Executive Summary

Summary
Title openssl security update
Informations
Name DSA-2908 First vendor Publication 2014-04-17
Vendor Debian Last vendor Modification 2014-04-17
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:N/I:P/A:P)
Cvss Base Score 4 Attack Range Network
Cvss Impact Score 4.9 Attack Complexity High
Cvss Expoit Score 4.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple vulnerabilities have been discovered in OpenSSL. The following Common Vulnerabilities and Exposures project ids identify them:

CVE-2010-5298

A read buffer can be freed even when it still contains data that is used later on, leading to a use-after-free. Given a race condition in a multi-threaded application it may permit an attacker to inject data from one connection into another or cause denial of service.

CVE-2014-0076

ECDSA nonces can be recovered through the Yarom/Benger FLUSH+RELOAD cache side-channel attack.

A third issue, with no CVE id, is the missing detection of the "critical" flag for the TSA extended key usage under certain cases.

Additionally, this update checks for more services that might need to be restarted after upgrades of libssl, corrects the detection of apache2 and postgresql, and adds support for the 'libraries/restart-without-asking' debconf configuration. This allows services to be restarted on upgrade without prompting.

The oldstable distribution (squeeze) is not affected by CVE-2010-5298 and it might be updated at a later time to address the remaining vulnerabilities.

For the stable distribution (wheezy), these problems have been fixed in version 1.0.1e-2+deb7u7.

For the testing distribution (jessie), these problems will be fixed soon.

For the unstable distribution (sid), these problems have been fixed in version 1.0.1g-3.

We recommend that you upgrade your openssl packages.

Original Source

Url : http://www.debian.org/security/2014/dsa-2908

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-362 Race Condition
50 % CWE-310 Cryptographic Issues

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:24137
 
Oval ID: oval:org.mitre.oval:def:24137
Title: The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior
Description: The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0076
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): OpenSSL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24397
 
Oval ID: oval:org.mitre.oval:def:24397
Title: Vulnerability in OpenSSL through 1.0.1g, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error)
Description: Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.
Family: windows Class: vulnerability
Reference(s): CVE-2010-5298
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): OpenSSL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24606
 
Oval ID: oval:org.mitre.oval:def:24606
Title: USN-2165-1 -- openssl vulnerabilities
Description: OpenSSL could be made to expose sensitive information over the network, possibly including private keys.
Family: unix Class: patch
Reference(s): USN-2165-1
CVE-2014-0160
CVE-2014-0076
Version: 5
Platform(s): Ubuntu 13.10
Ubuntu 12.10
Ubuntu 12.04
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24638
 
Oval ID: oval:org.mitre.oval:def:24638
Title: Race condition in the ssl3_read_bytes function in s3_pkt.c in
Description: Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.
Family: unix Class: vulnerability
Reference(s): CVE-2010-5298
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24677
 
Oval ID: oval:org.mitre.oval:def:24677
Title: SUSE-SU-2014:0761-1 -- Security update for OpenSSL
Description: OpenSSL was updated to fix several vulnerabilities: * SSL/TLS MITM vulnerability. (CVE-2014-0224) * DTLS recursion flaw. (CVE-2014-0221) * Anonymous ECDH denial of service. (CVE-2014-3470) * Using the FLUSH+RELOAD Cache Side-channel Attack the nonces could have been recovered. (CVE-2014-0076)
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0761-1
CVE-2014-0224
CVE-2014-0221
CVE-2014-3470
CVE-2014-0076
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
Product(s): OpenSSL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24781
 
Oval ID: oval:org.mitre.oval:def:24781
Title: SUSE-SU-2014:0538-1 -- Security update for OpenSSL
Description: OpenSSL has been updated to fix an attack on ECDSA Nonces. Using the FLUSH+RELOAD Cache Side-channel Attack the Nonces could have been recovered. (CVE-2014-0076) Security Issue reference: * CVE-2014-0076 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 >
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0538-1
CVE-2014-0076
Version: 3
Platform(s): SUSE Linux Enterprise Server 10
Product(s): OpenSSL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25004
 
Oval ID: oval:org.mitre.oval:def:25004
Title: Remote Denial of Service (DoS)
Description: The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0076
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25286
 
Oval ID: oval:org.mitre.oval:def:25286
Title: SUSE-SU-2014:0541-1 -- Security update for OpenSSL
Description: OpenSSL has been updated to fix an attack on ECDSA Nonces. Using the FLUSH+RELOAD Cache Side-channel Attack the Nonces could have been recovered. This update also ensures that the stack is marked non-executable on x86 32bit (bnc#870192). On other processor platforms it was already marked as non-executable before. Security Issue reference: * CVE-2014-0076 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 >
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0541-1
CVE-2014-0076
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): OpenSSL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25448
 
Oval ID: oval:org.mitre.oval:def:25448
Title: SUSE-SU-2014:0539-1 -- Security update for OpenSSL
Description: OpenSSL has been updated to fix an attack on ECDSA Nonces. Using the FLUSH+RELOAD Cache Side-channel Attack the Nonces could be recovered. (CVE-2014-0076) The update also enables use of SHA-2 family certificate verification of X.509 certificates used in todays SSL certificate infrastructure. Security Issue reference: * CVE-2014-0076 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 >
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0539-1
CVE-2014-0076
Version: 3
Platform(s): SUSE Linux Enterprise Server 10
Product(s): OpenSSL
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 89
Application 319
Os 2
Os 1
Os 1
Os 1
Os 1

Information Assurance Vulnerability Management (IAVM)

Date Description
2015-05-21 IAVM : 2015-A-0113 - Multiple Vulnerabilities in Juniper Networks CTPOS
Severity : Category I - VMSKEY : V0060737
2014-07-31 IAVM : 2014-B-0103 - Multiple Vulnerabilities in VMware Horizon View Client
Severity : Category I - VMSKEY : V0053509
2014-07-31 IAVM : 2014-B-0102 - Multiple Vulnerabilities in VMware vCenter Converter Standalone 5.5
Severity : Category I - VMSKEY : V0053507
2014-07-31 IAVM : 2014-B-0101 - Multiple Vulnerabilities in VMware vCenter Converter Standalone 5.1
Severity : Category I - VMSKEY : V0053505
2014-07-31 IAVM : 2014-A-0115 - Multiple Vulnerabilities in VMware Horizon View
Severity : Category I - VMSKEY : V0053501
2014-07-24 IAVM : 2014-B-0097 - Multiple Vulnerabilities in VMware ESXi 5.0
Severity : Category I - VMSKEY : V0053319
2014-07-17 IAVM : 2014-A-0099 - Multiple Vulnerabilities in McAfee Email Gateway
Severity : Category I - VMSKEY : V0053203
2014-07-17 IAVM : 2014-A-0100 - Multiple Vulnerabilities in McAfee VirusScan Enterprise for Linux
Severity : Category I - VMSKEY : V0053201
2014-07-17 IAVM : 2014-A-0109 - Multiple Vulnerabilities in VMware Fusion
Severity : Category I - VMSKEY : V0053183
2014-07-17 IAVM : 2014-A-0110 - Multiple Vulnerabilities in VMware Player
Severity : Category I - VMSKEY : V0053181
2014-07-17 IAVM : 2014-A-0111 - Multiple Vulnerabilities in VMware Workstation
Severity : Category I - VMSKEY : V0053179
2014-07-03 IAVM : 2014-B-0089 - Multiple Vulnerabilities in VMware ESXi 5.1
Severity : Category I - VMSKEY : V0052909
2014-07-03 IAVM : 2014-B-0088 - Multiple Vulnerabilities in VMware ESXi 5.5
Severity : Category I - VMSKEY : V0052911
2014-07-03 IAVM : 2014-B-0091 - Multiple Vulnerabilities in VMware vCenter Update Manager 5.5
Severity : Category I - VMSKEY : V0052907
2014-07-03 IAVM : 2014-B-0085 - Multiple Vulnerabilities in HP System Management Homepage (SMH)
Severity : Category I - VMSKEY : V0052899
2014-07-03 IAVM : 2014-B-0092 - Multiple Vulnerabilities in VMware vSphere Client 5.5
Severity : Category I - VMSKEY : V0052893
2014-06-26 IAVM : 2014-A-0089 - Multiple Vulnerabilities in Juniper Pulse Secure Access Service (IVE)
Severity : Category I - VMSKEY : V0052805
2014-06-19 IAVM : 2014-B-0078 - Multiple Vulnerabilities in Blue Coat ProxySG
Severity : Category I - VMSKEY : V0052639
2014-06-19 IAVM : 2014-A-0087 - Multiple Vulnerabilities in McAfee ePolicy Orchestrator
Severity : Category I - VMSKEY : V0052637
2014-06-19 IAVM : 2014-B-0080 - Multiple Vulnerabilities in Stunnel
Severity : Category I - VMSKEY : V0052627
2014-06-19 IAVM : 2014-B-0077 - Multiple Vulnerabilities in McAfee Web Gateway
Severity : Category I - VMSKEY : V0052625
2014-06-12 IAVM : 2014-A-0083 - Multiple Vulnerabilities in OpenSSL
Severity : Category I - VMSKEY : V0052495
2014-05-01 IAVM : 2014-A-0063 - Multiple Vulnerabilities in McAfee VirusScan Enterprise for Linux
Severity : Category I - VMSKEY : V0050009
2014-05-01 IAVM : 2014-A-0062 - Multiple Vulnerabilities In McAfee Email Gateway
Severity : Category I - VMSKEY : V0050005
2014-01-30 IAVM : 2014-A-0019 - Multiple Vulnerabilities in VMware Fusion
Severity : Category I - VMSKEY : V0043844
2013-11-21 IAVM : 2013-A-0222 - Multiple Vulnerabilties in VMware Workstation
Severity : Category II - VMSKEY : V0042383

Nessus® Vulnerability Scanner

Date Description
2016-03-04 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-294.nasl - Type : ACT_GATHER_INFO
2016-02-26 Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20140605-openssl-iosxe.nasl - Type : ACT_GATHER_INFO
2016-02-26 Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20140605-openssl-nxos.nasl - Type : ACT_GATHER_INFO
2015-12-30 Name : The remote VMware ESXi host is missing a security-related patch.
File : vmware_VMSA-2014-0004_remote.nasl - Type : ACT_GATHER_INFO
2015-12-30 Name : The remote VMware ESXi host is missing a security-related patch.
File : vmware_VMSA-2014-0006_remote.nasl - Type : ACT_GATHER_INFO
2015-11-03 Name : The remote multi-function device is affected by multiple vulnerabilities.
File : xerox_xrx15ao_colorqube.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-0538-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-0539-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0743-1.nasl - Type : ACT_GATHER_INFO
2015-03-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-062.nasl - Type : ACT_GATHER_INFO
2015-03-12 Name : The remote host has software installed that is affected by multiple vulnerabi...
File : ibm_rational_clearquest_8_0_1_3_01.nasl - Type : ACT_GATHER_INFO
2015-03-05 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_6_0_43.nasl - Type : ACT_GATHER_INFO
2015-02-18 Name : The remote application server is affected by multiple vulnerabilities.
File : websphere_8_0_0_10.nasl - Type : ACT_GATHER_INFO
2015-01-22 Name : The remote host has an application installed that is affected by multiple vul...
File : oracle_virtualbox_jan_2015_cpu.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_openssl_20140623.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_openssl_20140731.nasl - Type : ACT_GATHER_INFO
2015-01-13 Name : An access and authorization control management system installed on the remote...
File : tivoli_access_manager_ebiz_6_1_1_10.nasl - Type : ACT_GATHER_INFO
2015-01-02 Name : The remote Fedora host is missing a security update.
File : fedora_2014-17576.nasl - Type : ACT_GATHER_INFO
2015-01-02 Name : The remote Fedora host is missing a security update.
File : fedora_2014-17587.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2014-0032.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0628.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2014-0629.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-349.nasl - Type : ACT_GATHER_INFO
2014-10-10 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15328.nasl - Type : ACT_GATHER_INFO
2014-10-02 Name : The remote host has a virtualization appliance installed that is affected by ...
File : vmware_vsphere_replication_vmsa_2014_0006.nasl - Type : ACT_GATHER_INFO
2014-09-18 Name : The remote host is missing a Mac OS X update that fixes multiple vulnerabilit...
File : macosx_10_9_5.nasl - Type : ACT_GATHER_INFO
2014-09-18 Name : The remote host is missing a Mac OS X update that fixes multiple security iss...
File : macosx_SecUpd2014-004.nasl - Type : ACT_GATHER_INFO
2014-09-11 Name : The remote host is affected by multiple vulnerabilities.
File : emc_documentum_content_server_ESA-2014-079.nasl - Type : ACT_GATHER_INFO
2014-09-02 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_7_0_55.nasl - Type : ACT_GATHER_INFO
2014-09-02 Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_8_0_11.nasl - Type : ACT_GATHER_INFO
2014-08-29 Name : The remote application server may be affected by multiple vulnerabilities.
File : websphere_8_5_5_3.nasl - Type : ACT_GATHER_INFO
2014-08-26 Name : The remote web server has an application installed that is affected by multip...
File : pivotal_webserver_5_4_1.nasl - Type : ACT_GATHER_INFO
2014-08-20 Name : The remote Mac OS X host has an application installed that is affected by mul...
File : macosx_vmware_ovftool_vmsa_2014_0006.nasl - Type : ACT_GATHER_INFO
2014-08-20 Name : The remote Windows host has an application installed that is affected by mult...
File : vmware_ovftool_vmsa_2014-0006.nasl - Type : ACT_GATHER_INFO
2014-08-14 Name : The remote host is affected by a vulnerability that could allow sensitive dat...
File : openssl_ccs_1_0_1.nasl - Type : ACT_ATTACK
2014-08-12 Name : The remote host contains software that is affected by multiple vulnerabilitie...
File : hp_vca_SSRT101614-rhel.nasl - Type : ACT_GATHER_INFO
2014-08-12 Name : The remote host contains software that is affected by multiple vulnerabilitie...
File : hp_vca_SSRT101614-sles.nasl - Type : ACT_GATHER_INFO
2014-08-12 Name : The remote host contains software that is affected by multiple vulnerabilitie...
File : hp_vca_SSRT101614.nasl - Type : ACT_GATHER_INFO
2014-08-10 Name : The remote Fedora host is missing a security update.
File : fedora_2014-9301.nasl - Type : ACT_GATHER_INFO
2014-08-10 Name : The remote Fedora host is missing a security update.
File : fedora_2014-9308.nasl - Type : ACT_GATHER_INFO
2014-08-07 Name : The remote host is missing a vendor-supplied security patch.
File : fireeye_os_SB001.nasl - Type : ACT_GATHER_INFO
2014-08-06 Name : The remote Windows host contains software that is affected by multiple vulner...
File : hp_systems_insight_manager_73_hotfix_34.nasl - Type : ACT_GATHER_INFO
2014-08-05 Name : The FTP server installed on the remote Windows host is affected by multiple O...
File : cerberus_ftp_7_0_0_3.nasl - Type : ACT_GATHER_INFO
2014-08-05 Name : The remote device is missing a vendor-supplied security patch.
File : juniper_jsa10629.nasl - Type : ACT_GATHER_INFO
2014-08-04 Name : The remote host has a support tool installed that is affected by multiple vul...
File : vmware_vcenter_support_assistant_2014-0006.nasl - Type : ACT_GATHER_INFO
2014-08-04 Name : The remote application server is affected by multiple vulnerabilities.
File : websphere_8_0_0_9.nasl - Type : ACT_GATHER_INFO
2014-08-01 Name : The remote Mac OS X host has a virtual desktop solution that is affected by m...
File : macosx_vmware_horizon_view_client_vmsa_2014_0006.nasl - Type : ACT_GATHER_INFO
2014-08-01 Name : The remote host has a virtual desktop solution that is affected by multiple v...
File : vmware_horizon_view_client_vmsa_2014_0006.nasl - Type : ACT_GATHER_INFO
2014-07-31 Name : The remote Windows host has an application installed that is affected by mult...
File : vmware_horizon_view_VMSA-2014-0006.nasl - Type : ACT_GATHER_INFO
2014-07-31 Name : The remote host has an application installed that is affected by multiple vul...
File : vmware_vcenter_converter_2014-0006.nasl - Type : ACT_GATHER_INFO
2014-07-30 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0679.nasl - Type : ACT_GATHER_INFO
2014-07-28 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201407-05.nasl - Type : ACT_GATHER_INFO
2014-07-24 Name : The remote host has an application installed that is affected by multiple Ope...
File : hp_oneview_1_10.nasl - Type : ACT_GATHER_INFO
2014-07-24 Name : The remote host is running software that is affected by multiple vulnerabilit...
File : hp_sum_6_4_1.nasl - Type : ACT_GATHER_INFO
2014-07-24 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0679.nasl - Type : ACT_GATHER_INFO
2014-07-17 Name : The remote host is affected by multiple vulnerabilities related to the includ...
File : mcafee_email_gateway_SB10075.nasl - Type : ACT_GATHER_INFO
2014-07-17 Name : The remote host is affected by multiple vulnerabilities.
File : mcafee_vsel_SB10075.nasl - Type : ACT_GATHER_INFO
2014-07-15 Name : The remote host contains an application that is affected by an information di...
File : libreoffice_423.nasl - Type : ACT_GATHER_INFO
2014-07-15 Name : The remote host contains an application that is affected by an information di...
File : macosx_libreoffice_423.nasl - Type : ACT_GATHER_INFO
2014-07-14 Name : The remote host is affected by multiple vulnerabilities.
File : cisco_anyconnect_3_1_5170.nasl - Type : ACT_GATHER_INFO
2014-07-14 Name : The remote host is affected by multiple vulnerabilities related to OpenSSL.
File : fortinet_FG-IR-14-018.nasl - Type : ACT_GATHER_INFO
2014-07-14 Name : The remote mail server is potentially affected by multiple vulnerabilities.
File : ipswitch_imail_12_4_1_15.nasl - Type : ACT_GATHER_INFO
2014-07-14 Name : The remote host is affected by multiple vulnerabilities.
File : macosx_cisco_anyconnect_3_1_5170.nasl - Type : ACT_GATHER_INFO
2014-07-14 Name : The remote host has a virtualization appliance installed that is affected by ...
File : vmware_vcenter_server_appliance_2014-0006.nasl - Type : ACT_GATHER_INFO
2014-07-10 Name : A VMware product installed on the remote host is affected by multiple vulnera...
File : macosx_fusion_6_0_4.nasl - Type : ACT_GATHER_INFO
2014-07-10 Name : The remote host contains software that is affected by multiple vulnerabilities.
File : vmware_player_linux_6_0_3.nasl - Type : ACT_GATHER_INFO
2014-07-10 Name : The remote host contains software that is affected by multiple vulnerabilities.
File : vmware_player_multiple_vmsa_2014-0006.nasl - Type : ACT_GATHER_INFO
2014-07-10 Name : The remote host has a virtualization management application installed that is...
File : vmware_vcenter_vmsa-2014-0006.nasl - Type : ACT_GATHER_INFO
2014-07-10 Name : The remote host has a virtualization application that is affected by multiple...
File : vmware_workstation_linux_10_0_3.nasl - Type : ACT_GATHER_INFO
2014-07-10 Name : The remote host has a virtualization application that is affected by multiple...
File : vmware_workstation_multiple_vmsa_2014_0006.nasl - Type : ACT_GATHER_INFO
2014-07-09 Name : The remote Windows host has an application installed that is affected by mult...
File : vmware_vcenter_chargeback_manager_2601.nasl - Type : ACT_GATHER_INFO
2014-07-07 Name : The remote Windows host has an application installed that is affected by mult...
File : hp_version_control_repo_manager_hpsbmu03056.nasl - Type : ACT_GATHER_INFO
2014-07-04 Name : The remote VMware ESXi 5.0 host is affected by multiple security vulnerabilit...
File : vmware_esxi_5_0_build_1918656_remote.nasl - Type : ACT_GATHER_INFO
2014-07-03 Name : The remote host has a virtualization appliance installed that is affected by ...
File : vmware_vcenter_operations_manager_vmsa_2014-0006.nasl - Type : ACT_GATHER_INFO
2014-07-03 Name : The remote host has an update manager installed that is affected by multiple ...
File : vmware_vcenter_update_mgr_vmsa-2014-0006.nasl - Type : ACT_GATHER_INFO
2014-07-03 Name : The remote host has a virtualization client application installed that is aff...
File : vsphere_client_vmsa_2014-0006.nasl - Type : ACT_GATHER_INFO
2014-07-02 Name : The remote web server is affected by multiple vulnerabilities.
File : hpsmh_7_3_3_1.nasl - Type : ACT_GATHER_INFO
2014-06-24 Name : The remote VMware ESXi 5.1 host is affected by multiple vulnerabilities.
File : vmware_esxi_5_1_build_1900470_remote.nasl - Type : ACT_GATHER_INFO
2014-06-20 Name : The remote device is potentially affected by multiple vulnerabilities.
File : bluecoat_proxy_sg_6_5_4_4.nasl - Type : ACT_GATHER_INFO
2014-06-20 Name : The remote Windows host has an application that may be affected by multiple v...
File : winscp_5_5_4.nasl - Type : ACT_GATHER_INFO
2014-06-19 Name : The remote host is affected by multiple vulnerabilities.
File : mcafee_epo_sb10075.nasl - Type : ACT_GATHER_INFO
2014-06-19 Name : The remote host is affected by multiple vulnerabilities.
File : mcafee_web_gateway_sb10075.nasl - Type : ACT_GATHER_INFO
2014-06-18 Name : The remote host is affected by multiple vulnerabilities.
File : cisco_jabber_client_CSCup23913.nasl - Type : ACT_GATHER_INFO
2014-06-18 Name : The remote host is affected by multiple vulnerabilities.
File : cisco_ons_CSCup24077.nasl - Type : ACT_GATHER_INFO
2014-06-18 Name : The remote host is affected by multiple vulnerabilities.
File : cisco_telepresence_mcu_CSCup23994.nasl - Type : ACT_GATHER_INFO
2014-06-18 Name : The remote device is missing a vendor-supplied security patch.
File : junos_pulse_jsa10629.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-269.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-325.nasl - Type : ACT_GATHER_INFO
2014-06-11 Name : The remote AIX host has a vulnerable version of OpenSSL.
File : aix_openssl_advisory8.nasl - Type : ACT_GATHER_INFO
2014-06-11 Name : The remote VMware ESXi host is missing one or more security-related patches.
File : vmware_VMSA-2014-0006.nasl - Type : ACT_GATHER_INFO
2014-06-11 Name : The remote VMware ESXi 5.5 host is affected by multiple vulnerabilities.
File : vmware_esxi_5_5_build_1881737_remote.nasl - Type : ACT_GATHER_INFO
2014-06-10 Name : The remote Windows host contains a program that is affected by multiple vulne...
File : stunnel_5_02.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2014-156-03.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0625.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote Fedora host is missing a security update.
File : fedora_2014-7101.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote Fedora host is missing a security update.
File : fedora_2014-7102.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote service is affected by multiple vulnerabilities.
File : openssl_0_9_8za.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote service is affected by multiple vulnerabilities.
File : openssl_1_0_1h.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0625.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0625.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140605_openssl_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-06-05 Name : The remote host is potentially affected by a vulnerability that could allow s...
File : openssl_ccs.nasl - Type : ACT_ATTACK
2014-06-03 Name : The remote Windows host has a library installed that is affected by multiple ...
File : ibm_gskit_8_0_50_20.nasl - Type : ACT_GATHER_INFO
2014-06-03 Name : The remote Linux host has a library installed that is affected by multiple vu...
File : ibm_gskit_8_0_50_20_linux.nasl - Type : ACT_GATHER_INFO
2014-05-20 Name : A clustered file system on the remote host is affected by multiple vulnerabil...
File : ibm_gpfs_isg3T1020683.nasl - Type : ACT_GATHER_INFO
2014-05-19 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-090.nasl - Type : ACT_GATHER_INFO
2014-05-08 Name : The remote VMware ESXi 5.5 host is potentially affected by multiple vulnerabi...
File : vmware_esxi_5_5_build_1746974_remote.nasl - Type : ACT_GATHER_INFO
2014-05-06 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2192-1.nasl - Type : ACT_GATHER_INFO
2014-05-06 Name : The remote host has a device management application installed that is affecte...
File : vmware_horizon_workspace_vmsa2014-0004.nasl - Type : ACT_GATHER_INFO
2014-05-03 Name : The remote VMware ESXi host is missing one or more security-related patches.
File : vmware_VMSA-2014-0004.nasl - Type : ACT_GATHER_INFO
2014-04-23 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_0b8d7194ca8811e39d8dc80aa9043978.nasl - Type : ACT_GATHER_INFO
2014-04-21 Name : The remote host has a virtualization application that is affected by multiple...
File : macosx_fusion_6_0_3.nasl - Type : ACT_GATHER_INFO
2014-04-21 Name : The remote host contains software that is affected by multiple vulnerabilities.
File : vmware_player_linux_6_0_2.nasl - Type : ACT_GATHER_INFO
2014-04-21 Name : The remote host contains software that is affected by multiple vulnerabilities.
File : vmware_player_multiple_vmsa_2014-0004.nasl - Type : ACT_GATHER_INFO
2014-04-21 Name : The remote host has a virtualization application that is affected by multiple...
File : vmware_workstation_linux_10_0_2.nasl - Type : ACT_GATHER_INFO
2014-04-21 Name : The remote host has a virtualization application that is affected by multiple...
File : vmware_workstation_multiple_vmsa_2014_0004.nasl - Type : ACT_GATHER_INFO
2014-04-18 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2908.nasl - Type : ACT_GATHER_INFO
2014-04-17 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libopenssl-devel-140327.nasl - Type : ACT_GATHER_INFO
2014-04-14 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_7ccd4defc1be11e39d09000c2980a9f3.nasl - Type : ACT_GATHER_INFO
2014-04-10 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-067.nasl - Type : ACT_GATHER_INFO
2014-04-08 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2014-098-01.nasl - Type : ACT_GATHER_INFO
2014-04-08 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201404-07.nasl - Type : ACT_GATHER_INFO
2014-04-08 Name : The remote service is affected by multiple vulnerabilities.
File : openssl_1_0_0m.nasl - Type : ACT_GATHER_INFO
2014-04-08 Name : The remote service may be affected by multiple vulnerabilities.
File : openssl_1_0_1g.nasl - Type : ACT_GATHER_INFO
2014-04-08 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2165-1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2016-07-08 21:25:39
  • Multiple Updates
2014-04-19 13:23:05
  • Multiple Updates
2014-04-18 05:24:01
  • First insertion