what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 39 RSS Feed

CVE-2014-0221

Status Candidate

Overview

The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.

Related Files

HP Security Bulletin HPSBST03642 3
Posted Jan 25, 2017
Authored by HP | Site hp.com

HP Security Bulletin HPSBST03642 3 - Security vulnerabilities in OpenSSL and OpenSSH were addressed in HPE StoreVirtual products using LeftHand OS. These vulnerabilities include the SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely resulting in disclosure of information, additional OpenSSL and OpenSSH vulnerabilities which could be remotely exploited resulting in arbitrary code execution, unauthorized access, disclosure of information, or Denial of Service (DoS). Revision 3 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability, code execution
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470, CVE-2014-3566, CVE-2016-0705
SHA-256 | 864bcff09d4a86c839035348112fa45614c1f5e5a95ea128a61d9122002eb2f1
Mandriva Linux Security Advisory 2015-062
Posted Mar 27, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-062 - Multiple vulnerabilities has been discovered and corrected in openssl. The updated packages have been upgraded to the 1.0.1m version where these security flaws has been fixed.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0160, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470, CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206, CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0293
SHA-256 | e171ec43c2e20ccaebff7416a52645d7f17fe5f2ac7aa5376af3eb0518dd7115
Apple Security Advisory 2014-09-17-3
Posted Sep 19, 2014
Authored by Apple | Site apple.com

Apple Security Advisory 2014-09-17-3 - OS X Mavericks 10.9.5 and Security Update 2014-004 are now available and address PHP code execution, Bluetooth API validation, PDF handling, and various other vulnerabilities.

tags | advisory, php, vulnerability, code execution
systems | apple, osx
advisories | CVE-2013-7345, CVE-2014-0076, CVE-2014-0185, CVE-2014-0195, CVE-2014-0207, CVE-2014-0221, CVE-2014-0224, CVE-2014-0237, CVE-2014-0238, CVE-2014-1391, CVE-2014-1943, CVE-2014-2270, CVE-2014-2525, CVE-2014-3470, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3515, CVE-2014-3981, CVE-2014-4049, CVE-2014-4350, CVE-2014-4374, CVE-2014-4376, CVE-2014-4377, CVE-2014-4378, CVE-2014-4379, CVE-2014-4381
SHA-256 | 4e7c77251432e1559177fbfc860df8439663744f27a763ac3194f1ebdf0e44e0
HP Security Bulletin HPSBMU03076 2
Posted Aug 26, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03076 2 - Potential security vulnerabilities have been identified with HP Systems Insight Manager running on Linux and Windows which could be exploited remotely resulting in multiple vulnerabilities. Revision 2 of this advisory.

tags | advisory, vulnerability
systems | linux, windows
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | 74c6011fdf049e842deed96044d5db0c591aa6e4838740959a4510208f32ffef
Red Hat Security Advisory 2014-1086-01
Posted Aug 21, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1086-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release serves as a replacement for Red Hat JBoss Web Server 2.0.1, and includes several bug fixes.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2013-4590, CVE-2014-0118, CVE-2014-0119, CVE-2014-0221, CVE-2014-0226, CVE-2014-0231
SHA-256 | 1869ac672baeb6d6231ed4264632e0262537ca84832e3d8b68ec845527428f94
EMC Documentum Code Execution / DQL Injection
Posted Aug 19, 2014
Site emc.com

EMC Documentum suffers from code execution, DQL injection, information disclosure, and multiple openssl vulnerabilities. Nicolas Gregoire provided the following PoC for the DQL injection: x'+UNION+ALL+SELECT+'z',user_os_name,user_name,default_folder+FROM+dm_user+ENABLE+(RETURN_TOP+10);

tags | advisory, vulnerability, code execution, info disclosure
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-2520, CVE-2014-2521, CVE-2014-3470, CVE-2014-4618
SHA-256 | 8519416c566585987d0c1b89564e5ddbeb78d80955a30917dd2386336520cb34
Ubuntu Security Notice USN-2232-4
Posted Aug 18, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2232-4 - USN-2232-1 fixed vulnerabilities in OpenSSL. One of the patch backports for Ubuntu 10.04 LTS caused a regression for certain applications. This update fixes the problem.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | 67e0e8644e9b976275e227eeae25d58569e1a29be71eb344aa1092fdbe47be4d
Red Hat Security Advisory 2014-1053-01
Posted Aug 14, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1053-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory. Multiple flaws were discovered in the way OpenSSL handled DTLS packets. A remote attacker could use these flaws to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2014-0221, CVE-2014-3505, CVE-2014-3506, CVE-2014-3508, CVE-2014-3510
SHA-256 | 948de4a34ae026c5dab154c65c77547ef33ef30112240c62df3060016b472f9b
HP Security Bulletin HPSBMU03062
Posted Aug 8, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03062 - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH), HP Smart Update Manager (SUM), and HP Version Control Agent (VCA) running on Linux and Windows. These components of HP Insight Control server deployment could be exploited remotely resulting in denial of service (DoS), code execution, unauthorized access, or disclosure of information. HP Insight Control server deployment packages HP System Management Homepage (SMH) and HP Version Control Agent (VCA), and HP Smart Update Manager (SUM) and deploys them through the following components. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, windows
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | 30ec904a6c5c9b83f25c8416bbe55a4e98f45470d07086d87abb9523fa9c1f14
Red Hat Security Advisory 2014-1021-01
Posted Aug 7, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1021-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user. A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression. A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system.

tags | advisory, java, remote, denial of service, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2014-0118, CVE-2014-0193, CVE-2014-0221, CVE-2014-0226, CVE-2014-0231, CVE-2014-3472
SHA-256 | 22e9d1dba5571b19e90edd9bd75c20402a5f2b415a003632541ae628f3d33b93
Gentoo Linux Security Advisory 201407-05
Posted Jul 28, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201407-5 - Multiple vulnerabilities have been found in OpenSSL, possibly allowing remote attackers to execute arbitrary code. Versions less than 1.0.1h-r1 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2010-5298, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | 058715fbe6887e5fa7531493f741e2281a8b6fbd10beffa54560903e427c61b1
HP Security Bulletin HPSBMU03076
Posted Jul 24, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03076 - Potential security vulnerabilities have been identified with HP Systems Insight Manager running on Linux and Windows which could be exploited remotely resulting in multiple vulnerabilities. Revision 1 of this advisory.

tags | advisory, vulnerability
systems | linux, windows
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | 9b97ca3342a8fe043d011e3fbc87f0bef6c8bf5869678631e38d1bc64e95c33b
HP Security Bulletin HPSBMU03074
Posted Jul 24, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03074 - Potential security vulnerabilities have been identified with HP Insight Control server migration running on Linux and Windows which could be exploited remotely resulting in denial of service (DoS), code execution, unauthorized access, or disclosure of information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, windows
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | 1a4d710e9dd7291eeed8fb57906255564db16e374b955cf64cee067d9ffb017e
HP Security Bulletin HPSBMU03069
Posted Jul 11, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03069 - Potential security vulnerabilities have been identified with HP Software Operation Orchestration. The vulnerabilities could be exploited to allow remote code execution, denial of service (DoS) and disclosure of information. This OpenSSL vulnerabilities were detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP Software products. This bulletin notifies HP Software customers about products affected by the OpenSSL vulnerabilities. Revision 1 of this advisory.

tags | advisory, remote, denial of service, vulnerability, code execution
advisories | CVE-2014-0195, CVE-2014-0221, CVE-2014-3470
SHA-256 | ef1f29ac5ba91c5848105e696dc6e7c2126999c14cf33cd9e5983d066a8dbd98
HP Security Bulletin HPSBMU03065
Posted Jul 9, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03065 - A potential security vulnerability has been identified with HP Operations Analytics. The vulnerability could be exploited to allow remote code execution, denial of service (DoS) and disclosure of information. This OpenSSL vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some HP Software products. This bulletin notifies HP Software customers about products affected by the OpenSSL vulnerabilities Note: OpenSSL vulnerabilities, are vulnerabilities found in the OpenSSL product cryptographic software library product. This weakness potentially allows Man in the Middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The impacted products appear in the list below are vulnerable due to embedding of OpenSSL standard release software. Revision 1 of this advisory.

tags | advisory, remote, denial of service, vulnerability, code execution
advisories | CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | 61e271b9ce8005a1f9df6d96082ae4e049ecb5577e074803053664478dc03fa4
HP Security Bulletin HPSBGN03050
Posted Jul 9, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBGN03050 - Potential security vulnerabilities have been identified with HP IceWall SSO Dfw and HP IceWall MCRP running OpenSSL. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2014-0076, CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | 9842436300db478ec8d27f3b8423dc7d10b75ee1f6ad9db17647d95a1f9ff8a2
HP Security Bulletin HPSBMU03051 2
Posted Jul 6, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03051 2 - Potential security vulnerabilities have been identified with HP System Management Homepage running OpenSSL on Linux and Windows. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information. Revision 2 of this advisory.

tags | advisory, denial of service, vulnerability
systems | linux, windows
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | a8b4016c09a06b99a77961252874991fb1d5f4b7f94d12df1115b2d59481596b
HP Security Bulletin HPSBMU03055
Posted Jul 2, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03055 - Potential security vulnerabilities have been identified with HP Smart Update Manager (HP SUM) running OpenSSL. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2010-5298, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | 02b0a1928a87117f1fa493f08a54b1d05eabf305e668a1cba7e4dd009b30814a
HP Security Bulletin HPSBMU03056
Posted Jun 27, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03056 - Potential security vulnerabilities have been identified with HP Version Control Repository Manager (HP VCRM) running OpenSSL on Linux and Windows. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | linux, windows
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | b614877919ffd8acdaa97393db4294d3cac0f62dcd1d3c07cbb31e1f020b0139
HP Security Bulletin HPSBMU03057
Posted Jun 27, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03057 - Potential security vulnerabilities have been identified with HP Version Control Agent (HP VCA) running OpenSSL on Linux and Windows. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | linux, windows
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | d2900fe18279864e2d174ab252466414338a67aafa6110a5ff22a7ed7b064f41
HP Security Bulletin HPSBMU03051
Posted Jun 25, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU03051 - Potential security vulnerabilities have been identified with HP System Management Homepage running OpenSSL on Linux and Windows. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
systems | linux, windows
advisories | CVE-2010-5298, CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | 385e5e6edf1d7ef7bbc8050d651def4d345aba8a057fa2b355d6c87431ead849
Ubuntu Security Notice USN-2232-3
Posted Jun 24, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2232-3 - USN-2232-1 fixed vulnerabilities in OpenSSL. The upstream fix for CVE-2014-0224 caused a regression for certain applications that use renegotiation, such as PostgreSQL. This update fixes the problem.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | cc6733f4fffea0f3b6869064e684111e12bbecad4854424c42c0407cf80705b2
HP Security Bulletin HPSBOV03047
Posted Jun 19, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV03047 - Potential security vulnerabilities have been identified with HP OpenVMS running OpenSSL. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, or disclose information. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2014-0076, CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | e545961d2486992ac5cd08c4a4d901c108cc777140b0a87c47be2e344c642f8a
HP Security Bulletin HPSBUX03046 SSRT101590 2
Posted Jun 17, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03046 SSRT101590 2 - Potential security vulnerabilities have been identified with HP-UX running OpenSSL. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, bypass security restrictions, disclose information, or allow unauthorized access. Revision 2 of this advisory.

tags | advisory, denial of service, vulnerability
systems | hpux
advisories | CVE-2014-0076, CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | 82b711db58c11d9acdbe01d1244f27e7cce6fb0f760c5bd171d01059147203d5
Debian Security Advisory 2950-2
Posted Jun 17, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2950-2 - This update updates the upstream fix for CVE-2014-0224 to address problems with CCS which could result in problems with the Postgres database.

tags | advisory
systems | linux, debian
advisories | CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470
SHA-256 | f151f5f5f15dae8af04e0f433f6ad6ef33c50c6d4e2928146538a0f0cb46b400
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close