Executive Summary

Summary
TitleOpenSSL: Multiple vulnerabilities
Informations
NameGLSA-201407-05First vendor Publication2014-07-27
VendorGentooLast vendor Modification2014-07-27
Severity (Vendor) HighRevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score6.8Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been found in OpenSSL, possibly allowing remote attackers to execute arbitrary code.

Background

OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer
(SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library.

Description

Multiple vulnerabilities have been discovered in OpenSSL. Please review the OpenSSL Security Advisory [05 Jun 2014] and the CVE identifiers referenced below for details.

Impact

A remote attacker could send specially crafted DTLS fragments to an OpenSSL DTLS client or server to possibly execute arbitrary code with the privileges of the process using OpenSSL.

Furthermore, an attacker could force the use of weak keying material in OpenSSL SSL/TLS clients and servers, inject data across sessions, or cause a Denial of Service via various vectors.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1h-r1"

References

[ 1 ] CVE-2010-5298 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5298
[ 2 ] CVE-2014-0195 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0195
[ 3 ] CVE-2014-0198 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0198
[ 4 ] CVE-2014-0221 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0221
[ 5 ] CVE-2014-0224 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0224
[ 6 ] CVE-2014-3470 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3470
[ 7 ] OpenSSL Security Advisory [05 Jun 2014]
http://www.openssl.org/news/secadv_20140605.txt

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201407-05.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201407-05.xml

CWE : Common Weakness Enumeration

%idName
40 %CWE-310Cryptographic Issues
20 %CWE-399Resource Management Errors
20 %CWE-362Race Condition
20 %CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:24772
 
Oval ID: oval:org.mitre.oval:def:24772
Title: RHSA-2014:0624: openssl security update (Important)
Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433 Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
Family: unix Class: patch
Reference(s): RHSA-2014:0624-00
CESA-2014:0624
CVE-2014-0224
Version: 3
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24049
 
Oval ID: oval:org.mitre.oval:def:24049
Title: RHSA-2014:0626: openssl097a and openssl098e security update (Important)
Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433 Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
Family: unix Class: patch
Reference(s): RHSA-2014:0626-00
CESA-2014:0626
CVE-2014-0224
Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
Product(s): openssl097a
openssl098e
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24955
 
Oval ID: oval:org.mitre.oval:def:24955
Title: Vulnerability in OpenSSL 0.9.8 - 0.9.8za, 1.0.0 - 1.0.0m and 1.0.1 - 1.0.1h, allows remote attackers to cause a denial of service
Description: OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0224
Version: 7
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): OpenSSL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24771
 
Oval ID: oval:org.mitre.oval:def:24771
Title: AIX OpenSSL SSL/TLS Man In The Middle (MITM) vulnerability
Description: OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0224
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24492
 
Oval ID: oval:org.mitre.oval:def:24492
Title: Remote Unauthorized Access or Disclosure of Information
Description: OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0224
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25106
 
Oval ID: oval:org.mitre.oval:def:25106
Title: ELSA-2014:0626: openssl097a and openssl098e security update (Important)
Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433 Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
Family: unix Class: patch
Reference(s): ELSA-2014:0626-00
CVE-2014-0224
Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): openssl097a
openssl098e
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25095
 
Oval ID: oval:org.mitre.oval:def:25095
Title: ELSA-2014:0624: openssl security update (Important)
Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433 Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
Family: unix Class: patch
Reference(s): ELSA-2014:0624-00
CVE-2014-0224
Version: 4
Platform(s): Oracle Linux 5
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25010
 
Oval ID: oval:org.mitre.oval:def:25010
Title: RHSA-2014:0680: openssl098e security update (Important)
Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433 Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
Family: unix Class: patch
Reference(s): RHSA-2014:0680-00
CVE-2014-0224
Version: 4
Platform(s): Red Hat Enterprise Linux 7
CentOS Linux 7
Product(s): openssl098e
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27130
 
Oval ID: oval:org.mitre.oval:def:27130
Title: DEPRECATED: ELSA-2014-0626 -- openssl097a and openssl098e security update (important)
Description: [0.9.8e-18.0.1.el6_5.2] - Updated the description [0.9.8e-18.2] - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability [0.9.8e-18] - fix for CVE-2012-2110 - memory corruption in asn1_d2i_read_bio() (#814185)
Family: unix Class: patch
Reference(s): ELSA-2014-0626
CVE-2014-0224
Version: 4
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): openssl097a
openssl098e
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27106
 
Oval ID: oval:org.mitre.oval:def:27106
Title: DEPRECATED: ELSA-2014-0624 -- openssl security update (important)
Description: [0.9.8e-27.3] - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability [0.9.8e-27.1] - replace expired GlobalSign Root CA certificate in ca-bundle.crt
Family: unix Class: patch
Reference(s): ELSA-2014-0624
CVE-2014-0224
Version: 4
Platform(s): Oracle Linux 5
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27080
 
Oval ID: oval:org.mitre.oval:def:27080
Title: ELSA-2014-0680 -- openssl098e security update (important)
Description: [0.9.8e-29.2] - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability
Family: unix Class: patch
Reference(s): ELSA-2014-0680
CVE-2014-0224
Version: 3
Platform(s): Oracle Linux 7
Product(s): openssl098e
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24892
 
Oval ID: oval:org.mitre.oval:def:24892
Title: RHSA-2014:0625: openssl security update (Important)
Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433 A buffer overflow flaw was found in the way OpenSSL handled invalid DTLS packet fragments. A remote attacker could possibly use this flaw to execute arbitrary code on a DTLS client or server. (CVE-2014-0195) Multiple flaws were found in the way OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or server using OpenSSL could crash or unexpectedly drop connections when processing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198) A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash. (CVE-2014-0221) A NULL pointer dereference flaw was found in the way OpenSSL performed anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially crafted handshake packet could cause a TLS/SSL client that has the anonymous ECDH cipher suite enabled to crash. (CVE-2014-3470) Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of CVE-2014-0224, Jüri Aedla as the original reporter of CVE-2014-0195, Imre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix Gröbert and Ivan Fratrić of Google as the original reporters of CVE-2014-3470. All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
Family: unix Class: patch
Reference(s): RHSA-2014:0625-00
CESA-2014:0625
CVE-2010-5298
CVE-2014-0195
CVE-2014-0198
CVE-2014-0221
CVE-2014-0224
CVE-2014-3470
Version: 3
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24448
 
Oval ID: oval:org.mitre.oval:def:24448
Title: USN-2232-1 -- openssl vulnerabilities
Description: Several security issues were fixed in OpenSSL.
Family: unix Class: patch
Reference(s): USN-2232-1
CVE-2014-0195
CVE-2014-0221
CVE-2014-0224
CVE-2014-3470
Version: 3
Platform(s): Ubuntu 14.04
Ubuntu 13.10
Ubuntu 12.04
Ubuntu 10.04
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25039
 
Oval ID: oval:org.mitre.oval:def:25039
Title: Vulnerability in OpenSSL 0.9.8 - 0.9.8za, 1.0.0 - 1.0.0m and 1.0.1 - 1.0.1h, allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information
Description: The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.
Family: windows Class: vulnerability
Reference(s): CVE-2014-3470
Version: 5
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): OpenSSL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24780
 
Oval ID: oval:org.mitre.oval:def:24780
Title: AIX OpenSSL Anonymous ECDH denial of service
Description: The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.
Family: unix Class: vulnerability
Reference(s): CVE-2014-3470
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25085
 
Oval ID: oval:org.mitre.oval:def:25085
Title: Remote Code Execution or Unauthorized Accesss
Description: The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.
Family: unix Class: vulnerability
Reference(s): CVE-2014-3470
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25082
 
Oval ID: oval:org.mitre.oval:def:25082
Title: USN-2232-2 -- openssl regression
Description: USN-2232-1 introduced a regression in OpenSSL.
Family: unix Class: patch
Reference(s): USN-2232-2
CVE-2014-0224
CVE-2014-0195
CVE-2014-0221
CVE-2014-3470
Version: 3
Platform(s): Ubuntu 14.04
Ubuntu 13.10
Ubuntu 12.04
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24628
 
Oval ID: oval:org.mitre.oval:def:24628
Title: USN-2232-3 -- openssl regression
Description: USN-2232-1 introduced a regression in OpenSSL.
Family: unix Class: patch
Reference(s): USN-2232-3
CVE-2014-0224
CVE-2014-0195
CVE-2014-0221
CVE-2014-3470
Version: 3
Platform(s): Ubuntu 14.04
Ubuntu 13.10
Ubuntu 12.04
Ubuntu 10.04
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25171
 
Oval ID: oval:org.mitre.oval:def:25171
Title: ELSA-2014:0625: openssl security update (Important)
Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433 A buffer overflow flaw was found in the way OpenSSL handled invalid DTLS packet fragments. A remote attacker could possibly use this flaw to execute arbitrary code on a DTLS client or server. (CVE-2014-0195) Multiple flaws were found in the way OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or server using OpenSSL could crash or unexpectedly drop connections when processing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198) A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash. (CVE-2014-0221) A NULL pointer dereference flaw was found in the way OpenSSL performed anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially crafted handshake packet could cause a TLS/SSL client that has the anonymous ECDH cipher suite enabled to crash. (CVE-2014-3470) Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of CVE-2014-0224, Juri Aedla as the original reporter of CVE-2014-0195, Imre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix Grobert and Ivan Fratric of Google as the original reporters of CVE-2014-3470. All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
Family: unix Class: patch
Reference(s): ELSA-2014:0625-00
CVE-2010-5298
CVE-2014-0195
CVE-2014-0198
CVE-2014-0221
CVE-2014-0224
CVE-2014-3470
Version: 4
Platform(s): Oracle Linux 6
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25318
 
Oval ID: oval:org.mitre.oval:def:25318
Title: SUSE-SU-2014:0759-2 -- Security update for OpenSSL
Description: OpenSSL was updated to fix the following security vulnerabilities: * SSL/TLS MITM vulnerability. (CVE-2014-0224) * DTLS recursion flaw. (CVE-2014-0221) * Anonymous ECDH denial of service. (CVE-2014-3470)
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0759-2
CVE-2014-0224
CVE-2014-0221
CVE-2014-3470
Version: 3
Platform(s): SUSE Linux Enterprise Server 10
Product(s): OpenSSL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25291
 
Oval ID: oval:org.mitre.oval:def:25291
Title: SUSE-SU-2014:0759-1 -- Security update for OpenSSL
Description: OpenSSL was updated to fix several vulnerabilities: * SSL/TLS MITM vulnerability. (CVE-2014-0224) * DTLS recursion flaw. (CVE-2014-0221) * Anonymous ECDH denial of service. (CVE-2014-3470)
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0759-1
CVE-2014-0224
CVE-2014-0221
CVE-2014-3470
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): OpenSSL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25014
 
Oval ID: oval:org.mitre.oval:def:25014
Title: RHSA-2014:0679: openssl security update (Important)
Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433 A buffer overflow flaw was found in the way OpenSSL handled invalid DTLS packet fragments. A remote attacker could possibly use this flaw to execute arbitrary code on a DTLS client or server. (CVE-2014-0195) Multiple flaws were found in the way OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or server using OpenSSL could crash or unexpectedly drop connections when processing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198) A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash. (CVE-2014-0221) A NULL pointer dereference flaw was found in the way OpenSSL performed anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially crafted handshake packet could cause a TLS/SSL client that has the anonymous ECDH cipher suite enabled to crash. (CVE-2014-3470) Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of CVE-2014-0224, Jüri Aedla as the original reporter of CVE-2014-0195, Imre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix Gröbert and Ivan Fratrić of Google as the original reporters of CVE-2014-3470. All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
Family: unix Class: patch
Reference(s): RHSA-2014:0679-00
CVE-2010-5298
CVE-2014-0195
CVE-2014-0198
CVE-2014-0221
CVE-2014-0224
CVE-2014-3470
Version: 4
Platform(s): Red Hat Enterprise Linux 7
CentOS Linux 7
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25803
 
Oval ID: oval:org.mitre.oval:def:25803
Title: USN-2232-4 -- openssl vulnerabilities
Description: USN-2232-1 introduced a regression in OpenSSL.
Family: unix Class: patch
Reference(s): USN-2232-4
CVE-2014-0195
CVE-2014-0221
CVE-2014-0224
CVE-2014-3470
Version: 3
Platform(s): Ubuntu 10.04
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27151
 
Oval ID: oval:org.mitre.oval:def:27151
Title: DEPRECATED: ELSA-2014-0625 -- openssl security update (important)
Description: [1.0.1e-16.14] - fix CVE-2010-5298 - possible use of memory after free - fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment - fix CVE-2014-0198 - possible NULL pointer dereference - fix CVE-2014-0221 - DoS from invalid DTLS handshake packet - fix CVE-2014-0224 - SSL/TLS MITM vulnerability - fix CVE-2014-3470 - client-side DoS when using anonymous ECDH
Family: unix Class: patch
Reference(s): ELSA-2014-0625
CVE-2010-5298
CVE-2014-0195
CVE-2014-0198
CVE-2014-0221
CVE-2014-0224
CVE-2014-3470
Version: 4
Platform(s): Oracle Linux 6
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27123
 
Oval ID: oval:org.mitre.oval:def:27123
Title: ELSA-2014-0679 -- openssl security update (important)
Description: [1.0.1e-34.3] - fix CVE-2010-5298 - possible use of memory after free - fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment - fix CVE-2014-0198 - possible NULL pointer dereference - fix CVE-2014-0221 - DoS from invalid DTLS handshake packet - fix CVE-2014-0224 - SSL/TLS MITM vulnerability - fix CVE-2014-3470 - client-side DoS when using anonymous ECDH
Family: unix Class: patch
Reference(s): ELSA-2014-0679
CVE-2010-5298
CVE-2014-0195
CVE-2014-0198
CVE-2014-0221
CVE-2014-0224
CVE-2014-3470
Version: 5
Platform(s): Oracle Linux 7
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29338
 
Oval ID: oval:org.mitre.oval:def:29338
Title: DSA-2950-2 -- openssl -- security update
Description: Multiple vulnerabilities have been discovered in OpenSSL.
Family: unix Class: patch
Reference(s): DSA-2950-2
CVE-2014-0195
CVE-2014-0221
CVE-2014-0224
CVE-2014-3470
Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24397
 
Oval ID: oval:org.mitre.oval:def:24397
Title: Vulnerability in OpenSSL through 1.0.1g, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error)
Description: Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.
Family: windows Class: vulnerability
Reference(s): CVE-2010-5298
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): OpenSSL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24638
 
Oval ID: oval:org.mitre.oval:def:24638
Title: Race condition in the ssl3_read_bytes function in s3_pkt.c in
Description: Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.
Family: unix Class: vulnerability
Reference(s): CVE-2010-5298
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24301
 
Oval ID: oval:org.mitre.oval:def:24301
Title: Vulnerability in OpenSSL 0.9.8 - 0.9.8za, 1.0.0 - 1.0.0m and 1.0.1 - 1.0.1h, allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash)
Description: The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0195
Version: 4
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): OpenSSL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24135
 
Oval ID: oval:org.mitre.oval:def:24135
Title: AIX OpenSSL DTLS invalid fragment vulnerability
Description: The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0195
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24593
 
Oval ID: oval:org.mitre.oval:def:24593
Title: Remote Unauthorized Access
Description: The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0195
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24737
 
Oval ID: oval:org.mitre.oval:def:24737
Title: USN-2192-1 -- openssl vulnerabilities
Description: OpenSSL could be made to crash if it received specially crafted network traffic.
Family: unix Class: patch
Reference(s): USN-2192-1
CVE-2010-5298
CVE-2014-0198
Version: 4
Platform(s): Ubuntu 14.04
Ubuntu 13.10
Ubuntu 12.10
Ubuntu 12.04
Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25058
 
Oval ID: oval:org.mitre.oval:def:25058
Title: Vulnerability in OpenSSL 1.x through 1.0.1g allows remote attackers to cause a denial of service
Description: The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0198
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): OpenSSL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25035
 
Oval ID: oval:org.mitre.oval:def:25035
Title: AIX OpenSSL SSL_MODE_RELEASE_BUFFERS NULL pointer dereference
Description: The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0198
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24603
 
Oval ID: oval:org.mitre.oval:def:24603
Title: Vulnerability in OpenSSL 0.9.8 - 0.9.8za, 1.0.0 - 1.0.0m and 1.0.1 - 1.0.1h, allows remote attackers to cause a denial of service (recursion and client crash)
Description: The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.
Family: windows Class: vulnerability
Reference(s): CVE-2014-0221
Version: 4
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): OpenSSL
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24977
 
Oval ID: oval:org.mitre.oval:def:24977
Title: AIX OpenSSL DTLS recursion flaw
Description: The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0221
Version: 4
Platform(s): IBM AIX 6.1
IBM AIX 7.1
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24994
 
Oval ID: oval:org.mitre.oval:def:24994
Title: Remote Denial of Service (DoS)
Description: The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0221
Version: 8
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application246
Application2
Application1
Application1
Application1
Os1
Os2
Os3

Information Assurance Vulnerability Management (IAVM)

DateDescription
2015-05-21IAVM : 2015-A-0113 - Multiple Vulnerabilities in Juniper Networks CTPOS
Severity : Category I - VMSKEY : V0060737
2014-11-13IAVM : 2014-A-0172 - Multiple Vulnerabilities in Red Hat JBoss Enterprise Application Platform
Severity : Category I - VMSKEY : V0057381
2014-07-31IAVM : 2014-A-0115 - Multiple Vulnerabilities in VMware Horizon View
Severity : Category I - VMSKEY : V0053501
2014-07-31IAVM : 2014-B-0101 - Multiple Vulnerabilities in VMware vCenter Converter Standalone 5.1
Severity : Category I - VMSKEY : V0053505
2014-07-31IAVM : 2014-B-0102 - Multiple Vulnerabilities in VMware vCenter Converter Standalone 5.5
Severity : Category I - VMSKEY : V0053507
2014-07-31IAVM : 2014-B-0103 - Multiple Vulnerabilities in VMware Horizon View Client
Severity : Category I - VMSKEY : V0053509
2014-07-24IAVM : 2014-B-0097 - Multiple Vulnerabilities in VMware ESXi 5.0
Severity : Category I - VMSKEY : V0053319
2014-07-17IAVM : 2014-B-0095 - Multiple Vulnerabilities in Splunk
Severity : Category I - VMSKEY : V0053177
2014-07-17IAVM : 2014-A-0111 - Multiple Vulnerabilities in VMware Workstation
Severity : Category I - VMSKEY : V0053179
2014-07-17IAVM : 2014-A-0110 - Multiple Vulnerabilities in VMware Player
Severity : Category I - VMSKEY : V0053181
2014-07-17IAVM : 2014-A-0109 - Multiple Vulnerabilities in VMware Fusion
Severity : Category I - VMSKEY : V0053183
2014-07-17IAVM : 2014-A-0103 - Multiple Vulnerabilities in Oracle E-Business
Severity : Category I - VMSKEY : V0053195
2014-07-17IAVM : 2014-A-0100 - Multiple Vulnerabilities in McAfee VirusScan Enterprise for Linux
Severity : Category I - VMSKEY : V0053201
2014-07-17IAVM : 2014-A-0099 - Multiple Vulnerabilities in McAfee Email Gateway
Severity : Category I - VMSKEY : V0053203
2014-07-03IAVM : 2014-B-0092 - Multiple Vulnerabilities in VMware vSphere Client 5.5
Severity : Category I - VMSKEY : V0052893
2014-07-03IAVM : 2014-B-0085 - Multiple Vulnerabilities in HP System Management Homepage (SMH)
Severity : Category I - VMSKEY : V0052899
2014-07-03IAVM : 2014-B-0084 - HP Onboard Administrator Information Disclosure Vulnerability
Severity : Category I - VMSKEY : V0052901
2014-07-03IAVM : 2014-B-0091 - Multiple Vulnerabilities in VMware vCenter Update Manager 5.5
Severity : Category I - VMSKEY : V0052907
2014-07-03IAVM : 2014-B-0089 - Multiple Vulnerabilities in VMware ESXi 5.1
Severity : Category I - VMSKEY : V0052909
2014-07-03IAVM : 2014-B-0088 - Multiple Vulnerabilities in VMware ESXi 5.5
Severity : Category I - VMSKEY : V0052911
2014-06-26IAVM : 2014-A-0089 - Multiple Vulnerabilities in Juniper Pulse Secure Access Service (IVE)
Severity : Category I - VMSKEY : V0052805
2014-06-19IAVM : 2014-B-0077 - Multiple Vulnerabilities in McAfee Web Gateway
Severity : Category I - VMSKEY : V0052625
2014-06-19IAVM : 2014-B-0080 - Multiple Vulnerabilities in Stunnel
Severity : Category I - VMSKEY : V0052627
2014-06-19IAVM : 2014-A-0087 - Multiple Vulnerabilities in McAfee ePolicy Orchestrator
Severity : Category I - VMSKEY : V0052637
2014-06-19IAVM : 2014-B-0078 - Multiple Vulnerabilities in Blue Coat ProxySG
Severity : Category I - VMSKEY : V0052639
2014-06-19IAVM : 2014-B-0079 - Multiple Vulnerabilities in IBM AIX
Severity : Category I - VMSKEY : V0052641
2014-06-12IAVM : 2014-A-0083 - Multiple Vulnerabilities in OpenSSL
Severity : Category I - VMSKEY : V0052495
2014-05-01IAVM : 2014-A-0063 - Multiple Vulnerabilities in McAfee VirusScan Enterprise for Linux
Severity : Category I - VMSKEY : V0050009

Snort® IPS/IDS

DateDescription
2014-11-16OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt
RuleID : 31484 - Revision : 2 - Type : SERVER-OTHER
2014-11-16OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt
RuleID : 31483 - Revision : 2 - Type : SERVER-OTHER
2014-11-16OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt
RuleID : 31482 - Revision : 2 - Type : SERVER-OTHER
2014-11-16OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt
RuleID : 31481 - Revision : 2 - Type : SERVER-OTHER
2014-11-16OpenSSL TLSv1.2 ChangeCipherSpec man-in-the-middle exploitation attempt
RuleID : 31480 - Revision : 3 - Type : SERVER-OTHER
2014-11-16OpenSSL TLSv1.1 ChangeCipherSpec man-in-the-middle exploitation attempt
RuleID : 31479 - Revision : 3 - Type : SERVER-OTHER
2014-11-16OpenSSL TLSv1.0 ChangeCipherSpec man-in-the-middle exploitation attempt
RuleID : 31478 - Revision : 3 - Type : SERVER-OTHER
2014-11-16OpenSSL SSL ChangeCipherSpec man-in-the-middle exploitation attempt
RuleID : 31477 - Revision : 3 - Type : SERVER-OTHER
2014-11-16OpenSSL DTLSv1.0 handshake fragment buffer overrun attempt
RuleID : 31361 - Revision : 2 - Type : SERVER-OTHER
2014-11-16OpenSSL DTLSv1.0 handshake fragment buffer overrun attempt
RuleID : 31182 - Revision : 2 - Type : SERVER-OTHER
2014-07-05OpenSSL DTLS handshake recursion denial of service attempt
RuleID : 31181 - Revision : 8 - Type : SERVER-OTHER
2014-07-05OpenSSL DTLS handshake recursion denial of service attempt
RuleID : 31180 - Revision : 7 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

DateDescription
2016-03-04Name : The remote openSUSE host is missing a security update.
File : openSUSE-2016-294.nasl - Type : ACT_GATHER_INFO
2016-02-26Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20140605-openssl-ios.nasl - Type : ACT_GATHER_INFO
2016-02-26Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20140605-openssl-iosxe.nasl - Type : ACT_GATHER_INFO
2016-02-26Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20140605-openssl-iosxr.nasl - Type : ACT_GATHER_INFO
2016-02-26Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20140605-openssl-nxos.nasl - Type : ACT_GATHER_INFO
2015-12-30Name : The remote VMware ESXi host is missing a security-related patch.
File : vmware_VMSA-2014-0006_remote.nasl - Type : ACT_GATHER_INFO
2015-11-03Name : The remote multi-function device is affected by multiple vulnerabilities.
File : xerox_xrx15ao_colorqube.nasl - Type : ACT_GATHER_INFO
2015-05-20Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0743-1.nasl - Type : ACT_GATHER_INFO
2015-03-30Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libmysql55client18-150302.nasl - Type : ACT_GATHER_INFO
2015-03-30Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-062.nasl - Type : ACT_GATHER_INFO
2015-03-05Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_6_0_43.nasl - Type : ACT_GATHER_INFO
2015-02-09Name : The remote openSUSE host is missing a security update.
File : openSUSE-2015-116.nasl - Type : ACT_GATHER_INFO
2015-01-22Name : The remote host has an application installed that is affected by multiple vul...
File : oracle_virtualbox_jan_2015_cpu.nasl - Type : ACT_GATHER_INFO
2015-01-19Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_openssl_20140623.nasl - Type : ACT_GATHER_INFO
2015-01-19Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_openssl_20141014.nasl - Type : ACT_GATHER_INFO
2015-01-19Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_wanboot_20141014.nasl - Type : ACT_GATHER_INFO
2015-01-02Name : The remote Fedora host is missing a security update.
File : fedora_2014-17576.nasl - Type : ACT_GATHER_INFO
2015-01-02Name : The remote Fedora host is missing a security update.
File : fedora_2014-17587.nasl - Type : ACT_GATHER_INFO
2014-12-22Name : The remote device is affected by multiple vulnerabilities.
File : juniper_space_jsa10659.nasl - Type : ACT_GATHER_INFO
2014-12-05Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_compat-openssl097g-141202.nasl - Type : ACT_GATHER_INFO
2014-11-26Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2014-0007.nasl - Type : ACT_GATHER_INFO
2014-11-26Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2014-0008.nasl - Type : ACT_GATHER_INFO
2014-11-26Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2014-0032.nasl - Type : ACT_GATHER_INFO
2014-11-26Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2014-0039.nasl - Type : ACT_GATHER_INFO
2014-11-26Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2014-0040.nasl - Type : ACT_GATHER_INFO
2014-11-19Name : The remote host is affected by a security bypass vulnerability.
File : ibm_tem_9_1_1117_0.nasl - Type : ACT_GATHER_INFO
2014-11-08Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0627.nasl - Type : ACT_GATHER_INFO
2014-11-08Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0628.nasl - Type : ACT_GATHER_INFO
2014-11-08Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2014-0629.nasl - Type : ACT_GATHER_INFO
2014-10-21Name : The remote host is affected by multiple vulnerabilities.
File : oracle_eids_cpu_oct_2014.nasl - Type : ACT_GATHER_INFO
2014-10-20Name : The remote host is affected by a man-in-the-middle vulnerability.
File : palo_alto_PAN-SA-2014-0003.nasl - Type : ACT_GATHER_INFO
2014-10-12Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-349.nasl - Type : ACT_GATHER_INFO
2014-10-12Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-350.nasl - Type : ACT_GATHER_INFO
2014-10-12Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-351.nasl - Type : ACT_GATHER_INFO
2014-10-10Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15325.nasl - Type : ACT_GATHER_INFO
2014-10-10Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15328.nasl - Type : ACT_GATHER_INFO
2014-10-10Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15329.nasl - Type : ACT_GATHER_INFO
2014-10-10Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15343.nasl - Type : ACT_GATHER_INFO
2014-10-10Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15356.nasl - Type : ACT_GATHER_INFO
2014-10-09Name : The remote printer is affected by a security bypass vulnerability.
File : hp_laserjet_hpsbpi03107.nasl - Type : ACT_GATHER_INFO
2014-10-09Name : The remote HP OfficeJet printer is affected by a security bypass vulnerability.
File : hp_officejet_hpsbpi03107.nasl - Type : ACT_GATHER_INFO
2014-10-02Name : The remote host has a virtualization appliance installed that is affected by ...
File : vmware_vsphere_replication_vmsa_2014_0006.nasl - Type : ACT_GATHER_INFO
2014-09-18Name : The remote host is missing a Mac OS X update that fixes multiple vulnerabilit...
File : macosx_10_9_5.nasl - Type : ACT_GATHER_INFO
2014-09-18Name : The remote host is missing a Mac OS X update that fixes multiple security iss...
File : macosx_SecUpd2014-004.nasl - Type : ACT_GATHER_INFO
2014-09-12Name : The remote database server is affected by multiple vulnerabilities.
File : mysql_5_6_20.nasl - Type : ACT_GATHER_INFO
2014-09-11Name : The remote host is affected by multiple vulnerabilities.
File : emc_documentum_content_server_ESA-2014-079.nasl - Type : ACT_GATHER_INFO
2014-09-02Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_7_0_55.nasl - Type : ACT_GATHER_INFO
2014-09-02Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_8_0_11.nasl - Type : ACT_GATHER_INFO
2014-08-26Name : The remote web server has an application installed that is affected by multip...
File : pivotal_webserver_5_4_1.nasl - Type : ACT_GATHER_INFO
2014-08-20Name : The remote Mac OS X host has an application installed that is affected by mul...
File : macosx_vmware_ovftool_vmsa_2014_0006.nasl - Type : ACT_GATHER_INFO
2014-08-20Name : The remote Windows host has an application installed that is affected by mult...
File : vmware_ovftool_vmsa_2014-0006.nasl - Type : ACT_GATHER_INFO
2014-08-20Name : A web application on the remote host is affected by multiple vulnerabilities.
File : puppet_enterprise_330.nasl - Type : ACT_GATHER_INFO
2014-08-19Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2232-4.nasl - Type : ACT_GATHER_INFO
2014-08-15Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140813_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-08-14Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1053.nasl - Type : ACT_GATHER_INFO
2014-08-14Name : The remote host is affected by a vulnerability that could allow sensitive dat...
File : openssl_ccs_1_0_1.nasl - Type : ACT_ATTACK
2014-08-14Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1053.nasl - Type : ACT_GATHER_INFO
2014-08-14Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1053.nasl - Type : ACT_GATHER_INFO
2014-08-12Name : The remote host contains software that is affected by multiple vulnerabilitie...
File : hp_vca_SSRT101614-rhel.nasl - Type : ACT_GATHER_INFO
2014-08-12Name : The remote host contains software that is affected by multiple vulnerabilitie...
File : hp_vca_SSRT101614-sles.nasl - Type : ACT_GATHER_INFO
2014-08-12Name : The remote host contains software that is affected by multiple vulnerabilitie...
File : hp_vca_SSRT101614.nasl - Type : ACT_GATHER_INFO
2014-08-10Name : The remote Fedora host is missing a security update.
File : fedora_2014-9301.nasl - Type : ACT_GATHER_INFO
2014-08-10Name : The remote Fedora host is missing a security update.
File : fedora_2014-9308.nasl - Type : ACT_GATHER_INFO
2014-08-07Name : The remote host is missing a vendor-supplied security patch.
File : fireeye_os_SB001.nasl - Type : ACT_GATHER_INFO
2014-08-06Name : The remote Windows host contains software that is affected by multiple vulner...
File : hp_systems_insight_manager_73_hotfix_34.nasl - Type : ACT_GATHER_INFO
2014-08-05Name : The FTP server installed on the remote Windows host is affected by multiple O...
File : cerberus_ftp_7_0_0_3.nasl - Type : ACT_GATHER_INFO
2014-08-05Name : The remote device is missing a vendor-supplied security patch.
File : juniper_jsa10629.nasl - Type : ACT_GATHER_INFO
2014-08-04Name : The remote host has a support tool installed that is affected by multiple vul...
File : vmware_vcenter_support_assistant_2014-0006.nasl - Type : ACT_GATHER_INFO
2014-08-01Name : The remote Mac OS X host has a virtual desktop solution that is affected by m...
File : macosx_vmware_horizon_view_client_vmsa_2014_0006.nasl - Type : ACT_GATHER_INFO
2014-08-01Name : The remote host has a virtual desktop solution that is affected by multiple v...
File : vmware_horizon_view_client_vmsa_2014_0006.nasl - Type : ACT_GATHER_INFO
2014-07-31Name : The remote Windows host has an application installed that is affected by mult...
File : vmware_horizon_view_VMSA-2014-0006.nasl - Type : ACT_GATHER_INFO
2014-07-31Name : The remote host has an application installed that is affected by multiple vul...
File : vmware_vcenter_converter_2014-0006.nasl - Type : ACT_GATHER_INFO
2014-07-30Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0679.nasl - Type : ACT_GATHER_INFO
2014-07-30Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0680.nasl - Type : ACT_GATHER_INFO
2014-07-28Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201407-05.nasl - Type : ACT_GATHER_INFO
2014-07-24Name : The remote host has an application installed that is affected by multiple Ope...
File : hp_oneview_1_10.nasl - Type : ACT_GATHER_INFO
2014-07-24Name : The remote host is running software that is affected by multiple vulnerabilit...
File : hp_sum_6_4_1.nasl - Type : ACT_GATHER_INFO
2014-07-24Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0679.nasl - Type : ACT_GATHER_INFO
2014-07-24Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2014-0680.nasl - Type : ACT_GATHER_INFO
2014-07-18Name : The remote host has a web application installed that is affected by multiple ...
File : oracle_e-business_cpu_jul_2014.nasl - Type : ACT_GATHER_INFO
2014-07-17Name : The remote host is affected by multiple vulnerabilities related to the includ...
File : mcafee_email_gateway_SB10075.nasl - Type : ACT_GATHER_INFO
2014-07-17Name : The remote host is affected by multiple vulnerabilities.
File : mcafee_vsel_SB10075.nasl - Type : ACT_GATHER_INFO
2014-07-17Name : The remote host has a version of Oracle Secure Global Desktop that is affecte...
File : oracle_secure_global_desktop_jul_2014_cpu.nasl - Type : ACT_GATHER_INFO
2014-07-16Name : The remote Windows host is affected by a security bypass vulnerability.
File : forticlient_5_0_10.nasl - Type : ACT_GATHER_INFO
2014-07-16Name : The remote web server contains an application that is affected by multiple Op...
File : splunk_605.nasl - Type : ACT_GATHER_INFO
2014-07-15Name : The remote host contains an application that is affected by an information di...
File : libreoffice_423.nasl - Type : ACT_GATHER_INFO
2014-07-15Name : The remote host contains an application that is affected by an information di...
File : macosx_libreoffice_423.nasl - Type : ACT_GATHER_INFO
2014-07-14Name : The remote host has a virtualization appliance installed that is affected by ...
File : vmware_vcenter_server_appliance_2014-0006.nasl - Type : ACT_GATHER_INFO
2014-07-14Name : The remote host is affected by multiple vulnerabilities.
File : cisco_anyconnect_3_1_5170.nasl - Type : ACT_GATHER_INFO
2014-07-14Name : The remote host is affected by multiple vulnerabilities related to OpenSSL.
File : fortinet_FG-IR-14-018.nasl - Type : ACT_GATHER_INFO
2014-07-14Name : The remote host is affected by multiple vulnerabilities.
File : macosx_cisco_anyconnect_3_1_5170.nasl - Type : ACT_GATHER_INFO
2014-07-10Name : A VMware product installed on the remote host is affected by multiple vulnera...
File : macosx_fusion_6_0_4.nasl - Type : ACT_GATHER_INFO
2014-07-10Name : The remote host contains software that is affected by multiple vulnerabilities.
File : vmware_player_linux_6_0_3.nasl - Type : ACT_GATHER_INFO
2014-07-10Name : The remote host contains software that is affected by multiple vulnerabilities.
File : vmware_player_multiple_vmsa_2014-0006.nasl - Type : ACT_GATHER_INFO
2014-07-10Name : The remote host has a virtualization management application installed that is...
File : vmware_vcenter_vmsa-2014-0006.nasl - Type : ACT_GATHER_INFO
2014-07-10Name : The remote host has a virtualization application that is affected by multiple...
File : vmware_workstation_linux_10_0_3.nasl - Type : ACT_GATHER_INFO
2014-07-10Name : The remote host has a virtualization application that is affected by multiple...
File : vmware_workstation_multiple_vmsa_2014_0006.nasl - Type : ACT_GATHER_INFO
2014-07-09Name : A clustered file system on the remote host is affected by a security vulnerab...
File : ibm_gpfs_isg3t1020948_windows.nasl - Type : ACT_GATHER_INFO
2014-07-09Name : The remote Windows host has an application installed that is affected by mult...
File : vmware_vcenter_chargeback_manager_2601.nasl - Type : ACT_GATHER_INFO
2014-07-07Name : The remote Windows host has an application installed that is affected by mult...
File : hp_version_control_repo_manager_hpsbmu03056.nasl - Type : ACT_GATHER_INFO
2014-07-04Name : The remote VMware ESXi 5.0 host is affected by multiple security vulnerabilit...
File : vmware_esxi_5_0_build_1918656_remote.nasl - Type : ACT_GATHER_INFO
2014-07-03Name : The remote server is affected by a remote information disclosure vulnerability.
File : hp_onboard_admin_4_22.nasl - Type : ACT_GATHER_INFO
2014-07-03Name : The remote host has a virtualization appliance installed that is affected by ...
File : vmware_vcenter_operations_manager_vmsa_2014-0006.nasl - Type : ACT_GATHER_INFO
2014-07-03Name : The remote host has an update manager installed that is affected by multiple ...
File : vmware_vcenter_update_mgr_vmsa-2014-0006.nasl - Type : ACT_GATHER_INFO
2014-07-03Name : The remote host has a virtualization client application installed that is aff...
File : vsphere_client_vmsa_2014-0006.nasl - Type : ACT_GATHER_INFO
2014-07-02Name : The remote web server is affected by multiple vulnerabilities.
File : hpsmh_7_3_3_1.nasl - Type : ACT_GATHER_INFO
2014-06-26Name : The remote device is affected by a security bypass vulnerability.
File : bluecoat_proxy_sg_6_4_6_4.nasl - Type : ACT_GATHER_INFO
2014-06-24Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2232-3.nasl - Type : ACT_GATHER_INFO
2014-06-24Name : The remote VMware ESXi 5.1 host is affected by multiple vulnerabilities.
File : vmware_esxi_5_1_build_1900470_remote.nasl - Type : ACT_GATHER_INFO
2014-06-20Name : The remote device is potentially affected by a security bypass vulnerability.
File : bluecoat_proxy_sg_4_x_openssl.nasl - Type : ACT_GATHER_INFO
2014-06-20Name : The remote device is potentially affected by a security bypass vulnerability.
File : bluecoat_proxy_sg_6_2_15_6.nasl - Type : ACT_GATHER_INFO
2014-06-20Name : The remote device is potentially affected by multiple vulnerabilities.
File : bluecoat_proxy_sg_6_5_4_4.nasl - Type : ACT_GATHER_INFO
2014-06-20Name : The remote Windows host has an application that may be affected by multiple v...
File : winscp_5_5_4.nasl - Type : ACT_GATHER_INFO
2014-06-19Name : The remote host is affected by multiple vulnerabilities.
File : mcafee_epo_sb10075.nasl - Type : ACT_GATHER_INFO
2014-06-19Name : The remote host is affected by multiple vulnerabilities.
File : mcafee_web_gateway_sb10075.nasl - Type : ACT_GATHER_INFO
2014-06-18Name : The remote host is affected by a man-in-the-middle vulnerability.
File : cisco-CSCup22544-ace.nasl - Type : ACT_GATHER_INFO
2014-06-18Name : The remote host is affected by multiple vulnerabilities.
File : cisco_asa_CSCup22532.nasl - Type : ACT_GATHER_INFO
2014-06-18Name : The remote host is affected by multiple vulnerabilities.
File : cisco_jabber_client_CSCup23913.nasl - Type : ACT_GATHER_INFO
2014-06-18Name : The remote host is affected by multiple vulnerabilities.
File : cisco_ons_CSCup24077.nasl - Type : ACT_GATHER_INFO
2014-06-18Name : The remote host is affected by multiple vulnerabilities.
File : cisco_telepresence_mcu_CSCup23994.nasl - Type : ACT_GATHER_INFO
2014-06-18Name : The remote host is affected by multiple vulnerabilities.
File : cisco_telepresence_supervisor_8050_mse_CSCup22635.nasl - Type : ACT_GATHER_INFO
2014-06-18Name : The remote device is missing a vendor-supplied security patch.
File : junos_pulse_jsa10629.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote AIX host has a version of OpenSSL installed that is potentially af...
File : aix_openssl_advisory9.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2232-2.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-325.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-359.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-360.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-410.nasl - Type : ACT_GATHER_INFO
2014-06-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3040.nasl - Type : ACT_GATHER_INFO
2014-06-12Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140605_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-06-11Name : The remote AIX host has a vulnerable version of OpenSSL.
File : aix_openssl_advisory8.nasl - Type : ACT_GATHER_INFO
2014-06-11Name : The remote VMware ESXi host is missing one or more security-related patches.
File : vmware_VMSA-2014-0006.nasl - Type : ACT_GATHER_INFO
2014-06-11Name : The remote VMware ESXi 5.5 host is affected by multiple vulnerabilities.
File : vmware_esxi_5_5_build_1881737_remote.nasl - Type : ACT_GATHER_INFO
2014-06-10Name : The remote Windows host contains a program that is affected by multiple vulne...
File : stunnel_5_02.nasl - Type : ACT_GATHER_INFO
2014-06-10Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-106.nasl - Type : ACT_GATHER_INFO
2014-06-06Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2014-156-03.nasl - Type : ACT_GATHER_INFO
2014-06-06Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0624.nasl - Type : ACT_GATHER_INFO
2014-06-06Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0625.nasl - Type : ACT_GATHER_INFO
2014-06-06Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0626.nasl - Type : ACT_GATHER_INFO
2014-06-06Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2950.nasl - Type : ACT_GATHER_INFO
2014-06-06Name : The remote Fedora host is missing a security update.
File : fedora_2014-7101.nasl - Type : ACT_GATHER_INFO
2014-06-06Name : The remote Fedora host is missing a security update.
File : fedora_2014-7102.nasl - Type : ACT_GATHER_INFO
2014-06-06Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_5ac53801ec2e11e39cf33c970e169bc2.nasl - Type : ACT_GATHER_INFO
2014-06-06Name : The remote service is affected by multiple vulnerabilities.
File : openssl_0_9_8za.nasl - Type : ACT_GATHER_INFO
2014-06-06Name : The remote service is affected by multiple vulnerabilities.
File : openssl_1_0_1h.nasl - Type : ACT_GATHER_INFO
2014-06-06Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0624.nasl - Type : ACT_GATHER_INFO
2014-06-06Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0625.nasl - Type : ACT_GATHER_INFO
2014-06-06Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0626.nasl - Type : ACT_GATHER_INFO
2014-06-06Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0624.nasl - Type : ACT_GATHER_INFO
2014-06-06Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0625.nasl - Type : ACT_GATHER_INFO
2014-06-06Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0626.nasl - Type : ACT_GATHER_INFO
2014-06-06Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140605_openssl097a_and_openssl098e_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-06-06Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140605_openssl_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-06-06Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libopenssl-devel-140604.nasl - Type : ACT_GATHER_INFO
2014-06-06Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2232-1.nasl - Type : ACT_GATHER_INFO
2014-06-05Name : The remote host is potentially affected by a vulnerability that could allow s...
File : openssl_ccs.nasl - Type : ACT_ATTACK
2014-05-19Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2931.nasl - Type : ACT_GATHER_INFO
2014-05-19Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-090.nasl - Type : ACT_GATHER_INFO
2014-05-09Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-080.nasl - Type : ACT_GATHER_INFO
2014-05-07Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_1959e847d4f011e384b00018fe623f2b.nasl - Type : ACT_GATHER_INFO
2014-05-06Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2192-1.nasl - Type : ACT_GATHER_INFO
2014-04-23Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_0b8d7194ca8811e39d8dc80aa9043978.nasl - Type : ACT_GATHER_INFO
2014-04-18Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2908.nasl - Type : ACT_GATHER_INFO
2014-04-08Name : The remote service is affected by multiple vulnerabilities.
File : openssl_1_0_0m.nasl - Type : ACT_GATHER_INFO
2013-06-05Name : The remote host is missing Sun Security Patch number 150383-19
File : solaris10_150383.nasl - Type : ACT_GATHER_INFO
2013-06-02Name : The remote host is missing Sun Security Patch number 148071-19
File : solaris10_148071.nasl - Type : ACT_GATHER_INFO
2013-06-02Name : The remote host is missing Sun Security Patch number 148072-19
File : solaris10_x86_148072.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-07-29 13:25:44
  • Multiple Updates
2014-07-28 05:23:21
  • First insertion