004690
- IV61506
- IV61506
- http://www-01.ibm.com/support/docview.wss?uid=swg21673137
- http://www-01.ibm.com/support/docview.wss?uid=swg21673137
- http://www-01.ibm.com/support/docview.wss?uid=swg21675626
- http://www-01.ibm.com/support/docview.wss?uid=swg21675626
- http://www-01.ibm.com/support/docview.wss?uid=swg21675821
- http://www-01.ibm.com/support/docview.wss?uid=swg21675821
- http://www-01.ibm.com/support/docview.wss?uid=swg21676035
- http://www-01.ibm.com/support/docview.wss?uid=swg21676035
- http://www-01.ibm.com/support/docview.wss?uid=swg21676062
- http://www-01.ibm.com/support/docview.wss?uid=swg21676062
- http://www-01.ibm.com/support/docview.wss?uid=swg21676071
- http://www-01.ibm.com/support/docview.wss?uid=swg21676071
- http://www-01.ibm.com/support/docview.wss?uid=swg21676333
- http://www-01.ibm.com/support/docview.wss?uid=swg21676333
- http://www-01.ibm.com/support/docview.wss?uid=swg21676334
- http://www-01.ibm.com/support/docview.wss?uid=swg21676334
- http://www-01.ibm.com/support/docview.wss?uid=swg21676419
- http://www-01.ibm.com/support/docview.wss?uid=swg21676419
- http://www-01.ibm.com/support/docview.wss?uid=swg21676478
- http://www-01.ibm.com/support/docview.wss?uid=swg21676478
- http://www-01.ibm.com/support/docview.wss?uid=swg21676496
- http://www-01.ibm.com/support/docview.wss?uid=swg21676496
- http://www-01.ibm.com/support/docview.wss?uid=swg21676501
- http://www-01.ibm.com/support/docview.wss?uid=swg21676501
- http://www-01.ibm.com/support/docview.wss?uid=swg21676529
- http://www-01.ibm.com/support/docview.wss?uid=swg21676529
- http://www-01.ibm.com/support/docview.wss?uid=swg21676536
- http://www-01.ibm.com/support/docview.wss?uid=swg21676536
- http://www-01.ibm.com/support/docview.wss?uid=swg21676615
- http://www-01.ibm.com/support/docview.wss?uid=swg21676615
- http://www-01.ibm.com/support/docview.wss?uid=swg21676644
- http://www-01.ibm.com/support/docview.wss?uid=swg21676644
- http://www-01.ibm.com/support/docview.wss?uid=swg21676655
- http://www-01.ibm.com/support/docview.wss?uid=swg21676655
- http://www-01.ibm.com/support/docview.wss?uid=swg21676786
- http://www-01.ibm.com/support/docview.wss?uid=swg21676786
- http://www-01.ibm.com/support/docview.wss?uid=swg21676833
- http://www-01.ibm.com/support/docview.wss?uid=swg21676833
- http://www-01.ibm.com/support/docview.wss?uid=swg21676845
- http://www-01.ibm.com/support/docview.wss?uid=swg21676845
- http://www-01.ibm.com/support/docview.wss?uid=swg21676879
- http://www-01.ibm.com/support/docview.wss?uid=swg21676879
- http://www-01.ibm.com/support/docview.wss?uid=swg21676889
- http://www-01.ibm.com/support/docview.wss?uid=swg21676889
- http://www-01.ibm.com/support/docview.wss?uid=swg21677080
- http://www-01.ibm.com/support/docview.wss?uid=swg21677080
- http://www-01.ibm.com/support/docview.wss?uid=swg21677131
- http://www-01.ibm.com/support/docview.wss?uid=swg21677131
- http://www-01.ibm.com/support/docview.wss?uid=swg21677390
- http://www-01.ibm.com/support/docview.wss?uid=swg21677390
- http://www-01.ibm.com/support/docview.wss?uid=swg21677527
- http://www-01.ibm.com/support/docview.wss?uid=swg21677527
- http://www-01.ibm.com/support/docview.wss?uid=swg21677567
- http://www-01.ibm.com/support/docview.wss?uid=swg21677567
- http://www-01.ibm.com/support/docview.wss?uid=swg21677695
- http://www-01.ibm.com/support/docview.wss?uid=swg21677695
- http://www-01.ibm.com/support/docview.wss?uid=swg21677828
- http://www-01.ibm.com/support/docview.wss?uid=swg21677828
- http://www-01.ibm.com/support/docview.wss?uid=swg21677836
- http://www-01.ibm.com/support/docview.wss?uid=swg21677836
- http://www-01.ibm.com/support/docview.wss?uid=swg21678167
- http://www-01.ibm.com/support/docview.wss?uid=swg21678167
- http://www-01.ibm.com/support/docview.wss?uid=swg21678233
- http://www-01.ibm.com/support/docview.wss?uid=swg21678233
- http://www-01.ibm.com/support/docview.wss?uid=swg21678289
- http://www-01.ibm.com/support/docview.wss?uid=swg21678289
- http://www-01.ibm.com/support/docview.wss?uid=swg21683332
- http://www-01.ibm.com/support/docview.wss?uid=swg21683332
- http://www-01.ibm.com/support/docview.wss?uid=swg24037727
- http://www-01.ibm.com/support/docview.wss?uid=swg24037727
- http://www-01.ibm.com/support/docview.wss?uid=swg24037729
- http://www-01.ibm.com/support/docview.wss?uid=swg24037729
- http://www-01.ibm.com/support/docview.wss?uid=swg24037730
- http://www-01.ibm.com/support/docview.wss?uid=swg24037730
- http://www-01.ibm.com/support/docview.wss?uid=swg24037731
- http://www-01.ibm.com/support/docview.wss?uid=swg24037731
- http://www-01.ibm.com/support/docview.wss?uid=swg24037732
- http://www-01.ibm.com/support/docview.wss?uid=swg24037732
- http://www-01.ibm.com/support/docview.wss?uid=swg24037761
- http://www-01.ibm.com/support/docview.wss?uid=swg24037761
- http://www-01.ibm.com/support/docview.wss?uid=swg24037870
- http://www-01.ibm.com/support/docview.wss?uid=swg24037870
- http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6060&myns=phmc&mync=E
- http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6060&myns=phmc&mync=E
- http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6061&myns=phmc&mync=E
- http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=6061&myns=phmc&mync=E
- http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095737
- http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095737
- http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095740
- http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095740
- http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754
- http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095754
- http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755
- http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095755
- http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756
- http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095756
- http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757
- http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5095757
- https://access.redhat.com/site/blogs/766093/posts/908133
- https://access.redhat.com/site/blogs/766093/posts/908133
- https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues
- https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues
- https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues1
- https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues1
- https://bugzilla.redhat.com/show_bug.cgi?id=1103586
- https://bugzilla.redhat.com/show_bug.cgi?id=1103586
- https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf
- https://discussions.nessus.org/thread/7517
- https://discussions.nessus.org/thread/7517
- https://filezilla-project.org/versions.php?type=server
- https://filezilla-project.org/versions.php?type=server
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=bc8923b1ec9c467755cd86f7848c50ee8812e441
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=bc8923b1ec9c467755cd86f7848c50ee8812e441
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
- https://kb.bluecoat.com/index?page=content&id=SA80
- https://kb.bluecoat.com/index?page=content&id=SA80
- https://kc.mcafee.com/corporate/index?page=content&id=SB10075
- https://kc.mcafee.com/corporate/index?page=content&id=SB10075
- https://www.arista.com/en/support/advisories-notices/security-advisories/941-security-advisory-0005
- https://www.arista.com/en/support/advisories-notices/security-advisories/941-security-advisory-0005
- https://www.ibm.com/support/docview.wss?uid=ssg1S1004670
- https://www.ibm.com/support/docview.wss?uid=ssg1S1004670
- https://www.ibm.com/support/docview.wss?uid=ssg1S1004671
- https://www.ibm.com/support/docview.wss?uid=ssg1S1004671
- https://www.imperialviolet.org/2014/06/05/earlyccs.html
- https://www.imperialviolet.org/2014/06/05/earlyccs.html
- https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_SNARE_for_MSSQL.pdf
- https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_SNARE_for_MSSQL.pdf
- https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_Snare_for_Windows.pdf
- https://www.intersectalliance.com/wp-content/uploads/release_notes/ReleaseNotes_for_Snare_for_Windows.pdf
- https://www.novell.com/support/kb/doc.php?id=7015271
- https://www.novell.com/support/kb/doc.php?id=7015271
Published: 2014-08-14
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-3505
Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (application crash) via crafted DTLS packets that trigger an error condition.
Severity: MEDIUM (5.0)
References:
- NetBSD-SA2014-008
- NetBSD-SA2014-008
- http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc
- http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc
- http://linux.oracle.com/errata/ELSA-2014-1052.html
- http://linux.oracle.com/errata/ELSA-2014-1052.html
- http://linux.oracle.com/errata/ELSA-2014-1053.html
- http://linux.oracle.com/errata/ELSA-2014-1053.html
- FEDORA-2014-9301
- FEDORA-2014-9301
- FEDORA-2014-9308
- FEDORA-2014-9308
- openSUSE-SU-2016:0640
- openSUSE-SU-2016:0640
- openSUSE-SU-2014:1052
- openSUSE-SU-2014:1052
- HPSBUX03095
- HPSBUX03095
- SSRT101674
- SSRT101674
- HPSBOV03099
- HPSBOV03099
- HPSBHF03293
- HPSBHF03293
- SSRT101846
- SSRT101846
- RHSA-2014:1256
- RHSA-2014:1256
- RHSA-2014:1297
- RHSA-2014:1297
- 58962
- 58962
- 59221
- 59221
- 59700
- 59700
- 59710
- 59710
- 59743
- 59743
- 59756
- 59756
- 60022
- 60022
- 60221
- 60221
- 60493
- 60493
- 60684
- 60684
- 60687
- 60687
- 60778
- 60778
- 60803
- 60803
- 60824
- 60824
- 60917
- 60917
- 60921
- 60921
- 60938
- 60938
- 61040
- 61040
- 61100
- 61100
- 61184
- 61184
- 61250
- 61250
- 61775
- 61775
- 61959
- 61959
- GLSA-201412-39
- GLSA-201412-39
- http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html
- http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html
- DSA-2998
- DSA-2998
- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm
- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm
- MDVSA-2014:158
- MDVSA-2014:158
- 69081
- 69081
- 1030693
- 1030693
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240
- http://www-01.ibm.com/support/docview.wss?uid=swg21682293
- http://www-01.ibm.com/support/docview.wss?uid=swg21682293
- http://www-01.ibm.com/support/docview.wss?uid=swg21683389
- http://www-01.ibm.com/support/docview.wss?uid=swg21683389
- http://www-01.ibm.com/support/docview.wss?uid=swg21686997
- http://www-01.ibm.com/support/docview.wss?uid=swg21686997
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=bff1ce4e6a1c57c3d0a5f9e4f85ba6385fccfe8b
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=bff1ce4e6a1c57c3d0a5f9e4f85ba6385fccfe8b
- [syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released
- [syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released
- https://www.openssl.org/news/secadv_20140806.txt
- https://www.openssl.org/news/secadv_20140806.txt
Published: 2014-08-14
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-3506
d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values.
Severity: MEDIUM (5.0)
References:
- NetBSD-SA2014-008
- NetBSD-SA2014-008
- http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc
- http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc
- http://linux.oracle.com/errata/ELSA-2014-1052.html
- http://linux.oracle.com/errata/ELSA-2014-1052.html
- http://linux.oracle.com/errata/ELSA-2014-1053.html
- http://linux.oracle.com/errata/ELSA-2014-1053.html
- FEDORA-2014-9301
- FEDORA-2014-9301
- FEDORA-2014-9308
- FEDORA-2014-9308
- openSUSE-SU-2016:0640
- openSUSE-SU-2016:0640
- openSUSE-SU-2014:1052
- openSUSE-SU-2014:1052
- HPSBUX03095
- HPSBUX03095
- SSRT101674
- SSRT101674
- HPSBOV03099
- HPSBOV03099
- HPSBHF03293
- HPSBHF03293
- SSRT101846
- SSRT101846
- RHSA-2014:1256
- RHSA-2014:1256
- RHSA-2014:1297
- RHSA-2014:1297
- 58962
- 58962
- 59221
- 59221
- 59700
- 59700
- 59710
- 59710
- 59743
- 59743
- 59756
- 59756
- 60022
- 60022
- 60221
- 60221
- 60493
- 60493
- 60684
- 60684
- 60687
- 60687
- 60778
- 60778
- 60803
- 60803
- 60824
- 60824
- 60917
- 60917
- 60921
- 60921
- 60938
- 60938
- 61017
- 61017
- 61040
- 61040
- 61100
- 61100
- 61184
- 61184
- 61250
- 61250
- 61775
- 61775
- 61959
- 61959
- GLSA-201412-39
- GLSA-201412-39
- http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html
- http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html
- DSA-2998
- DSA-2998
- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm
- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm
- MDVSA-2014:158
- MDVSA-2014:158
- 69076
- 69076
- 1030693
- 1030693
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240
- http://www-01.ibm.com/support/docview.wss?uid=swg21682293
- http://www-01.ibm.com/support/docview.wss?uid=swg21682293
- http://www-01.ibm.com/support/docview.wss?uid=swg21683389
- http://www-01.ibm.com/support/docview.wss?uid=swg21683389
- http://www-01.ibm.com/support/docview.wss?uid=swg21686997
- http://www-01.ibm.com/support/docview.wss?uid=swg21686997
- https://bugzilla.redhat.com/show_bug.cgi?id=1127500
- https://bugzilla.redhat.com/show_bug.cgi?id=1127500
- openssl-cve20143506-dos(95160)
- openssl-cve20143506-dos(95160)
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=1250f12613b61758675848f6600ebd914ccd7636
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=1250f12613b61758675848f6600ebd914ccd7636
- [syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released
- [syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released
- FreeBSD-SA-14:18
- FreeBSD-SA-14:18
- https://www.openssl.org/news/secadv_20140806.txt
- https://www.openssl.org/news/secadv_20140806.txt
Published: 2014-08-14
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-3507
Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via zero-length DTLS fragments that trigger improper handling of the return value of a certain insert function.
Severity: MEDIUM (5.0)
References:
- NetBSD-SA2014-008
- NetBSD-SA2014-008
- http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc
- http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc
- http://linux.oracle.com/errata/ELSA-2014-1052.html
- http://linux.oracle.com/errata/ELSA-2014-1052.html
- FEDORA-2014-9301
- FEDORA-2014-9301
- FEDORA-2014-9308
- FEDORA-2014-9308
- openSUSE-SU-2016:0640
- openSUSE-SU-2016:0640
- openSUSE-SU-2014:1052
- openSUSE-SU-2014:1052
- HPSBUX03095
- HPSBUX03095
- SSRT101674
- SSRT101674
- HPSBOV03099
- HPSBOV03099
- HPSBHF03293
- HPSBHF03293
- SSRT101846
- SSRT101846
- 58962
- 58962
- 59700
- 59700
- 59710
- 59710
- 59743
- 59743
- 59756
- 59756
- 60022
- 60022
- 60221
- 60221
- 60493
- 60493
- 60684
- 60684
- 60778
- 60778
- 60803
- 60803
- 60824
- 60824
- 60917
- 60917
- 60921
- 60921
- 60938
- 60938
- 61017
- 61017
- 61040
- 61040
- 61100
- 61100
- 61184
- 61184
- 61250
- 61250
- 61775
- 61775
- 61959
- 61959
- GLSA-201412-39
- GLSA-201412-39
- http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html
- http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15573.html
- DSA-2998
- DSA-2998
- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm
- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm
- MDVSA-2014:158
- MDVSA-2014:158
- 69078
- 69078
- 1030693
- 1030693
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240
- http://www-01.ibm.com/support/docview.wss?uid=swg21682293
- http://www-01.ibm.com/support/docview.wss?uid=swg21682293
- http://www-01.ibm.com/support/docview.wss?uid=swg21683389
- http://www-01.ibm.com/support/docview.wss?uid=swg21683389
- http://www-01.ibm.com/support/docview.wss?uid=swg21686997
- http://www-01.ibm.com/support/docview.wss?uid=swg21686997
- https://bugzilla.redhat.com/show_bug.cgi?id=1127502
- https://bugzilla.redhat.com/show_bug.cgi?id=1127502
- openssl-cve20143507-dos(95161)
- openssl-cve20143507-dos(95161)
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=d0a4b7d1a2948fce38515b8d862f43e7ba0ebf74
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=d0a4b7d1a2948fce38515b8d862f43e7ba0ebf74
- https://kc.mcafee.com/corporate/index?page=content&id=SB10109
- https://kc.mcafee.com/corporate/index?page=content&id=SB10109
- [syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released
- [syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released
- FreeBSD-SA-14:18
- FreeBSD-SA-14:18
- https://www.openssl.org/news/secadv_20140806.txt
- https://www.openssl.org/news/secadv_20140806.txt
Published: 2014-08-14
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-3508
The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i, when pretty printing is used, does not ensure the presence of '\0' characters, which allows context-dependent attackers to obtain sensitive information from process stack memory by reading output from X509_name_oneline, X509_name_print_ex, and unspecified other functions.
Severity: MEDIUM (4.3)
References:
- NetBSD-SA2014-008
- NetBSD-SA2014-008
- http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc
- http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc
- http://linux.oracle.com/errata/ELSA-2014-1052.html
- http://linux.oracle.com/errata/ELSA-2014-1052.html
- http://linux.oracle.com/errata/ELSA-2014-1053.html
- http://linux.oracle.com/errata/ELSA-2014-1053.html
- FEDORA-2014-9301
- FEDORA-2014-9301
- FEDORA-2014-9308
- FEDORA-2014-9308
- SUSE-SU-2015:0578
- SUSE-SU-2015:0578
- openSUSE-SU-2016:0640
- openSUSE-SU-2016:0640
- openSUSE-SU-2014:1052
- openSUSE-SU-2014:1052
- HPSBUX03095
- HPSBUX03095
- SSRT101674
- SSRT101674
- HPSBGN03099
- HPSBGN03099
- HPSBOV03099
- HPSBOV03099
- HPSBMU03260
- HPSBMU03260
- SSRT101894
- SSRT101894
- HPSBMU03267
- HPSBMU03267
- HPSBHF03293
- HPSBHF03293
- SSRT101846
- SSRT101846
- HPSBMU03304
- HPSBMU03304
- HPSBMU03263
- HPSBMU03263
- HPSBMU03261
- HPSBMU03261
- RHSA-2014:1256
- RHSA-2014:1256
- RHSA-2014:1297
- RHSA-2014:1297
- 58962
- 58962
- 59221
- 59221
- 59700
- 59700
- 59710
- 59710
- 59743
- 59743
- 59756
- 59756
- 60022
- 60022
- 60221
- 60221
- 60410
- 60410
- 60493
- 60493
- 60684
- 60684
- 60687
- 60687
- 60778
- 60778
- 60803
- 60803
- 60824
- 60824
- 60861
- 60861
- 60917
- 60917
- 60921
- 60921
- 60938
- 60938
- 61017
- 61017
- 61100
- 61100
- 61171
- 61171
- 61184
- 61184
- 61214
- 61214
- 61250
- 61250
- 61392
- 61392
- 61775
- 61775
- 61959
- 61959
- http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15571.html
- http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15571.html
- DSA-2998
- DSA-2998
- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm
- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm
- MDVSA-2014:158
- MDVSA-2014:158
- 69075
- 69075
- 1030693
- 1030693
- http://www.tenable.com/security/tns-2014-06
- http://www.tenable.com/security/tns-2014-06
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240
- http://www-01.ibm.com/support/docview.wss?uid=swg21681752
- http://www-01.ibm.com/support/docview.wss?uid=swg21681752
- http://www-01.ibm.com/support/docview.wss?uid=swg21682293
- http://www-01.ibm.com/support/docview.wss?uid=swg21682293
- http://www-01.ibm.com/support/docview.wss?uid=swg21683389
- http://www-01.ibm.com/support/docview.wss?uid=swg21683389
- http://www-01.ibm.com/support/docview.wss?uid=swg21686997
- http://www-01.ibm.com/support/docview.wss?uid=swg21686997
- https://blogs.oracle.com/sunsecurity/entry/cve_2014_3508_information_disclosure
- https://blogs.oracle.com/sunsecurity/entry/cve_2014_3508_information_disclosure
- https://bugzilla.redhat.com/show_bug.cgi?id=1127490
- https://bugzilla.redhat.com/show_bug.cgi?id=1127490
- openssl-cve20143508-info-disc(95165)
- openssl-cve20143508-info-disc(95165)
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=0042fb5fd1c9d257d713b15a1f45da05cf5c1c87
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=0042fb5fd1c9d257d713b15a1f45da05cf5c1c87
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- [syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released
- [syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released
- https://support.citrix.com/article/CTX216642
- https://support.citrix.com/article/CTX216642
- FreeBSD-SA-14:18
- FreeBSD-SA-14:18
- https://www.openssl.org/news/secadv_20140806.txt
- https://www.openssl.org/news/secadv_20140806.txt
Published: 2014-08-14
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-3509
Race condition in the ssl_parse_serverhello_tlsext function in t1_lib.c in OpenSSL 1.0.0 before 1.0.0n and 1.0.1 before 1.0.1i, when multithreading and session resumption are used, allows remote SSL servers to cause a denial of service (memory overwrite and client application crash) or possibly have unspecified other impact by sending Elliptic Curve (EC) Supported Point Formats Extension data.
Severity: MEDIUM (6.8)
References:
- NetBSD-SA2014-008
- NetBSD-SA2014-008
- http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc
- http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc
- http://linux.oracle.com/errata/ELSA-2014-1052.html
- http://linux.oracle.com/errata/ELSA-2014-1052.html
- FEDORA-2014-9301
- FEDORA-2014-9301
- FEDORA-2014-9308
- FEDORA-2014-9308
- openSUSE-SU-2014:1052
- openSUSE-SU-2014:1052
- HPSBMU03216
- HPSBMU03216
- SSRT101818
- SSRT101818
- HPSBMU03260
- HPSBMU03260
- SSRT101894
- SSRT101894
- HPSBMU03267
- HPSBMU03267
- HPSBHF03293
- HPSBHF03293
- SSRT101846
- SSRT101846
- HPSBMU03304
- HPSBMU03304
- HPSBMU03263
- HPSBMU03263
- HPSBMU03261
- HPSBMU03261
- RHSA-2015:0197
- RHSA-2015:0197
- 58962
- 58962
- 59700
- 59700
- 59710
- 59710
- 59756
- 59756
- 60022
- 60022
- 60221
- 60221
- 60493
- 60493
- 60684
- 60684
- 60803
- 60803
- 60917
- 60917
- 60921
- 60921
- 60938
- 60938
- 61017
- 61017
- 61100
- 61100
- 61139
- 61139
- 61184
- 61184
- 61775
- 61775
- 61959
- 61959
- GLSA-201412-39
- GLSA-201412-39
- DSA-2998
- DSA-2998
- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm
- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm
- MDVSA-2014:158
- MDVSA-2014:158
- 69084
- 69084
- 1030693
- 1030693
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240
- http://www-01.ibm.com/support/docview.wss?uid=swg21682293
- http://www-01.ibm.com/support/docview.wss?uid=swg21682293
- http://www-01.ibm.com/support/docview.wss?uid=swg21683389
- http://www-01.ibm.com/support/docview.wss?uid=swg21683389
- http://www-01.ibm.com/support/docview.wss?uid=swg21686997
- http://www-01.ibm.com/support/docview.wss?uid=swg21686997
- https://bugzilla.redhat.com/show_bug.cgi?id=1127498
- https://bugzilla.redhat.com/show_bug.cgi?id=1127498
- openssl-cve20143509-dos(95159)
- openssl-cve20143509-dos(95159)
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=fb0bc2b273bcc2d5401dd883fe869af4fc74bb21
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=fb0bc2b273bcc2d5401dd883fe869af4fc74bb21
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- [syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released
- [syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released
- https://support.citrix.com/article/CTX216642
- https://support.citrix.com/article/CTX216642
- https://techzone.ergon.ch/CVE-2014-3511
- https://techzone.ergon.ch/CVE-2014-3511
- FreeBSD-SA-14:18
- FreeBSD-SA-14:18
- https://www.openssl.org/news/secadv_20140806.txt
- https://www.openssl.org/news/secadv_20140806.txt
Published: 2014-08-14
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-3510
The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote DTLS servers to cause a denial of service (NULL pointer dereference and client application crash) via a crafted handshake message in conjunction with a (1) anonymous DH or (2) anonymous ECDH ciphersuite.
Severity: MEDIUM (4.3)
References:
- NetBSD-SA2014-008
- NetBSD-SA2014-008
- http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc
- http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc
- http://linux.oracle.com/errata/ELSA-2014-1052.html
- http://linux.oracle.com/errata/ELSA-2014-1052.html
- http://linux.oracle.com/errata/ELSA-2014-1053.html
- http://linux.oracle.com/errata/ELSA-2014-1053.html
- FEDORA-2014-9301
- FEDORA-2014-9301
- FEDORA-2014-9308
- FEDORA-2014-9308
- openSUSE-SU-2016:0640
- openSUSE-SU-2016:0640
- openSUSE-SU-2014:1052
- openSUSE-SU-2014:1052
- HPSBUX03095
- HPSBUX03095
- SSRT101674
- SSRT101674
- HPSBOV03099
- HPSBOV03099
- HPSBHF03293
- HPSBHF03293
- SSRT101846
- SSRT101846
- RHSA-2014:1256
- RHSA-2014:1256
- RHSA-2014:1297
- RHSA-2014:1297
- 58962
- 58962
- 59221
- 59221
- 59700
- 59700
- 59710
- 59710
- 59743
- 59743
- 59756
- 59756
- 60022
- 60022
- 60221
- 60221
- 60493
- 60493
- 60684
- 60684
- 60687
- 60687
- 60778
- 60778
- 60803
- 60803
- 60824
- 60824
- 60917
- 60917
- 60921
- 60921
- 60938
- 60938
- 61017
- 61017
- 61045
- 61045
- 61100
- 61100
- 61184
- 61184
- 61250
- 61250
- 61775
- 61775
- 61959
- 61959
- GLSA-201412-39
- GLSA-201412-39
- http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15568.html
- http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15568.html
- DSA-2998
- DSA-2998
- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm
- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm
- MDVSA-2014:158
- MDVSA-2014:158
- 69082
- 69082
- 1030693
- 1030693
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240
- http://www-01.ibm.com/support/docview.wss?uid=swg21682293
- http://www-01.ibm.com/support/docview.wss?uid=swg21682293
- http://www-01.ibm.com/support/docview.wss?uid=swg21683389
- http://www-01.ibm.com/support/docview.wss?uid=swg21683389
- http://www-01.ibm.com/support/docview.wss?uid=swg21686997
- http://www-01.ibm.com/support/docview.wss?uid=swg21686997
- https://bugzilla.redhat.com/show_bug.cgi?id=1127503
- https://bugzilla.redhat.com/show_bug.cgi?id=1127503
- openssl-cve20143510-dos(95164)
- openssl-cve20143510-dos(95164)
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=17160033765480453be0a41335fa6b833691c049
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=17160033765480453be0a41335fa6b833691c049
- [syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released
- [syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released
- FreeBSD-SA-14:18
- FreeBSD-SA-14:18
- https://www.openssl.org/news/secadv_20140806.txt
- https://www.openssl.org/news/secadv_20140806.txt
Published: 2014-08-14
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-3511
The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 before 1.0.1i allows man-in-the-middle attackers to force the use of TLS 1.0 by triggering ClientHello message fragmentation in communication between a client and server that both support later TLS versions, related to a "protocol downgrade" issue.
Severity: MEDIUM (4.3)
References:
- NetBSD-SA2014-008
- NetBSD-SA2014-008
- http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc
- http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc
- http://linux.oracle.com/errata/ELSA-2014-1052.html
- http://linux.oracle.com/errata/ELSA-2014-1052.html
- FEDORA-2014-9301
- FEDORA-2014-9301
- FEDORA-2014-9308
- FEDORA-2014-9308
- openSUSE-SU-2014:1052
- openSUSE-SU-2014:1052
- HPSBMU03216
- HPSBMU03216
- SSRT101818
- SSRT101818
- HPSBMU03260
- HPSBMU03260
- SSRT101894
- SSRT101894
- HPSBMU03267
- HPSBMU03267
- HPSBHF03293
- HPSBHF03293
- SSRT101846
- SSRT101846
- HPSBMU03304
- HPSBMU03304
- HPSBMU03263
- HPSBMU03263
- HPSBMU03261
- HPSBMU03261
- RHSA-2015:0126
- RHSA-2015:0126
- RHSA-2015:0197
- RHSA-2015:0197
- 58962
- 58962
- 59700
- 59700
- 59710
- 59710
- 59756
- 59756
- 59887
- 59887
- 60022
- 60022
- 60221
- 60221
- 60377
- 60377
- 60493
- 60493
- 60684
- 60684
- 60803
- 60803
- 60810
- 60810
- 60890
- 60890
- 60917
- 60917
- 60921
- 60921
- 60938
- 60938
- 61017
- 61017
- 61043
- 61043
- 61100
- 61100
- 61139
- 61139
- 61184
- 61184
- 61775
- 61775
- 61959
- 61959
- GLSA-201412-39
- GLSA-201412-39
- http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15564.html
- http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15564.html
- http://www.arubanetworks.com/support/alerts/aid-08182014.txt
- http://www.arubanetworks.com/support/alerts/aid-08182014.txt
- DSA-2998
- DSA-2998
- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm
- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm
- 69079
- 69079
- 1030693
- 1030693
- http://www.splunk.com/view/SP-CAAANHS
- http://www.splunk.com/view/SP-CAAANHS
- http://www.tenable.com/security/tns-2014-06
- http://www.tenable.com/security/tns-2014-06
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240
- http://www-01.ibm.com/support/docview.wss?uid=swg21682293
- http://www-01.ibm.com/support/docview.wss?uid=swg21682293
- http://www-01.ibm.com/support/docview.wss?uid=swg21683389
- http://www-01.ibm.com/support/docview.wss?uid=swg21683389
- http://www-01.ibm.com/support/docview.wss?uid=swg21686997
- http://www-01.ibm.com/support/docview.wss?uid=swg21686997
- https://bugzilla.redhat.com/show_bug.cgi?id=1127504
- https://bugzilla.redhat.com/show_bug.cgi?id=1127504
- openssl-cve20143511-sec-bypass(95162)
- openssl-cve20143511-sec-bypass(95162)
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=280b1f1ad12131defcd986676a8fc9717aaa601b
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=280b1f1ad12131defcd986676a8fc9717aaa601b
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- https://kc.mcafee.com/corporate/index?page=content&id=SB10084
- https://kc.mcafee.com/corporate/index?page=content&id=SB10084
- [syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released
- [syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released
- https://support.citrix.com/article/CTX216642
- https://support.citrix.com/article/CTX216642
- https://techzone.ergon.ch/CVE-2014-3511
- https://techzone.ergon.ch/CVE-2014-3511
- FreeBSD-SA-14:18
- FreeBSD-SA-14:18
- https://www.openssl.org/news/secadv_20140806.txt
- https://www.openssl.org/news/secadv_20140806.txt
Published: 2014-08-14
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-3512
Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP implementation in OpenSSL 1.0.1 before 1.0.1i allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid SRP (1) g, (2) A, or (3) B parameter.
Severity: HIGH (7.5)
References:
- NetBSD-SA2014-008
- NetBSD-SA2014-008
- http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc
- http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc
- openSUSE-SU-2014:1052
- openSUSE-SU-2014:1052
- HPSBHF03293
- HPSBHF03293
- SSRT101846
- SSRT101846
- 59700
- 59700
- 59710
- 59710
- 59756
- 59756
- 60022
- 60022
- 60221
- 60221
- 60493
- 60493
- 60803
- 60803
- 60810
- 60810
- 60917
- 60917
- 60921
- 60921
- 61017
- 61017
- 61100
- 61100
- 61171
- 61171
- 61184
- 61184
- 61775
- 61775
- 61959
- 61959
- GLSA-201412-39
- GLSA-201412-39
- http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15565.html
- http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15565.html
- DSA-2998
- DSA-2998
- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm
- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm
- 69083
- 69083
- 1030693
- 1030693
- http://www.tenable.com/security/tns-2014-06
- http://www.tenable.com/security/tns-2014-06
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240
- http://www-01.ibm.com/support/docview.wss?uid=swg21682293
- http://www-01.ibm.com/support/docview.wss?uid=swg21682293
- http://www-01.ibm.com/support/docview.wss?uid=swg21683389
- http://www-01.ibm.com/support/docview.wss?uid=swg21683389
- http://www-01.ibm.com/support/docview.wss?uid=swg21686997
- http://www-01.ibm.com/support/docview.wss?uid=swg21686997
- openssl-cve20143512-dos(95158)
- openssl-cve20143512-dos(95158)
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=4a23b12a031860253b58d503f296377ca076427b
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=4a23b12a031860253b58d503f296377ca076427b
- [syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released
- [syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released
- FreeBSD-SA-14:18
- FreeBSD-SA-14:18
- https://www.openssl.org/news/secadv_20140806.txt
- https://www.openssl.org/news/secadv_20140806.txt
Published: 2014-10-19
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-3513
Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message.
Severity: HIGH (7.1)
References:
- NetBSD-SA2014-015
- NetBSD-SA2014-015
- http://advisories.mageia.org/MGASA-2014-0416.html
- http://advisories.mageia.org/MGASA-2014-0416.html
- http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc
- http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc
- APPLE-SA-2015-09-16-2
- APPLE-SA-2015-09-16-2
- openSUSE-SU-2014:1331
- openSUSE-SU-2014:1331
- SUSE-SU-2014:1357
- SUSE-SU-2014:1357
- HPSBGN03233
- HPSBGN03233
- SSRT101739
- SSRT101739
- SSRT101868
- SSRT101868
- HPSBMU03260
- HPSBMU03260
- SSRT101894
- SSRT101894
- HPSBMU03267
- HPSBMU03267
- HPSBMU03304
- HPSBMU03304
- HPSBHF03300
- HPSBHF03300
- HPSBMU03296
- HPSBMU03296
- HPSBMU03263
- HPSBMU03263
- HPSBMU03261
- HPSBMU03261
- HPSBMU03223
- HPSBMU03223
- RHSA-2014:1652
- RHSA-2014:1652
- RHSA-2014:1692
- RHSA-2014:1692
- 59627
- 59627
- 61058
- 61058
- 61073
- 61073
- 61207
- 61207
- 61298
- 61298
- 61439
- 61439
- 61837
- 61837
- 61959
- 61959
- 61990
- 61990
- 62070
- 62070
- GLSA-201412-39
- GLSA-201412-39
- DSA-3053
- DSA-3053
- MDVSA-2015:062
- MDVSA-2015:062
- 70584
- 70584
- 1031052
- 1031052
- USN-2385-1
- USN-2385-1
- http://www-01.ibm.com/support/docview.wss?uid=swg21686997
- http://www-01.ibm.com/support/docview.wss?uid=swg21686997
- https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6
- https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=2b0532f3984324ebe1236a63d15893792384328d
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=2b0532f3984324ebe1236a63d15893792384328d
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- https://kc.mcafee.com/corporate/index?page=content&id=SB10091
- https://kc.mcafee.com/corporate/index?page=content&id=SB10091
- https://support.apple.com/HT205217
- https://support.apple.com/HT205217
- https://support.f5.com/kb/en-us/solutions/public/15000/700/sol15722.html
- https://support.f5.com/kb/en-us/solutions/public/15000/700/sol15722.html
- https://www.openssl.org/news/secadv_20141015.txt
- https://www.openssl.org/news/secadv_20141015.txt
Published: 2014-10-15
Modified: 2024-11-27
Modified: 2024-11-27
CVE-2014-3566
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Severity: LOW (3.4)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
References:
- NetBSD-SA2014-015
- NetBSD-SA2014-015
- http://advisories.mageia.org/MGASA-2014-0416.html
- http://advisories.mageia.org/MGASA-2014-0416.html
- http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc
- http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc
- APPLE-SA-2014-10-16-1
- APPLE-SA-2014-10-16-1
- APPLE-SA-2014-10-16-3
- APPLE-SA-2014-10-16-3
- http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566
- http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566
- http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html
- http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html
- http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/
- http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/
- http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx
- http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx
- http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf
- http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf
- http://downloads.asterisk.org/pub/security/AST-2014-011.html
- http://downloads.asterisk.org/pub/security/AST-2014-011.html
- http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
- http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
- HPSBUX03281
- HPSBUX03281
- http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034
- http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- APPLE-SA-2015-01-27-4
- APPLE-SA-2015-01-27-4
- APPLE-SA-2015-09-16-2
- APPLE-SA-2015-09-16-2
- FEDORA-2014-12951
- FEDORA-2014-12951
- FEDORA-2014-13069
- FEDORA-2014-13069
- FEDORA-2014-13012
- FEDORA-2014-13012
- FEDORA-2015-9110
- FEDORA-2015-9110
- FEDORA-2015-9090
- FEDORA-2015-9090
- openSUSE-SU-2014:1331
- openSUSE-SU-2014:1331
- SUSE-SU-2014:1357
- SUSE-SU-2014:1357
- SUSE-SU-2014:1361
- SUSE-SU-2014:1361
- SUSE-SU-2014:1526
- SUSE-SU-2014:1526
- SUSE-SU-2014:1549
- SUSE-SU-2014:1549
- openSUSE-SU-2015:0190
- openSUSE-SU-2015:0190
- SUSE-SU-2015:0336
- SUSE-SU-2015:0336
- SUSE-SU-2015:0344
- SUSE-SU-2015:0344
- SUSE-SU-2015:0345
- SUSE-SU-2015:0345
- SUSE-SU-2015:0376
- SUSE-SU-2015:0376
- SUSE-SU-2015:0392
- SUSE-SU-2015:0392
- SUSE-SU-2015:0503
- SUSE-SU-2015:0503
- SUSE-SU-2015:0578
- SUSE-SU-2015:0578
- openSUSE-SU-2016:0640
- openSUSE-SU-2016:0640
- SUSE-SU-2016:1457
- SUSE-SU-2016:1457
- SUSE-SU-2016:1459
- SUSE-SU-2016:1459
- HPSBMU03152
- HPSBMU03152
- HPSBHF03156
- HPSBHF03156
- HPSBUX03162
- HPSBUX03162
- HPSBUX03162
- HPSBUX03162
- SSRT101767
- SSRT101767
- SSRT101767
- SSRT101767
- HPSBGN03191
- HPSBGN03191
- HPSBMU03184
- HPSBMU03184
- HPSBGN03164
- HPSBGN03164
- HPSBGN03192
- HPSBGN03192
- HPSBMU03183
- HPSBMU03183
- HPSBMU03214
- HPSBMU03214
- HPSBGN03201
- HPSBGN03201
- HPSBGN03203
- HPSBGN03203
- HPSBGN03202
- HPSBGN03202
- HPSBGN03209
- HPSBGN03209
- HPSBGN03205
- HPSBGN03205
- HPSBGN03222
- HPSBGN03222
- HPSBGN03208
- HPSBGN03208
- HPSBGN03208
- HPSBGN03208
- SSRT101838
- SSRT101838
- SSRT101838
- SSRT101838
- HPSBMU03221
- HPSBMU03221
- HPSBMU03221
- HPSBMU03221
- SSRT101849
- SSRT101849
- SSRT101849
- SSRT101849
- HPSBOV03227
- HPSBOV03227
- HPSBOV03227
- HPSBOV03227
- SSRT101779
- SSRT101779
- SSRT101779
- SSRT101779
- HPSBGN03233
- HPSBGN03233
- HPSBGN03233
- HPSBGN03233
- HPSBGN03233
- HPSBGN03233
- SSRT101739
- SSRT101739
- SSRT101739
- SSRT101739
- SSRT101739
- SSRT101739
- SSRT101868
- SSRT101868
- SSRT101868
- SSRT101868
- SSRT101868
- SSRT101868
- HPSBGN03237
- HPSBGN03237
- HPSBGN03237
- HPSBGN03237
- SSRT101854
- SSRT101854
- SSRT101854
- SSRT101854
- HPSBGN03253
- HPSBGN03253
- HPSBGN03253
- HPSBGN03253
- SSRT101897
- SSRT101897
- SSRT101897
- SSRT101897
- HPSBGN03254
- HPSBGN03254
- HPSBGN03254
- HPSBGN03254
- SSRT101898
- SSRT101898
- SSRT101898
- SSRT101898
- HPSBGN03252
- HPSBGN03252
- HPSBGN03252
- HPSBGN03252
- SSRT101896
- SSRT101896
- SSRT101896
- SSRT101896
- HPSBGN03251
- HPSBGN03251
- HPSBGN03251
- HPSBGN03251
- SSRT101899
- SSRT101899
- SSRT101899
- SSRT101899
- HPSBGN03255
- HPSBGN03255
- HPSBGN03255
- HPSBGN03255
- SSRT101928
- SSRT101928
- SSRT101928
- SSRT101928
- HPSBMU03260
- HPSBMU03260
- HPSBMU03260
- HPSBMU03260
- SSRT101894
- SSRT101894
- SSRT101894
- SSRT101894
- HPSBUX03273
- HPSBUX03273
- HPSBUX03273
- HPSBUX03273
- SSRT101951
- SSRT101951
- SSRT101951
- SSRT101951
- HPSBST03265
- HPSBST03265
- SSRT101968
- SSRT101968
- HPSBMU03267
- HPSBMU03267
- SSRT101922
- SSRT101922
- HPSBMU03259
- HPSBMU03259
- HPSBMU03283
- HPSBMU03283
- HPSBMU03283
- HPSBMU03283
- SSRT101916
- SSRT101916
- SSRT101916
- SSRT101916
- HPSBMU03262
- HPSBMU03262
- HPSBMU03262
- HPSBMU03262
- SSRT101921
- SSRT101921
- SSRT101921
- SSRT101921
- HPSBHF03293
- HPSBHF03293
- HPSBHF03293
- HPSBHF03293
- SSRT101846
- SSRT101846
- SSRT101846
- SSRT101846
- HPSBMU03301
- HPSBMU03301
- HPSBMU03301
- HPSBMU03301
- SSRT101998
- SSRT101998
- SSRT101998
- SSRT101998
- HPSBHF03275
- HPSBHF03275
- HPSBHF03275
- HPSBHF03275
- SSRT101790
- SSRT101790
- SSRT101790
- SSRT101790
- HPSBMU03294
- HPSBMU03294
- HPSBMU03294
- HPSBMU03294
- SSRT101795
- SSRT101795
- SSRT101795
- SSRT101795
- HPSBMU03304
- HPSBMU03304
- HPSBHF03300
- HPSBHF03300
- HPSBST03195
- HPSBST03195
- HPSBGN03305
- HPSBGN03305
- HPSBMU03241
- HPSBMU03241
- HPSBMU03241
- HPSBMU03241
- SSRT101892
- SSRT101892
- SSRT101892
- SSRT101892
- HPSBUX03194
- HPSBUX03194
- HPSBUX03194
- HPSBUX03194
- SSRT101834
- SSRT101834
- SSRT101834
- SSRT101834
- HPSBGN03332
- HPSBGN03332
- HPSBMU03263
- HPSBMU03263
- HPSBMU03261
- HPSBMU03261
- HPSBMU03223
- HPSBMU03223
- HPSBPI03107
- HPSBPI03107
- HPSBPI03360
- HPSBPI03360
- HPSBMU03234
- HPSBMU03234
- HPSBMU03416
- HPSBMU03416
- HPSBST03418
- HPSBST03418
- HPSBGN03391
- HPSBGN03391
- HPSBGN03569
- HPSBGN03569
- [openssl-dev] 20141014 Patch to mitigate CVE-2014-3566 ("POODLE")
- [openssl-dev] 20141014 Patch to mitigate CVE-2014-3566 ("POODLE")
- http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.html
- http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.html
- RHSA-2014:1652
- RHSA-2014:1652
- RHSA-2014:1653
- RHSA-2014:1653
- RHSA-2014:1692
- RHSA-2014:1692
- RHSA-2014:1876
- RHSA-2014:1876
- RHSA-2014:1877
- RHSA-2014:1877
- RHSA-2014:1880
- RHSA-2014:1880
- RHSA-2014:1881
- RHSA-2014:1881
- RHSA-2014:1882
- RHSA-2014:1882
- RHSA-2014:1920
- RHSA-2014:1920
- RHSA-2014:1948
- RHSA-2014:1948
- RHSA-2015:0068
- RHSA-2015:0068
- RHSA-2015:0079
- RHSA-2015:0079
- RHSA-2015:0080
- RHSA-2015:0080
- RHSA-2015:0085
- RHSA-2015:0085
- RHSA-2015:0086
- RHSA-2015:0086
- RHSA-2015:0264
- RHSA-2015:0264
- RHSA-2015:0698
- RHSA-2015:0698
- RHSA-2015:1545
- RHSA-2015:1545
- RHSA-2015:1546
- RHSA-2015:1546
- 59627
- 59627
- 60056
- 60056
- 60206
- 60206
- 60792
- 60792
- 60859
- 60859
- 61019
- 61019
- 61130
- 61130
- 61303
- 61303
- 61316
- 61316
- 61345
- 61345
- 61359
- 61359
- 61782
- 61782
- 61810
- 61810
- 61819
- 61819
- 61825
- 61825
- 61827
- 61827
- 61926
- 61926
- 61995
- 61995
- http://support.apple.com/HT204244
- http://support.apple.com/HT204244
- http://support.citrix.com/article/CTX200238
- http://support.citrix.com/article/CTX200238
- 20141014 SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
- 20141014 SSL Padding Oracle On Downgraded Legacy Encryption (POODLE) Vulnerability
- DSA-3053
- DSA-3053
- DSA-3144
- DSA-3144
- DSA-3147
- DSA-3147
- DSA-3253
- DSA-3253
- DSA-3489
- DSA-3489
- VU#577193
- VU#577193
- MDVSA-2014:203
- MDVSA-2014:203
- MDVSA-2015:062
- MDVSA-2015:062
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
- http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
- http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- APPLE-SA-2014-10-16-4
- APPLE-SA-2014-10-16-4
- APPLE-SA-2014-10-20-2
- APPLE-SA-2014-10-20-2
- APPLE-SA-2014-10-20-1
- APPLE-SA-2014-10-20-1
- 70574
- 70574
- 1031029
- 1031029
- 1031039
- 1031039
- 1031085
- 1031085
- 1031086
- 1031086
- 1031087
- 1031087
- 1031088
- 1031088
- 1031089
- 1031089
- 1031090
- 1031090
- 1031091
- 1031091
- 1031092
- 1031092
- 1031093
- 1031093
- 1031094
- 1031094
- 1031095
- 1031095
- 1031096
- 1031096
- 1031105
- 1031105
- 1031106
- 1031106
- 1031107
- 1031107
- 1031120
- 1031120
- 1031123
- 1031123
- 1031124
- 1031124
- 1031130
- 1031130
- 1031131
- 1031131
- 1031132
- 1031132
- USN-2486-1
- USN-2486-1
- USN-2487-1
- USN-2487-1
- TA14-290A
- TA14-290A
- http://www.vmware.com/security/advisories/VMSA-2015-0003.html
- http://www.vmware.com/security/advisories/VMSA-2015-0003.html
- http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
- http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0
- http://www-01.ibm.com/support/docview.wss?uid=isg3T1021431
- http://www-01.ibm.com/support/docview.wss?uid=isg3T1021431
- http://www-01.ibm.com/support/docview.wss?uid=isg3T1021439
- http://www-01.ibm.com/support/docview.wss?uid=isg3T1021439
- http://www-01.ibm.com/support/docview.wss?uid=swg21686997
- http://www-01.ibm.com/support/docview.wss?uid=swg21686997
- http://www-01.ibm.com/support/docview.wss?uid=swg21687172
- http://www-01.ibm.com/support/docview.wss?uid=swg21687172
- http://www-01.ibm.com/support/docview.wss?uid=swg21687611
- http://www-01.ibm.com/support/docview.wss?uid=swg21687611
- http://www-01.ibm.com/support/docview.wss?uid=swg21688283
- http://www-01.ibm.com/support/docview.wss?uid=swg21688283
- http://www-01.ibm.com/support/docview.wss?uid=swg21692299
- http://www-01.ibm.com/support/docview.wss?uid=swg21692299
- http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm
- http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm
- https://access.redhat.com/articles/1232123
- https://access.redhat.com/articles/1232123
- https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
- https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
- https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6
- https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6
- https://bto.bluecoat.com/security-advisory/sa83
- https://bto.bluecoat.com/security-advisory/sa83
- https://bugzilla.mozilla.org/show_bug.cgi?id=1076983
- https://bugzilla.mozilla.org/show_bug.cgi?id=1076983
- https://bugzilla.redhat.com/show_bug.cgi?id=1152789
- https://bugzilla.redhat.com/show_bug.cgi?id=1152789
- https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip
- https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip
- https://github.com/mpgn/poodle-PoC
- https://github.com/mpgn/poodle-PoC
- https://groups.google.com/forum/#%21topic/docker-user/oYm0i3xShJU
- https://groups.google.com/forum/#%21topic/docker-user/oYm0i3xShJU
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
- https://kc.mcafee.com/corporate/index?page=content&id=SB10090
- https://kc.mcafee.com/corporate/index?page=content&id=SB10090
- https://kc.mcafee.com/corporate/index?page=content&id=SB10091
- https://kc.mcafee.com/corporate/index?page=content&id=SB10091
- https://kc.mcafee.com/corporate/index?page=content&id=SB10104
- https://kc.mcafee.com/corporate/index?page=content&id=SB10104
- [cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html
- [cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html
- [cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html
- [cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html
- [cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html
- [cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html
- [cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html
- [cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html
- [cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html
- [cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html
- [cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html
- [cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html
- https://puppet.com/security/cve/poodle-sslv3-vulnerability
- https://puppet.com/security/cve/poodle-sslv3-vulnerability
- GLSA-201507-14
- GLSA-201507-14
- GLSA-201606-11
- GLSA-201606-11
- https://security.netapp.com/advisory/ntap-20141015-0001/
- https://security.netapp.com/advisory/ntap-20141015-0001/
- https://support.apple.com/HT205217
- https://support.apple.com/HT205217
- https://support.apple.com/kb/HT6527
- https://support.apple.com/kb/HT6527
- https://support.apple.com/kb/HT6529
- https://support.apple.com/kb/HT6529
- https://support.apple.com/kb/HT6531
- https://support.apple.com/kb/HT6531
- https://support.apple.com/kb/HT6535
- https://support.apple.com/kb/HT6535
- https://support.apple.com/kb/HT6536
- https://support.apple.com/kb/HT6536
- https://support.apple.com/kb/HT6541
- https://support.apple.com/kb/HT6541
- https://support.apple.com/kb/HT6542
- https://support.apple.com/kb/HT6542
- https://support.citrix.com/article/CTX216642
- https://support.citrix.com/article/CTX216642
- https://support.lenovo.com/product_security/poodle
- https://support.lenovo.com/product_security/poodle
- https://support.lenovo.com/us/en/product_security/poodle
- https://support.lenovo.com/us/en/product_security/poodle
- https://technet.microsoft.com/library/security/3009008.aspx
- https://technet.microsoft.com/library/security/3009008.aspx
- https://templatelab.com/ssl-poodle/
- https://www.arista.com/en/support/advisories-notices/security-advisories/1015-security-advisory-7
- https://www.arista.com/en/support/advisories-notices/security-advisories/1015-security-advisory-7
- https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html
- https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html
- https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html
- https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html
- https://www.elastic.co/blog/logstash-1-4-3-released
- https://www.elastic.co/blog/logstash-1-4-3-released
- https://www.imperialviolet.org/2014/10/14/poodle.html
- https://www.imperialviolet.org/2014/10/14/poodle.html
- https://www.openssl.org/~bodo/ssl-poodle.pdf
- https://www.openssl.org/~bodo/ssl-poodle.pdf
- https://www.openssl.org/news/secadv_20141015.txt
- https://www.openssl.org/news/secadv_20141015.txt
- https://www.suse.com/support/kb/doc.php?id=7015773
- https://www.suse.com/support/kb/doc.php?id=7015773
- https://www-01.ibm.com/support/docview.wss?uid=swg21688165
- https://www-01.ibm.com/support/docview.wss?uid=swg21688165
Published: 2014-10-19
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-3567
Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure.
Severity: HIGH (7.1)
References:
- NetBSD-SA2014-015
- NetBSD-SA2014-015
- http://advisories.mageia.org/MGASA-2014-0416.html
- http://advisories.mageia.org/MGASA-2014-0416.html
- http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc
- http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc
- APPLE-SA-2015-01-27-4
- APPLE-SA-2015-01-27-4
- APPLE-SA-2015-09-16-2
- APPLE-SA-2015-09-16-2
- openSUSE-SU-2014:1331
- openSUSE-SU-2014:1331
- SUSE-SU-2014:1357
- SUSE-SU-2014:1357
- SUSE-SU-2014:1361
- SUSE-SU-2014:1361
- openSUSE-SU-2016:0640
- openSUSE-SU-2016:0640
- HPSBUX03162
- HPSBUX03162
- SSRT101767
- SSRT101767
- HPSBOV03227
- HPSBOV03227
- SSRT101779
- SSRT101779
- HPSBGN03233
- HPSBGN03233
- SSRT101739
- SSRT101739
- SSRT101868
- SSRT101868
- HPSBMU03260
- HPSBMU03260
- SSRT101894
- SSRT101894
- HPSBMU03267
- HPSBMU03267
- HPSBMU03304
- HPSBMU03304
- HPSBHF03300
- HPSBHF03300
- HPSBMU03296
- HPSBMU03296
- HPSBMU03263
- HPSBMU03263
- HPSBMU03261
- HPSBMU03261
- HPSBMU03223
- HPSBMU03223
- RHSA-2014:1652
- RHSA-2014:1652
- RHSA-2014:1692
- RHSA-2014:1692
- RHSA-2015:0126
- RHSA-2015:0126
- 59627
- 59627
- 61058
- 61058
- 61073
- 61073
- 61130
- 61130
- 61207
- 61207
- 61298
- 61298
- 61819
- 61819
- 61837
- 61837
- 61959
- 61959
- 61990
- 61990
- 62030
- 62030
- 62070
- 62070
- 62124
- 62124
- GLSA-201412-39
- GLSA-201412-39
- http://support.apple.com/HT204244
- http://support.apple.com/HT204244
- DSA-3053
- DSA-3053
- MDVSA-2014:203
- MDVSA-2014:203
- MDVSA-2015:062
- MDVSA-2015:062
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- 70586
- 70586
- 1031052
- 1031052
- http://www.splunk.com/view/SP-CAAANST
- http://www.splunk.com/view/SP-CAAANST
- USN-2385-1
- USN-2385-1
- http://www-01.ibm.com/support/docview.wss?uid=swg21686997
- http://www-01.ibm.com/support/docview.wss?uid=swg21686997
- https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6
- https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=7fd4ce6a997be5f5c9e744ac527725c2850de203
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=7fd4ce6a997be5f5c9e744ac527725c2850de203
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- https://kc.mcafee.com/corporate/index?page=content&id=SB10091
- https://kc.mcafee.com/corporate/index?page=content&id=SB10091
- https://support.apple.com/HT205217
- https://support.apple.com/HT205217
- https://support.citrix.com/article/CTX216642
- https://support.citrix.com/article/CTX216642
- https://www.openssl.org/news/secadv_20141015.txt
- https://www.openssl.org/news/secadv_20141015.txt
Published: 2014-10-19
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-3568
OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c.
Severity: MEDIUM (4.3)
References:
- NetBSD-SA2014-015
- NetBSD-SA2014-015
- APPLE-SA-2015-01-27-4
- APPLE-SA-2015-01-27-4
- APPLE-SA-2015-09-16-2
- APPLE-SA-2015-09-16-2
- openSUSE-SU-2014:1331
- openSUSE-SU-2014:1331
- SUSE-SU-2014:1357
- SUSE-SU-2014:1357
- SUSE-SU-2014:1361
- SUSE-SU-2014:1361
- SUSE-SU-2015:0578
- SUSE-SU-2015:0578
- openSUSE-SU-2016:0640
- openSUSE-SU-2016:0640
- HPSBUX03162
- HPSBUX03162
- SSRT101767
- SSRT101767
- HPSBOV03227
- HPSBOV03227
- SSRT101779
- SSRT101779
- HPSBMU03260
- HPSBMU03260
- SSRT101894
- SSRT101894
- HPSBMU03267
- HPSBMU03267
- HPSBMU03304
- HPSBMU03304
- HPSBHF03300
- HPSBHF03300
- HPSBMU03263
- HPSBMU03263
- HPSBMU03261
- HPSBMU03261
- 59627
- 59627
- 61058
- 61058
- 61073
- 61073
- 61130
- 61130
- 61207
- 61207
- 61819
- 61819
- 61959
- 61959
- 62030
- 62030
- 62070
- 62070
- 62124
- 62124
- GLSA-201412-39
- GLSA-201412-39
- http://support.apple.com/HT204244
- http://support.apple.com/HT204244
- DSA-3053
- DSA-3053
- 70585
- 70585
- 1031053
- 1031053
- http://www-01.ibm.com/support/docview.wss?uid=swg21686997
- http://www-01.ibm.com/support/docview.wss?uid=swg21686997
- https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6
- https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6
- openssl-cve20143568-sec-bypass(97037)
- openssl-cve20143568-sec-bypass(97037)
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=26a59d9b46574e457870197dffa802871b4c8fc7
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=26a59d9b46574e457870197dffa802871b4c8fc7
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- https://kc.mcafee.com/corporate/index?page=content&id=SB10091
- https://kc.mcafee.com/corporate/index?page=content&id=SB10091
- https://support.apple.com/HT205217
- https://support.apple.com/HT205217
- https://support.citrix.com/article/CTX216642
- https://support.citrix.com/article/CTX216642
- https://www.openssl.org/news/secadv_20141015.txt
- https://www.openssl.org/news/secadv_20141015.txt
Published: 2014-08-14
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-5139
The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client.
Severity: MEDIUM (4.3)
References:
- NetBSD-SA2014-008
- NetBSD-SA2014-008
- http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc
- http://aix.software.ibm.com/aix/efixes/security/openssl_advisory10.asc
- openSUSE-SU-2014:1052
- openSUSE-SU-2014:1052
- HPSBMU03216
- HPSBMU03216
- SSRT101818
- SSRT101818
- HPSBMU03260
- HPSBMU03260
- SSRT101894
- SSRT101894
- HPSBMU03267
- HPSBMU03267
- SSRT101922
- SSRT101922
- HPSBMU03259
- HPSBMU03259
- HPSBMU03283
- HPSBMU03283
- SSRT101916
- SSRT101916
- HPSBMU03262
- HPSBMU03262
- SSRT101921
- SSRT101921
- HPSBHF03293
- HPSBHF03293
- SSRT101846
- SSRT101846
- HPSBMU03304
- HPSBMU03304
- HPSBMU03263
- HPSBMU03263
- HPSBMU03261
- HPSBMU03261
- 59700
- 59700
- 59710
- 59710
- 59756
- 59756
- 60022
- 60022
- 60221
- 60221
- 60493
- 60493
- 60803
- 60803
- 60810
- 60810
- 60917
- 60917
- 60921
- 60921
- 61017
- 61017
- 61100
- 61100
- 61171
- 61171
- 61184
- 61184
- 61392
- 61392
- 61775
- 61775
- 61959
- 61959
- GLSA-201412-39
- GLSA-201412-39
- http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15567.html
- http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15567.html
- DSA-2998
- DSA-2998
- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm
- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-372998.htm
- 69077
- 69077
- 1030693
- 1030693
- http://www.tenable.com/security/tns-2014-06
- http://www.tenable.com/security/tns-2014-06
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240
- http://www-01.ibm.com/support/docview.wss?uid=nas8N1020240
- http://www-01.ibm.com/support/docview.wss?uid=swg21682293
- http://www-01.ibm.com/support/docview.wss?uid=swg21682293
- http://www-01.ibm.com/support/docview.wss?uid=swg21683389
- http://www-01.ibm.com/support/docview.wss?uid=swg21683389
- http://www-01.ibm.com/support/docview.wss?uid=swg21686997
- http://www-01.ibm.com/support/docview.wss?uid=swg21686997
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=80bd7b41b30af6ee96f519e629463583318de3b0
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=80bd7b41b30af6ee96f519e629463583318de3b0
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=83764a989dcc87fbea337da5f8f86806fe767b7e
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commit%3Bh=83764a989dcc87fbea337da5f8f86806fe767b7e
- [syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released
- [syslog-ng-announce] 20140910 syslog-ng Premium Edition 5 LTS (5.0.6a) has been released
- FreeBSD-SA-14:18
- FreeBSD-SA-14:18
- https://www.openssl.org/news/secadv_20140806.txt
- https://www.openssl.org/news/secadv_20140806.txt