| 0 |
|
| 1 |
|
| 2 |
| url |
VCID-4197-62g5-8ka3 |
| vulnerability_id |
VCID-4197-62g5-8ka3 |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/openssl@1.0.1t-1%2Bdeb8u8 |
| purl |
pkg:deb/debian/openssl@1.0.1t-1%2Bdeb8u8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-249a-9kqa-p7an |
|
| 1 |
| vulnerability |
VCID-3pke-7yer-87hz |
|
| 2 |
| vulnerability |
VCID-4197-62g5-8ka3 |
|
| 3 |
| vulnerability |
VCID-448b-h78v-wfes |
|
| 4 |
| vulnerability |
VCID-4pe4-89ss-57am |
|
| 5 |
| vulnerability |
VCID-4wy2-zsz2-a3ew |
|
| 6 |
| vulnerability |
VCID-7gkv-pu79-43hx |
|
| 7 |
| vulnerability |
VCID-8fae-zjwu-47gz |
|
| 8 |
| vulnerability |
VCID-d1w5-8ktx-cubx |
|
| 9 |
| vulnerability |
VCID-dspw-qctj-jufk |
|
| 10 |
| vulnerability |
VCID-e6jy-vxau-jfba |
|
| 11 |
| vulnerability |
VCID-erdm-7pfg-e7hc |
|
| 12 |
| vulnerability |
VCID-fb66-4fr3-xye7 |
|
| 13 |
| vulnerability |
VCID-fgmh-6g91-9qgv |
|
| 14 |
| vulnerability |
VCID-g1bm-2aj1-kff9 |
|
| 15 |
| vulnerability |
VCID-k4k5-uhxu-gyc1 |
|
| 16 |
| vulnerability |
VCID-m4ms-vh59-ufbd |
|
| 17 |
| vulnerability |
VCID-n1r2-zqmn-2ufh |
|
| 18 |
| vulnerability |
VCID-rynq-d6tu-2ygg |
|
| 19 |
| vulnerability |
VCID-uw52-vah8-uqda |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.0.1t-1%252Bdeb8u8 |
|
| 1 |
|
|
| aliases |
CVE-2016-2181
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4197-62g5-8ka3 |
|
| 3 |
| url |
VCID-448b-h78v-wfes |
| vulnerability_id |
VCID-448b-h78v-wfes |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/openssl@1.0.1t-1%2Bdeb8u8 |
| purl |
pkg:deb/debian/openssl@1.0.1t-1%2Bdeb8u8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-249a-9kqa-p7an |
|
| 1 |
| vulnerability |
VCID-3pke-7yer-87hz |
|
| 2 |
| vulnerability |
VCID-4197-62g5-8ka3 |
|
| 3 |
| vulnerability |
VCID-448b-h78v-wfes |
|
| 4 |
| vulnerability |
VCID-4pe4-89ss-57am |
|
| 5 |
| vulnerability |
VCID-4wy2-zsz2-a3ew |
|
| 6 |
| vulnerability |
VCID-7gkv-pu79-43hx |
|
| 7 |
| vulnerability |
VCID-8fae-zjwu-47gz |
|
| 8 |
| vulnerability |
VCID-d1w5-8ktx-cubx |
|
| 9 |
| vulnerability |
VCID-dspw-qctj-jufk |
|
| 10 |
| vulnerability |
VCID-e6jy-vxau-jfba |
|
| 11 |
| vulnerability |
VCID-erdm-7pfg-e7hc |
|
| 12 |
| vulnerability |
VCID-fb66-4fr3-xye7 |
|
| 13 |
| vulnerability |
VCID-fgmh-6g91-9qgv |
|
| 14 |
| vulnerability |
VCID-g1bm-2aj1-kff9 |
|
| 15 |
| vulnerability |
VCID-k4k5-uhxu-gyc1 |
|
| 16 |
| vulnerability |
VCID-m4ms-vh59-ufbd |
|
| 17 |
| vulnerability |
VCID-n1r2-zqmn-2ufh |
|
| 18 |
| vulnerability |
VCID-rynq-d6tu-2ygg |
|
| 19 |
| vulnerability |
VCID-uw52-vah8-uqda |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.0.1t-1%252Bdeb8u8 |
|
| 1 |
|
|
| aliases |
CVE-2016-2177
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-448b-h78v-wfes |
|
| 4 |
|
| 5 |
| url |
VCID-4wy2-zsz2-a3ew |
| vulnerability_id |
VCID-4wy2-zsz2-a3ew |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/openssl@1.0.1t-1%2Bdeb8u8 |
| purl |
pkg:deb/debian/openssl@1.0.1t-1%2Bdeb8u8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-249a-9kqa-p7an |
|
| 1 |
| vulnerability |
VCID-3pke-7yer-87hz |
|
| 2 |
| vulnerability |
VCID-4197-62g5-8ka3 |
|
| 3 |
| vulnerability |
VCID-448b-h78v-wfes |
|
| 4 |
| vulnerability |
VCID-4pe4-89ss-57am |
|
| 5 |
| vulnerability |
VCID-4wy2-zsz2-a3ew |
|
| 6 |
| vulnerability |
VCID-7gkv-pu79-43hx |
|
| 7 |
| vulnerability |
VCID-8fae-zjwu-47gz |
|
| 8 |
| vulnerability |
VCID-d1w5-8ktx-cubx |
|
| 9 |
| vulnerability |
VCID-dspw-qctj-jufk |
|
| 10 |
| vulnerability |
VCID-e6jy-vxau-jfba |
|
| 11 |
| vulnerability |
VCID-erdm-7pfg-e7hc |
|
| 12 |
| vulnerability |
VCID-fb66-4fr3-xye7 |
|
| 13 |
| vulnerability |
VCID-fgmh-6g91-9qgv |
|
| 14 |
| vulnerability |
VCID-g1bm-2aj1-kff9 |
|
| 15 |
| vulnerability |
VCID-k4k5-uhxu-gyc1 |
|
| 16 |
| vulnerability |
VCID-m4ms-vh59-ufbd |
|
| 17 |
| vulnerability |
VCID-n1r2-zqmn-2ufh |
|
| 18 |
| vulnerability |
VCID-rynq-d6tu-2ygg |
|
| 19 |
| vulnerability |
VCID-uw52-vah8-uqda |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.0.1t-1%252Bdeb8u8 |
|
| 1 |
|
|
| aliases |
CVE-2016-6304
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4wy2-zsz2-a3ew |
|
| 6 |
| url |
VCID-7gkv-pu79-43hx |
| vulnerability_id |
VCID-7gkv-pu79-43hx |
| summary |
Security researcher Matthew Green reported a Diffie–Hellman
(DHE) key processing issue in Network Security Services (NSS) where a
man-in-the-middle (MITM) attacker can force a server to downgrade TLS
connections to 512-bit export-grade cryptography by modifying client
requests to include only export-grade cipher suites. The resulting
weak key can then be leveraged to impersonate the server. This attack
is detailed in the "Imperfect Forward
Secrecy: How Diffie-Hellman Fails in Practice" paper and is known as the
"Logjam Attack."This issue was fixed in NSS version 3.19.1 by limiting the lower strength of
supported DHE keys to use 1023 bit primes. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
| 24 |
|
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/openssl@1.0.1e-2%2Bdeb7u20 |
| purl |
pkg:deb/debian/openssl@1.0.1e-2%2Bdeb7u20 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-249a-9kqa-p7an |
|
| 1 |
| vulnerability |
VCID-3pke-7yer-87hz |
|
| 2 |
| vulnerability |
VCID-4197-62g5-8ka3 |
|
| 3 |
| vulnerability |
VCID-448b-h78v-wfes |
|
| 4 |
| vulnerability |
VCID-4pe4-89ss-57am |
|
| 5 |
| vulnerability |
VCID-4wy2-zsz2-a3ew |
|
| 6 |
| vulnerability |
VCID-7gkv-pu79-43hx |
|
| 7 |
| vulnerability |
VCID-81zk-xrsj-cufe |
|
| 8 |
| vulnerability |
VCID-8fae-zjwu-47gz |
|
| 9 |
| vulnerability |
VCID-d1w5-8ktx-cubx |
|
| 10 |
| vulnerability |
VCID-dspw-qctj-jufk |
|
| 11 |
| vulnerability |
VCID-e6jy-vxau-jfba |
|
| 12 |
| vulnerability |
VCID-erdm-7pfg-e7hc |
|
| 13 |
| vulnerability |
VCID-fb66-4fr3-xye7 |
|
| 14 |
| vulnerability |
VCID-fgmh-6g91-9qgv |
|
| 15 |
| vulnerability |
VCID-g1bm-2aj1-kff9 |
|
| 16 |
| vulnerability |
VCID-k4k5-uhxu-gyc1 |
|
| 17 |
| vulnerability |
VCID-m4ms-vh59-ufbd |
|
| 18 |
| vulnerability |
VCID-n1r2-zqmn-2ufh |
|
| 19 |
| vulnerability |
VCID-rynq-d6tu-2ygg |
|
| 20 |
| vulnerability |
VCID-uw52-vah8-uqda |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.0.1e-2%252Bdeb7u20 |
|
| 1 |
| url |
pkg:deb/debian/openssl@1.0.1t-1%2Bdeb8u8 |
| purl |
pkg:deb/debian/openssl@1.0.1t-1%2Bdeb8u8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-249a-9kqa-p7an |
|
| 1 |
| vulnerability |
VCID-3pke-7yer-87hz |
|
| 2 |
| vulnerability |
VCID-4197-62g5-8ka3 |
|
| 3 |
| vulnerability |
VCID-448b-h78v-wfes |
|
| 4 |
| vulnerability |
VCID-4pe4-89ss-57am |
|
| 5 |
| vulnerability |
VCID-4wy2-zsz2-a3ew |
|
| 6 |
| vulnerability |
VCID-7gkv-pu79-43hx |
|
| 7 |
| vulnerability |
VCID-8fae-zjwu-47gz |
|
| 8 |
| vulnerability |
VCID-d1w5-8ktx-cubx |
|
| 9 |
| vulnerability |
VCID-dspw-qctj-jufk |
|
| 10 |
| vulnerability |
VCID-e6jy-vxau-jfba |
|
| 11 |
| vulnerability |
VCID-erdm-7pfg-e7hc |
|
| 12 |
| vulnerability |
VCID-fb66-4fr3-xye7 |
|
| 13 |
| vulnerability |
VCID-fgmh-6g91-9qgv |
|
| 14 |
| vulnerability |
VCID-g1bm-2aj1-kff9 |
|
| 15 |
| vulnerability |
VCID-k4k5-uhxu-gyc1 |
|
| 16 |
| vulnerability |
VCID-m4ms-vh59-ufbd |
|
| 17 |
| vulnerability |
VCID-n1r2-zqmn-2ufh |
|
| 18 |
| vulnerability |
VCID-rynq-d6tu-2ygg |
|
| 19 |
| vulnerability |
VCID-uw52-vah8-uqda |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.0.1t-1%252Bdeb8u8 |
|
| 2 |
|
|
| aliases |
CVE-2015-4000
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7gkv-pu79-43hx |
|
| 7 |
| url |
VCID-81zk-xrsj-cufe |
| vulnerability_id |
VCID-81zk-xrsj-cufe |
| summary |
Security researcher Karthikeyan Bhargavan reported an issue
in Network Security Services (NSS) where MD5 signatures in the server signature within the
TLS 1.2 ServerKeyExchange message are still accepted. This is an issue since NSS has
officially disallowed the accepting MD5 as a hash algorithm in signatures since 2011. This
issues exposes NSS based clients such as Firefox to theoretical collision-based forgery
attacks. This issue was fixed in NSS version 3.20.2. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
| 22 |
|
| 23 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/openssl@1.0.1e-2%2Bdeb7u20 |
| purl |
pkg:deb/debian/openssl@1.0.1e-2%2Bdeb7u20 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-249a-9kqa-p7an |
|
| 1 |
| vulnerability |
VCID-3pke-7yer-87hz |
|
| 2 |
| vulnerability |
VCID-4197-62g5-8ka3 |
|
| 3 |
| vulnerability |
VCID-448b-h78v-wfes |
|
| 4 |
| vulnerability |
VCID-4pe4-89ss-57am |
|
| 5 |
| vulnerability |
VCID-4wy2-zsz2-a3ew |
|
| 6 |
| vulnerability |
VCID-7gkv-pu79-43hx |
|
| 7 |
| vulnerability |
VCID-81zk-xrsj-cufe |
|
| 8 |
| vulnerability |
VCID-8fae-zjwu-47gz |
|
| 9 |
| vulnerability |
VCID-d1w5-8ktx-cubx |
|
| 10 |
| vulnerability |
VCID-dspw-qctj-jufk |
|
| 11 |
| vulnerability |
VCID-e6jy-vxau-jfba |
|
| 12 |
| vulnerability |
VCID-erdm-7pfg-e7hc |
|
| 13 |
| vulnerability |
VCID-fb66-4fr3-xye7 |
|
| 14 |
| vulnerability |
VCID-fgmh-6g91-9qgv |
|
| 15 |
| vulnerability |
VCID-g1bm-2aj1-kff9 |
|
| 16 |
| vulnerability |
VCID-k4k5-uhxu-gyc1 |
|
| 17 |
| vulnerability |
VCID-m4ms-vh59-ufbd |
|
| 18 |
| vulnerability |
VCID-n1r2-zqmn-2ufh |
|
| 19 |
| vulnerability |
VCID-rynq-d6tu-2ygg |
|
| 20 |
| vulnerability |
VCID-uw52-vah8-uqda |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.0.1e-2%252Bdeb7u20 |
|
| 1 |
| url |
pkg:deb/debian/openssl@1.0.1k-3 |
| purl |
pkg:deb/debian/openssl@1.0.1k-3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-249a-9kqa-p7an |
|
| 1 |
| vulnerability |
VCID-3pke-7yer-87hz |
|
| 2 |
| vulnerability |
VCID-4197-62g5-8ka3 |
|
| 3 |
| vulnerability |
VCID-448b-h78v-wfes |
|
| 4 |
| vulnerability |
VCID-4pe4-89ss-57am |
|
| 5 |
| vulnerability |
VCID-4wy2-zsz2-a3ew |
|
| 6 |
| vulnerability |
VCID-7gkv-pu79-43hx |
|
| 7 |
| vulnerability |
VCID-8fae-zjwu-47gz |
|
| 8 |
| vulnerability |
VCID-d1w5-8ktx-cubx |
|
| 9 |
| vulnerability |
VCID-dspw-qctj-jufk |
|
| 10 |
| vulnerability |
VCID-e6jy-vxau-jfba |
|
| 11 |
| vulnerability |
VCID-erdm-7pfg-e7hc |
|
| 12 |
| vulnerability |
VCID-fb66-4fr3-xye7 |
|
| 13 |
| vulnerability |
VCID-fgmh-6g91-9qgv |
|
| 14 |
| vulnerability |
VCID-g1bm-2aj1-kff9 |
|
| 15 |
| vulnerability |
VCID-k4k5-uhxu-gyc1 |
|
| 16 |
| vulnerability |
VCID-m4ms-vh59-ufbd |
|
| 17 |
| vulnerability |
VCID-n1r2-zqmn-2ufh |
|
| 18 |
| vulnerability |
VCID-rynq-d6tu-2ygg |
|
| 19 |
| vulnerability |
VCID-uw52-vah8-uqda |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.0.1k-3 |
|
|
| aliases |
CVE-2015-7575
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-81zk-xrsj-cufe |
|
| 8 |
|
| 9 |
| url |
VCID-atus-ryef-17h1 |
| vulnerability_id |
VCID-atus-ryef-17h1 |
| summary |
Mozilla developers added support in the Network Security Services
module for preventing a type of man-in-the-middle attack against TLS
using forced renegotiation.Note that to benefit from the fix, Firefox 3.6 and
Firefox 3.5 users will need to set
their security.ssl.require_safe_negotiation preference to
true. Firefox 3 does not contain the fix for this issue. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/openssl@0.9.8o-4squeeze14 |
| purl |
pkg:deb/debian/openssl@0.9.8o-4squeeze14 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-249a-9kqa-p7an |
|
| 1 |
| vulnerability |
VCID-3pke-7yer-87hz |
|
| 2 |
| vulnerability |
VCID-4197-62g5-8ka3 |
|
| 3 |
| vulnerability |
VCID-448b-h78v-wfes |
|
| 4 |
| vulnerability |
VCID-4pe4-89ss-57am |
|
| 5 |
| vulnerability |
VCID-4wy2-zsz2-a3ew |
|
| 6 |
| vulnerability |
VCID-7gkv-pu79-43hx |
|
| 7 |
| vulnerability |
VCID-81zk-xrsj-cufe |
|
| 8 |
| vulnerability |
VCID-8fae-zjwu-47gz |
|
| 9 |
| vulnerability |
VCID-d1w5-8ktx-cubx |
|
| 10 |
| vulnerability |
VCID-dspw-qctj-jufk |
|
| 11 |
| vulnerability |
VCID-e6jy-vxau-jfba |
|
| 12 |
| vulnerability |
VCID-erdm-7pfg-e7hc |
|
| 13 |
| vulnerability |
VCID-fb66-4fr3-xye7 |
|
| 14 |
| vulnerability |
VCID-fgmh-6g91-9qgv |
|
| 15 |
| vulnerability |
VCID-g1bm-2aj1-kff9 |
|
| 16 |
| vulnerability |
VCID-k4k5-uhxu-gyc1 |
|
| 17 |
| vulnerability |
VCID-m4ms-vh59-ufbd |
|
| 18 |
| vulnerability |
VCID-n1r2-zqmn-2ufh |
|
| 19 |
| vulnerability |
VCID-rynq-d6tu-2ygg |
|
| 20 |
| vulnerability |
VCID-uw52-vah8-uqda |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0.9.8o-4squeeze14 |
|
|
| aliases |
CVE-2009-3555, GHSA-f7w7-6pjc-wwm6, VU#120541
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-atus-ryef-17h1 |
|
| 10 |
| url |
VCID-d1w5-8ktx-cubx |
| vulnerability_id |
VCID-d1w5-8ktx-cubx |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/openssl@1.0.1t-1%2Bdeb8u8 |
| purl |
pkg:deb/debian/openssl@1.0.1t-1%2Bdeb8u8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-249a-9kqa-p7an |
|
| 1 |
| vulnerability |
VCID-3pke-7yer-87hz |
|
| 2 |
| vulnerability |
VCID-4197-62g5-8ka3 |
|
| 3 |
| vulnerability |
VCID-448b-h78v-wfes |
|
| 4 |
| vulnerability |
VCID-4pe4-89ss-57am |
|
| 5 |
| vulnerability |
VCID-4wy2-zsz2-a3ew |
|
| 6 |
| vulnerability |
VCID-7gkv-pu79-43hx |
|
| 7 |
| vulnerability |
VCID-8fae-zjwu-47gz |
|
| 8 |
| vulnerability |
VCID-d1w5-8ktx-cubx |
|
| 9 |
| vulnerability |
VCID-dspw-qctj-jufk |
|
| 10 |
| vulnerability |
VCID-e6jy-vxau-jfba |
|
| 11 |
| vulnerability |
VCID-erdm-7pfg-e7hc |
|
| 12 |
| vulnerability |
VCID-fb66-4fr3-xye7 |
|
| 13 |
| vulnerability |
VCID-fgmh-6g91-9qgv |
|
| 14 |
| vulnerability |
VCID-g1bm-2aj1-kff9 |
|
| 15 |
| vulnerability |
VCID-k4k5-uhxu-gyc1 |
|
| 16 |
| vulnerability |
VCID-m4ms-vh59-ufbd |
|
| 17 |
| vulnerability |
VCID-n1r2-zqmn-2ufh |
|
| 18 |
| vulnerability |
VCID-rynq-d6tu-2ygg |
|
| 19 |
| vulnerability |
VCID-uw52-vah8-uqda |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.0.1t-1%252Bdeb8u8 |
|
| 1 |
|
|
| aliases |
CVE-2016-2180
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-d1w5-8ktx-cubx |
|
| 11 |
| url |
VCID-dspw-qctj-jufk |
| vulnerability_id |
VCID-dspw-qctj-jufk |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/openssl@1.0.1t-1%2Bdeb8u8 |
| purl |
pkg:deb/debian/openssl@1.0.1t-1%2Bdeb8u8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-249a-9kqa-p7an |
|
| 1 |
| vulnerability |
VCID-3pke-7yer-87hz |
|
| 2 |
| vulnerability |
VCID-4197-62g5-8ka3 |
|
| 3 |
| vulnerability |
VCID-448b-h78v-wfes |
|
| 4 |
| vulnerability |
VCID-4pe4-89ss-57am |
|
| 5 |
| vulnerability |
VCID-4wy2-zsz2-a3ew |
|
| 6 |
| vulnerability |
VCID-7gkv-pu79-43hx |
|
| 7 |
| vulnerability |
VCID-8fae-zjwu-47gz |
|
| 8 |
| vulnerability |
VCID-d1w5-8ktx-cubx |
|
| 9 |
| vulnerability |
VCID-dspw-qctj-jufk |
|
| 10 |
| vulnerability |
VCID-e6jy-vxau-jfba |
|
| 11 |
| vulnerability |
VCID-erdm-7pfg-e7hc |
|
| 12 |
| vulnerability |
VCID-fb66-4fr3-xye7 |
|
| 13 |
| vulnerability |
VCID-fgmh-6g91-9qgv |
|
| 14 |
| vulnerability |
VCID-g1bm-2aj1-kff9 |
|
| 15 |
| vulnerability |
VCID-k4k5-uhxu-gyc1 |
|
| 16 |
| vulnerability |
VCID-m4ms-vh59-ufbd |
|
| 17 |
| vulnerability |
VCID-n1r2-zqmn-2ufh |
|
| 18 |
| vulnerability |
VCID-rynq-d6tu-2ygg |
|
| 19 |
| vulnerability |
VCID-uw52-vah8-uqda |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.0.1t-1%252Bdeb8u8 |
|
| 1 |
|
|
| aliases |
CVE-2016-2182
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dspw-qctj-jufk |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
| url |
VCID-fgmh-6g91-9qgv |
| vulnerability_id |
VCID-fgmh-6g91-9qgv |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/openssl@1.0.1t-1%2Bdeb8u8 |
| purl |
pkg:deb/debian/openssl@1.0.1t-1%2Bdeb8u8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-249a-9kqa-p7an |
|
| 1 |
| vulnerability |
VCID-3pke-7yer-87hz |
|
| 2 |
| vulnerability |
VCID-4197-62g5-8ka3 |
|
| 3 |
| vulnerability |
VCID-448b-h78v-wfes |
|
| 4 |
| vulnerability |
VCID-4pe4-89ss-57am |
|
| 5 |
| vulnerability |
VCID-4wy2-zsz2-a3ew |
|
| 6 |
| vulnerability |
VCID-7gkv-pu79-43hx |
|
| 7 |
| vulnerability |
VCID-8fae-zjwu-47gz |
|
| 8 |
| vulnerability |
VCID-d1w5-8ktx-cubx |
|
| 9 |
| vulnerability |
VCID-dspw-qctj-jufk |
|
| 10 |
| vulnerability |
VCID-e6jy-vxau-jfba |
|
| 11 |
| vulnerability |
VCID-erdm-7pfg-e7hc |
|
| 12 |
| vulnerability |
VCID-fb66-4fr3-xye7 |
|
| 13 |
| vulnerability |
VCID-fgmh-6g91-9qgv |
|
| 14 |
| vulnerability |
VCID-g1bm-2aj1-kff9 |
|
| 15 |
| vulnerability |
VCID-k4k5-uhxu-gyc1 |
|
| 16 |
| vulnerability |
VCID-m4ms-vh59-ufbd |
|
| 17 |
| vulnerability |
VCID-n1r2-zqmn-2ufh |
|
| 18 |
| vulnerability |
VCID-rynq-d6tu-2ygg |
|
| 19 |
| vulnerability |
VCID-uw52-vah8-uqda |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.0.1t-1%252Bdeb8u8 |
|
| 1 |
|
|
| aliases |
CVE-2016-6302
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fgmh-6g91-9qgv |
|
| 16 |
| url |
VCID-g1bm-2aj1-kff9 |
| vulnerability_id |
VCID-g1bm-2aj1-kff9 |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/openssl@1.0.1t-1%2Bdeb8u8 |
| purl |
pkg:deb/debian/openssl@1.0.1t-1%2Bdeb8u8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-249a-9kqa-p7an |
|
| 1 |
| vulnerability |
VCID-3pke-7yer-87hz |
|
| 2 |
| vulnerability |
VCID-4197-62g5-8ka3 |
|
| 3 |
| vulnerability |
VCID-448b-h78v-wfes |
|
| 4 |
| vulnerability |
VCID-4pe4-89ss-57am |
|
| 5 |
| vulnerability |
VCID-4wy2-zsz2-a3ew |
|
| 6 |
| vulnerability |
VCID-7gkv-pu79-43hx |
|
| 7 |
| vulnerability |
VCID-8fae-zjwu-47gz |
|
| 8 |
| vulnerability |
VCID-d1w5-8ktx-cubx |
|
| 9 |
| vulnerability |
VCID-dspw-qctj-jufk |
|
| 10 |
| vulnerability |
VCID-e6jy-vxau-jfba |
|
| 11 |
| vulnerability |
VCID-erdm-7pfg-e7hc |
|
| 12 |
| vulnerability |
VCID-fb66-4fr3-xye7 |
|
| 13 |
| vulnerability |
VCID-fgmh-6g91-9qgv |
|
| 14 |
| vulnerability |
VCID-g1bm-2aj1-kff9 |
|
| 15 |
| vulnerability |
VCID-k4k5-uhxu-gyc1 |
|
| 16 |
| vulnerability |
VCID-m4ms-vh59-ufbd |
|
| 17 |
| vulnerability |
VCID-n1r2-zqmn-2ufh |
|
| 18 |
| vulnerability |
VCID-rynq-d6tu-2ygg |
|
| 19 |
| vulnerability |
VCID-uw52-vah8-uqda |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.0.1t-1%252Bdeb8u8 |
|
| 1 |
|
|
| aliases |
CVE-2016-6303
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-g1bm-2aj1-kff9 |
|
| 17 |
| url |
VCID-k4k5-uhxu-gyc1 |
| vulnerability_id |
VCID-k4k5-uhxu-gyc1 |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/openssl@1.0.1t-1%2Bdeb8u8 |
| purl |
pkg:deb/debian/openssl@1.0.1t-1%2Bdeb8u8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-249a-9kqa-p7an |
|
| 1 |
| vulnerability |
VCID-3pke-7yer-87hz |
|
| 2 |
| vulnerability |
VCID-4197-62g5-8ka3 |
|
| 3 |
| vulnerability |
VCID-448b-h78v-wfes |
|
| 4 |
| vulnerability |
VCID-4pe4-89ss-57am |
|
| 5 |
| vulnerability |
VCID-4wy2-zsz2-a3ew |
|
| 6 |
| vulnerability |
VCID-7gkv-pu79-43hx |
|
| 7 |
| vulnerability |
VCID-8fae-zjwu-47gz |
|
| 8 |
| vulnerability |
VCID-d1w5-8ktx-cubx |
|
| 9 |
| vulnerability |
VCID-dspw-qctj-jufk |
|
| 10 |
| vulnerability |
VCID-e6jy-vxau-jfba |
|
| 11 |
| vulnerability |
VCID-erdm-7pfg-e7hc |
|
| 12 |
| vulnerability |
VCID-fb66-4fr3-xye7 |
|
| 13 |
| vulnerability |
VCID-fgmh-6g91-9qgv |
|
| 14 |
| vulnerability |
VCID-g1bm-2aj1-kff9 |
|
| 15 |
| vulnerability |
VCID-k4k5-uhxu-gyc1 |
|
| 16 |
| vulnerability |
VCID-m4ms-vh59-ufbd |
|
| 17 |
| vulnerability |
VCID-n1r2-zqmn-2ufh |
|
| 18 |
| vulnerability |
VCID-rynq-d6tu-2ygg |
|
| 19 |
| vulnerability |
VCID-uw52-vah8-uqda |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.0.1t-1%252Bdeb8u8 |
|
| 1 |
|
|
| aliases |
CVE-2016-2179
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-k4k5-uhxu-gyc1 |
|
| 18 |
| url |
VCID-m4ms-vh59-ufbd |
| vulnerability_id |
VCID-m4ms-vh59-ufbd |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/openssl@1.0.1t-1%2Bdeb8u8 |
| purl |
pkg:deb/debian/openssl@1.0.1t-1%2Bdeb8u8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-249a-9kqa-p7an |
|
| 1 |
| vulnerability |
VCID-3pke-7yer-87hz |
|
| 2 |
| vulnerability |
VCID-4197-62g5-8ka3 |
|
| 3 |
| vulnerability |
VCID-448b-h78v-wfes |
|
| 4 |
| vulnerability |
VCID-4pe4-89ss-57am |
|
| 5 |
| vulnerability |
VCID-4wy2-zsz2-a3ew |
|
| 6 |
| vulnerability |
VCID-7gkv-pu79-43hx |
|
| 7 |
| vulnerability |
VCID-8fae-zjwu-47gz |
|
| 8 |
| vulnerability |
VCID-d1w5-8ktx-cubx |
|
| 9 |
| vulnerability |
VCID-dspw-qctj-jufk |
|
| 10 |
| vulnerability |
VCID-e6jy-vxau-jfba |
|
| 11 |
| vulnerability |
VCID-erdm-7pfg-e7hc |
|
| 12 |
| vulnerability |
VCID-fb66-4fr3-xye7 |
|
| 13 |
| vulnerability |
VCID-fgmh-6g91-9qgv |
|
| 14 |
| vulnerability |
VCID-g1bm-2aj1-kff9 |
|
| 15 |
| vulnerability |
VCID-k4k5-uhxu-gyc1 |
|
| 16 |
| vulnerability |
VCID-m4ms-vh59-ufbd |
|
| 17 |
| vulnerability |
VCID-n1r2-zqmn-2ufh |
|
| 18 |
| vulnerability |
VCID-rynq-d6tu-2ygg |
|
| 19 |
| vulnerability |
VCID-uw52-vah8-uqda |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.0.1t-1%252Bdeb8u8 |
|
| 1 |
|
|
| aliases |
CVE-2016-6306
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-m4ms-vh59-ufbd |
|
| 19 |
|
| 20 |
| url |
VCID-r6gj-vbqr-g7b7 |
| vulnerability_id |
VCID-r6gj-vbqr-g7b7 |
| summary |
Philip Mackenzie and Marius Schilder of Google informed us of Daniel Bleichenbacher's
recent presentation of a common implementation error in RSA signature verification,
a failure to account for extra data in the signature. For signatures with a small
exponent such as 3 it is possible for an attacker to calculate a value for this extra data to make an altered message appear to be correctly signed, allowing the signature to be forged.
Mozilla's Network Security Services (NSS) library was vulnerable to this flaw.Because the set of root Certificate Authorities that ship with Mozilla clients
contain some with an exponent of 3 it was possible to make up certificates,
such as SSL/TLS and email certificates, that were not detected as invalid.
This raised the possibility of the sort of Man-in-the-Middle attacks
SSL/TLS was invented to prevent.We thank Philip Mackenzie and Marius Schilder for bringing
this result to our attention and working with us to ensure the NSS library was
safe from variations on this basic attack. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/openssl@0.9.8c-4etch3%2Bm68k1 |
| purl |
pkg:deb/debian/openssl@0.9.8c-4etch3%2Bm68k1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-249a-9kqa-p7an |
|
| 1 |
| vulnerability |
VCID-3pke-7yer-87hz |
|
| 2 |
| vulnerability |
VCID-4197-62g5-8ka3 |
|
| 3 |
| vulnerability |
VCID-448b-h78v-wfes |
|
| 4 |
| vulnerability |
VCID-4pe4-89ss-57am |
|
| 5 |
| vulnerability |
VCID-4wy2-zsz2-a3ew |
|
| 6 |
| vulnerability |
VCID-7gkv-pu79-43hx |
|
| 7 |
| vulnerability |
VCID-81zk-xrsj-cufe |
|
| 8 |
| vulnerability |
VCID-8fae-zjwu-47gz |
|
| 9 |
| vulnerability |
VCID-atus-ryef-17h1 |
|
| 10 |
| vulnerability |
VCID-d1w5-8ktx-cubx |
|
| 11 |
| vulnerability |
VCID-dspw-qctj-jufk |
|
| 12 |
| vulnerability |
VCID-e6jy-vxau-jfba |
|
| 13 |
| vulnerability |
VCID-erdm-7pfg-e7hc |
|
| 14 |
| vulnerability |
VCID-fb66-4fr3-xye7 |
|
| 15 |
| vulnerability |
VCID-fgmh-6g91-9qgv |
|
| 16 |
| vulnerability |
VCID-g1bm-2aj1-kff9 |
|
| 17 |
| vulnerability |
VCID-k4k5-uhxu-gyc1 |
|
| 18 |
| vulnerability |
VCID-m4ms-vh59-ufbd |
|
| 19 |
| vulnerability |
VCID-n1r2-zqmn-2ufh |
|
| 20 |
| vulnerability |
VCID-rynq-d6tu-2ygg |
|
| 21 |
| vulnerability |
VCID-uw52-vah8-uqda |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@0.9.8c-4etch3%252Bm68k1 |
|
|
| aliases |
CVE-2006-4339
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r6gj-vbqr-g7b7 |
|
| 21 |
| url |
VCID-rynq-d6tu-2ygg |
| vulnerability_id |
VCID-rynq-d6tu-2ygg |
| summary |
multiple issues |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/openssl@1.0.1t-1%2Bdeb8u8 |
| purl |
pkg:deb/debian/openssl@1.0.1t-1%2Bdeb8u8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-249a-9kqa-p7an |
|
| 1 |
| vulnerability |
VCID-3pke-7yer-87hz |
|
| 2 |
| vulnerability |
VCID-4197-62g5-8ka3 |
|
| 3 |
| vulnerability |
VCID-448b-h78v-wfes |
|
| 4 |
| vulnerability |
VCID-4pe4-89ss-57am |
|
| 5 |
| vulnerability |
VCID-4wy2-zsz2-a3ew |
|
| 6 |
| vulnerability |
VCID-7gkv-pu79-43hx |
|
| 7 |
| vulnerability |
VCID-8fae-zjwu-47gz |
|
| 8 |
| vulnerability |
VCID-d1w5-8ktx-cubx |
|
| 9 |
| vulnerability |
VCID-dspw-qctj-jufk |
|
| 10 |
| vulnerability |
VCID-e6jy-vxau-jfba |
|
| 11 |
| vulnerability |
VCID-erdm-7pfg-e7hc |
|
| 12 |
| vulnerability |
VCID-fb66-4fr3-xye7 |
|
| 13 |
| vulnerability |
VCID-fgmh-6g91-9qgv |
|
| 14 |
| vulnerability |
VCID-g1bm-2aj1-kff9 |
|
| 15 |
| vulnerability |
VCID-k4k5-uhxu-gyc1 |
|
| 16 |
| vulnerability |
VCID-m4ms-vh59-ufbd |
|
| 17 |
| vulnerability |
VCID-n1r2-zqmn-2ufh |
|
| 18 |
| vulnerability |
VCID-rynq-d6tu-2ygg |
|
| 19 |
| vulnerability |
VCID-uw52-vah8-uqda |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/openssl@1.0.1t-1%252Bdeb8u8 |
|
| 1 |
|
|
| aliases |
CVE-2016-2178
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rynq-d6tu-2ygg |
|
| 22 |
|