var-201404-0592
Vulnerability from variot
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. LibYAML is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly sanitize user-supplied input. Successful exploits allow remote attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts likely result in denial-of-service conditions. Versions prior to LibYAML 0.1.6 are vulnerable. HP StoreEver ESL G3 Tape Libraries with MCB rev 2 OpenSSL version 1.0.1f for the following firmware versions:
671H_GS00601 665H_GS12501 663H_GS04601
HP StoreEver ESL G3 Tape Libraries with MCB rev 1 Open SSL version 1.0.1e in 655H firmware versions:
655H_GS10201
HP StoreEver Enterprise Library LTO-6 Tape Drives: all firmware versions. If the library firmware cannot be updated, HP recommends following the Mitigation Instructions below.
Mitigation Instructions
The following configuration options that allow access to the Heartbeat function in the vulnerable versions of OpenSSL are not enabled by default. Verify that the following options are "disabled" using the Tape Library GUI:
Product Configuration Options to Disable TLS Heartbeat Functions
Secure SMI-S CVTL User
Note: Disabling these features blocks the vulnerable OpenSSL function in both the ESL G3 Tape Library and the StoreEver Enterprise Library LTO-6 Tape Drives. The basic functionality of the library is not affected by these configuration changes and SSL access to the user interface is not affected by this configuration change or setting. vulnerability was detected in specific OpenSSL versions. vulnerability.
NOTE: The .Heartbleed. A new version of the CloudSystem Foundation component is provided, specified as version 8.01. All other CloudSystem download files remain at version 8.0. The combination of these files available at the link below make up the overall CloudSystem solution. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Multiple Vulnerabilities in Cisco TelePresence System MXP Series
Advisory ID: cisco-sa-20140430-mxp
Revision 1.0
For Public Release 2014 April 30 16:00 UTC (GMT)
Summary
Cisco TelePresence System MXP Series Software contains the following vulnerabilities: Three SIP denial of service vulnerabilities Three H.225 denial of service vulnerabilities
Successful exploitation of these vulnerabilities may allow an attacker to cause system instability and the affected system to reload. There are no workarounds that mitigate these vulnerabilities. ============================================================================ Ubuntu Security Notice USN-2165-1 April 07, 2014
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.10
- Ubuntu 12.10
- Ubuntu 12.04 LTS
Summary:
OpenSSL could be made to expose sensitive information over the network, possibly including private keys.
Software Description: - openssl: Secure Socket Layer (SSL) cryptographic library and tools
Details:
Neel Mehta discovered that OpenSSL incorrectly handled memory in the TLS heartbeat extension. An attacker could use this issue to obtain up to 64k of memory contents from the client or server, possibly leading to the disclosure of private keys and other sensitive information. (CVE-2014-0160)
Yuval Yarom and Naomi Benger discovered that OpenSSL incorrectly handled timing during swap operations in the Montgomery ladder implementation. An attacker could use this issue to perform side-channel attacks and possibly recover ECDSA nonces. (CVE-2014-0076)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 13.10: libssl1.0.0 1.0.1e-3ubuntu1.2
Ubuntu 12.10: libssl1.0.0 1.0.1c-3ubuntu2.7
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.12
After a standard system update you need to reboot your computer to make all the necessary changes. Since this issue may have resulted in compromised private keys, it is recommended to regenerate them.
References: http://www.ubuntu.com/usn/usn-2165-1 CVE-2014-0076, CVE-2014-0160
Package Information: https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.2 https://launchpad.net/ubuntu/+source/openssl/1.0.1c-3ubuntu2.7 https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.12 . Please see the table below. To obtain the updated firmware, follow the below steps to obtain the firmware Update. Obtain the firmware update from www.hp.com/go/support
Select "Drivers & Downloads". Enter the product name listed in the table below into the search field. Click on "Go". Click on the appropriate product. Under "Select operating system" select any Windows operating system from the list. Select the appropriate firmware update under "Firmware". This bulletin will be revised when the software updates are released.
Until the software updates are available, HP recommends restricting administrative access to the MSA on a secure and isolated private management network. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-11
http://security.gentoo.org/
Severity: Normal Title: AMD64 x86 emulation base libraries: Multiple vulnerabilities Date: December 12, 2014 Bugs: #196865, #335508, #483632, #508322 ID: 201412-11
Synopsis
Multiple vulnerabilities have been found in AMD64 x86 emulation base libraries, the worst of which may allow remote execution of arbitrary code.
Background
AMD64 x86 emulation base libraries provides pre-compiled 32-bit libraries.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-emulation/emul-linux-x86-baselibs < 20140406-r1 >= 20140406-r1
Description
Multiple vulnerabilities have been discovered in AMD64 x86 emulation base libraries. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All users of the AMD64 x86 emulation base libraries should upgrade to the latest version:
# emerge --sync # emerge -1av ">=app-emulation/emul-linux-x86-baselibs-20140406-r1"
NOTE: One or more of the issues described in this advisory have been fixed in previous updates. They are included in this advisory for the sake of completeness. It is likely that your system is already no longer affected by them.
References
[ 1 ] CVE-2007-0720 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0720 [ 2 ] CVE-2007-1536 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1536 [ 3 ] CVE-2007-2026 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2026 [ 4 ] CVE-2007-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2445 [ 5 ] CVE-2007-2741 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2741 [ 6 ] CVE-2007-3108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3108 [ 7 ] CVE-2007-4995 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4995 [ 8 ] CVE-2007-5116 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5116 [ 9 ] CVE-2007-5135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5135 [ 10 ] CVE-2007-5266 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5266 [ 11 ] CVE-2007-5268 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5268 [ 12 ] CVE-2007-5269 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5269 [ 13 ] CVE-2007-5849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5849 [ 14 ] CVE-2010-1205 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205 [ 15 ] CVE-2013-0338 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0338 [ 16 ] CVE-2013-0339 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0339 [ 17 ] CVE-2013-1664 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1664 [ 18 ] CVE-2013-1969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1969 [ 19 ] CVE-2013-2877 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877 [ 20 ] CVE-2014-0160 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0160
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201412-11.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3
AirPort Base Station Firmware Update 7.7.3 is now available and addresses the following:
Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An attacker in a privileged network position may obtain memory contents Description: An out-of-bounds read issue existed in the OpenSSL library when handling TLS heartbeat extension packets. An attacker in a privileged network position could obtain information from process memory. This issue was addressed through additional bounds checking. Only AirPort Extreme and AirPort Time Capsule base stations with 802.11ac are affected, and only if they have Back to My Mac or Send Diagnostics enabled. Other AirPort base stations are not impacted by this issue. CVE-ID CVE-2014-0160 : Riku, Antti, and Matti of Codenomicon and Neel Mehta of Google Security
Installation note for Firmware version 7.7.3
Firmware version 7.7.3 is installed on AirPort Extreme or AirPort Time Capsule base stations with 802.11ac using AirPort Utility for Mac or iOS.
Use AirPort Utility 6.3.1 or later on OS X, or AirPort Utility 1.3.1 or later on iOS to upgrade to Firmware version 7.7.3.
AirPort Utility for Mac is a free download from http://www.apple.com/support/downloads/ and AirPort Utility for iOS is a free download from the App Store. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04236102
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04236102 Version: 5
HPSBMU02995 rev.5 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2014-04-11 Last Updated: 2014-04-23
Potential Security Impact: Remote disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability.
Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software.
References: CVE-2014-0160 (SSRT101499)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Product Impacted HP Product Versions Notes
HP Service Manager v9.32, v9.33 Security bulletin HPSBGN03008: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04248997
HP Asset Manager v9.40, v9.40 CSC Security Bulletin HPSBMU03018: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04260505
HP UCMDB Browser v1.x, v2.x, v3.x Security bulletin HPSBMU03019: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04260353
note: APR enabled on Tomcat includes an affected OpenSSL version
HP UCMDB Configuration Manager v9.1x, v9.2x, v9.3x, v10.01, v10.10 Security bulletin HPSBMU03019: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04260353
HP CIT (ConnectIT) v9.52, v9.53 Security bulletin HPSBMU03017: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04260456
HP Executive Scorecard v9.40, v9.41
HP Server Automation v10.00, v10.01 Security bulletin HPSBGN03010: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04250814
HP Diagnostics v9.23, v9.23 IP1
HP LoadRunner v11.52, v12.0 note: Controller/load generator communication channel
HP Performance Center v11.52, v12.0 note: Controller/load generator communication channel
HP Autonomy WorkSite Server v9.0 SP1 (on-premises software) Security bulletin HPSBMU02999: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04239374
Impacted Versions table
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP Software is working to address this vulnerability for all affected product versions. HP Software will release product specific security bulletins for each impacted product. Each bulletin will include a patch and/or mitigation guideline. HP will update this bulletin with references to security bulletins for each product in the impacted versions table.
Note: OpenSSL is an external product embedded in HP products.
Bulletin Applicability:
This bulletin applies to each OpenSSL component that is embedded within the HP products listed in the security bulletin. The bulletin does not apply to any other 3rd party application (e.g. operating system, web server, or application server) that may be required to be installed by the customer according instructions in the product install guide.
To learn more about HP Software Incident Response, please visit http://www8.h p.com/us/en/software-solutions/enterprise-software-security-center/response-c enter.html .
Software updates are available from HP Software Support Online at http://support.openview.hp.com/downloads.jsp
HISTORY Version:1 (rev.1) - 11 April 2014 Initial release Version:2 (rev.2) - 13 April 2014 Added HP UCMDB Configuration Manager as impacted, updated HP UCMDB Browser impacted versions Version:3 (rev.3) - 17 April 2014 Added HP Software Autonomy WorkSite Server as impacted. Added security bulletin pointers for Service Manager, Server Automation and Worksite Server Version:4 (rev.4) - 18 April 2014 Changed impacted version list for UCMDB Browser Version:5 (rev.5) - 23 April 2014 Added security bulletins pointers for HP Asset Manager, HP UCMDB Browser, HP UCMDB Configuration Manager and HP CIT (ConnectIT)
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux)
iEYEARECAAYFAlNX3QEACgkQ4B86/C0qfVkq0QCfb4bmMN8zZV4uat0BdaeDQVvD NnAAmwS+9PMSnpjlE8uQgBjuIDMzhpd2 =F9O3 -----END PGP SIGNATURE----- . HP Multimedia Service Environment (MSE) 2.1.1 HP Network Interactive Voice Response (NIVR) 2.1.0, Reactive Patches 001, 002, 003 HP Network Interactive Voice Response (NIVR) 2.0.7, Reactive Patch 003
Only the MSE (ACM TMP) database set up with Replication using SSL is impacted for the above versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201404-0592",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "server",
"scope": "lt",
"trust": 1.0,
"vendor": "filezilla",
"version": "0.9.44"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "micollab",
"scope": "eq",
"trust": 1.0,
"vendor": "mitel",
"version": "7.3"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.1"
},
{
"model": "storage",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "mivoice",
"scope": "eq",
"trust": 1.0,
"vendor": "mitel",
"version": "1.1.3.3"
},
{
"model": "mivoice",
"scope": "eq",
"trust": 1.0,
"vendor": "mitel",
"version": "1.3.2.2"
},
{
"model": "simatic s7-1500t",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.5"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "wincc open architecture",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "3.12"
},
{
"model": "v100",
"scope": "eq",
"trust": 1.0,
"vendor": "intellian",
"version": "1.24"
},
{
"model": "splunk",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "6.0.3"
},
{
"model": "mivoice",
"scope": "eq",
"trust": 1.0,
"vendor": "mitel",
"version": "1.2.0.11"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.10"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "micollab",
"scope": "eq",
"trust": 1.0,
"vendor": "mitel",
"version": "6.0"
},
{
"model": "s9922l",
"scope": "eq",
"trust": 1.0,
"vendor": "ricon",
"version": "16.10.3\\(3794\\)"
},
{
"model": "v60",
"scope": "eq",
"trust": 1.0,
"vendor": "intellian",
"version": "1.25"
},
{
"model": "symantec messaging gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "10.6.1"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "micollab",
"scope": "eq",
"trust": 1.0,
"vendor": "mitel",
"version": "7.0"
},
{
"model": "micollab",
"scope": "eq",
"trust": 1.0,
"vendor": "mitel",
"version": "7.3.0.104"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "19"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "v100",
"scope": "eq",
"trust": 1.0,
"vendor": "intellian",
"version": "1.20"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "12.3"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "13.10"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "20"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "6.0"
},
{
"model": "openssl",
"scope": "lt",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1g"
},
{
"model": "v100",
"scope": "eq",
"trust": 1.0,
"vendor": "intellian",
"version": "1.21"
},
{
"model": "micollab",
"scope": "eq",
"trust": 1.0,
"vendor": "mitel",
"version": "7.1"
},
{
"model": "mivoice",
"scope": "eq",
"trust": 1.0,
"vendor": "mitel",
"version": "1.4.0.102"
},
{
"model": "cp 1543-1",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1"
},
{
"model": "splunk",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "6.0.0"
},
{
"model": "virtualization",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "v60",
"scope": "eq",
"trust": 1.0,
"vendor": "intellian",
"version": "1.15"
},
{
"model": "gluster storage",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "2.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.0.1"
},
{
"model": "application processing engine",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "mivoice",
"scope": "eq",
"trust": 1.0,
"vendor": "mitel",
"version": "1.1.2.5"
},
{
"model": "symantec messaging gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "10.6.0"
},
{
"model": "elan-8.2",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "8.3.3"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "micollab",
"scope": "eq",
"trust": 1.0,
"vendor": "mitel",
"version": "7.2"
},
{
"model": "simatic s7-1500",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.5"
},
{
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "3.1.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.3"
},
{
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "3.2"
},
{
"model": "libyaml",
"scope": "ne",
"trust": 0.3,
"vendor": "pyyaml",
"version": "0.1.6"
},
{
"model": "puppet enterprise",
"scope": "ne",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "3.2.2"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1"
},
{
"model": "chef",
"scope": "ne",
"trust": 0.3,
"vendor": "opscode",
"version": "1.4.9"
},
{
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "2.8.0"
},
{
"model": "chef",
"scope": "eq",
"trust": 0.3,
"vendor": "opscode",
"version": "1.4.8"
},
{
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "2.5.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "13.10"
},
{
"model": "puppet enterprise",
"scope": "ne",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "2.8.6"
},
{
"model": "patterson psych",
"scope": "ne",
"trust": 0.3,
"vendor": "aaron",
"version": "2.0.5"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.1"
},
{
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "2.7.2"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "common for rhel server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "libyaml",
"scope": "eq",
"trust": 0.3,
"vendor": "pyyaml",
"version": "0.1.3"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.2"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "openstack",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.0"
},
{
"model": "libyaml",
"scope": "eq",
"trust": 0.3,
"vendor": "pyyaml",
"version": "0.1.1"
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.10"
},
{
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "2.0"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux lts i386",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "3.0"
},
{
"model": "patterson psych",
"scope": "eq",
"trust": 0.3,
"vendor": "aaron",
"version": "2.0.4"
},
{
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "2.0.2"
},
{
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "3.0.1"
},
{
"model": "chef",
"scope": "ne",
"trust": 0.3,
"vendor": "opscode",
"version": "11.1.3"
},
{
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "3.1.2"
},
{
"model": "enterprise server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "2.5.1"
},
{
"model": "libyaml",
"scope": "eq",
"trust": 0.3,
"vendor": "pyyaml",
"version": "0.1.2"
},
{
"model": "libyaml",
"scope": "eq",
"trust": 0.3,
"vendor": "pyyaml",
"version": "0.0.1"
},
{
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "2.0.3"
},
{
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "3.1.1"
},
{
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "2.7.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "2.8.4"
},
{
"model": "enterprise server x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandrakesoft",
"version": "5"
},
{
"model": "chef",
"scope": "eq",
"trust": 0.3,
"vendor": "opscode",
"version": "11.1.2"
},
{
"model": "linux lts amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.9.5"
},
{
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "3.1"
},
{
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "2.6"
},
{
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "2.7"
},
{
"model": "openstack",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.0"
},
{
"model": "libyaml",
"scope": "eq",
"trust": 0.3,
"vendor": "pyyaml",
"version": "0.1.4"
},
{
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "2.8.3"
},
{
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "2.6.1"
},
{
"model": "chef",
"scope": "ne",
"trust": 0.3,
"vendor": "opscode",
"version": "11.0.12"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.37"
},
{
"model": "software collections for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "160"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1x8664"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "2.0.1"
},
{
"model": "libyaml",
"scope": "eq",
"trust": 0.3,
"vendor": "pyyaml",
"version": "0.1.5"
},
{
"model": "chef",
"scope": "eq",
"trust": 0.3,
"vendor": "opscode",
"version": "11.0.11"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "0"
},
{
"model": "puppet enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "puppetlabs",
"version": "2.8.2"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.10"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.0"
}
],
"sources": [
{
"db": "BID",
"id": "66478"
},
{
"db": "NVD",
"id": "CVE-2014-0160"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HP",
"sources": [
{
"db": "PACKETSTORM",
"id": "126360"
},
{
"db": "PACKETSTORM",
"id": "126165"
},
{
"db": "PACKETSTORM",
"id": "127749"
},
{
"db": "PACKETSTORM",
"id": "126283"
},
{
"db": "PACKETSTORM",
"id": "126458"
},
{
"db": "PACKETSTORM",
"id": "126563"
},
{
"db": "PACKETSTORM",
"id": "126450"
},
{
"db": "PACKETSTORM",
"id": "126304"
},
{
"db": "PACKETSTORM",
"id": "126208"
},
{
"db": "PACKETSTORM",
"id": "126774"
},
{
"db": "PACKETSTORM",
"id": "126454"
},
{
"db": "PACKETSTORM",
"id": "127279"
}
],
"trust": 1.2
},
"cve": "CVE-2014-0160",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-0160",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2014-0160",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0160",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2014-0160",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0160"
},
{
"db": "NVD",
"id": "CVE-2014-0160"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. LibYAML is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly sanitize user-supplied input. \nSuccessful exploits allow remote attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts likely result in denial-of-service conditions. \nVersions prior to LibYAML 0.1.6 are vulnerable. \nHP StoreEver ESL G3 Tape Libraries with MCB rev 2 OpenSSL version 1.0.1f for\nthe following firmware versions:\n\n671H_GS00601\n665H_GS12501\n663H_GS04601\n\nHP StoreEver ESL G3 Tape Libraries with MCB rev 1 Open SSL version 1.0.1e in\n655H firmware versions:\n\n655H_GS10201\n\nHP StoreEver Enterprise Library LTO-6 Tape Drives: all firmware versions. \nIf the library firmware cannot be updated, HP recommends following the\nMitigation Instructions below. \n\nMitigation Instructions\n\nThe following configuration options that allow access to the Heartbeat\nfunction in the vulnerable versions of OpenSSL are not enabled by default. \nVerify that the following options are \"disabled\" using the Tape Library GUI:\n\nProduct Configuration Options to Disable TLS Heartbeat Functions\n\nSecure SMI-S\nCVTL User\n\nNote: Disabling these features blocks the vulnerable OpenSSL function in both\nthe ESL G3 Tape Library and the StoreEver Enterprise Library LTO-6 Tape\nDrives. The basic functionality of the library is not affected by these\nconfiguration changes and SSL access to the user interface is not affected by\nthis configuration change or setting. vulnerability was detected in specific OpenSSL versions. vulnerability. \n\nNOTE: The .Heartbleed. A new version of the CloudSystem Foundation component\nis provided, specified as version 8.01. All other CloudSystem download files\nremain at version 8.0. The combination of these files available at the link\nbelow make up the overall CloudSystem solution. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nMultiple Vulnerabilities in Cisco TelePresence System MXP Series\n\nAdvisory ID: cisco-sa-20140430-mxp\n\nRevision 1.0\n\nFor Public Release 2014 April 30 16:00 UTC (GMT)\n\nSummary\n=======\n\nCisco TelePresence System MXP Series Software contains the following vulnerabilities:\n\tThree SIP denial of service vulnerabilities\n\tThree H.225 denial of service vulnerabilities\n\nSuccessful exploitation of these vulnerabilities may allow an attacker to cause system instability and the affected system to reload. \nThere are no workarounds that mitigate these vulnerabilities. ============================================================================\nUbuntu Security Notice USN-2165-1\nApril 07, 2014\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 13.10\n- Ubuntu 12.10\n- Ubuntu 12.04 LTS\n\nSummary:\n\nOpenSSL could be made to expose sensitive information over the network,\npossibly including private keys. \n\nSoftware Description:\n- openssl: Secure Socket Layer (SSL) cryptographic library and tools\n\nDetails:\n\nNeel Mehta discovered that OpenSSL incorrectly handled memory in the TLS\nheartbeat extension. An attacker could use this issue to obtain up to 64k\nof memory contents from the client or server, possibly leading to the\ndisclosure of private keys and other sensitive information. (CVE-2014-0160)\n\nYuval Yarom and Naomi Benger discovered that OpenSSL incorrectly handled\ntiming during swap operations in the Montgomery ladder implementation. An\nattacker could use this issue to perform side-channel attacks and possibly\nrecover ECDSA nonces. (CVE-2014-0076)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 13.10:\n libssl1.0.0 1.0.1e-3ubuntu1.2\n\nUbuntu 12.10:\n libssl1.0.0 1.0.1c-3ubuntu2.7\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.12\n\nAfter a standard system update you need to reboot your computer to make all\nthe necessary changes. Since this issue may have resulted in compromised\nprivate keys, it is recommended to regenerate them. \n\nReferences:\n http://www.ubuntu.com/usn/usn-2165-1\n CVE-2014-0076, CVE-2014-0160\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.2\n https://launchpad.net/ubuntu/+source/openssl/1.0.1c-3ubuntu2.7\n https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.12\n. Please see\nthe table below. To obtain the updated firmware, follow the below steps to\nobtain the firmware Update. Obtain the firmware update from\nwww.hp.com/go/support\n\nSelect \"Drivers \u0026 Downloads\". \nEnter the product name listed in the table below into the search field. \nClick on \"Go\". \nClick on the appropriate product. \nUnder \"Select operating system\" select any Windows operating system from the\nlist. \nSelect the appropriate firmware update under \"Firmware\". This bulletin will be revised when the\nsoftware updates are released. \n\nUntil the software updates are available, HP recommends restricting\nadministrative access to the MSA on a secure and isolated private management\nnetwork. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201412-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: AMD64 x86 emulation base libraries: Multiple vulnerabilities\n Date: December 12, 2014\n Bugs: #196865, #335508, #483632, #508322\n ID: 201412-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in AMD64 x86 emulation base\nlibraries, the worst of which may allow remote execution of arbitrary\ncode. \n\nBackground\n==========\n\nAMD64 x86 emulation base libraries provides pre-compiled 32-bit\nlibraries. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-emulation/emul-linux-x86-baselibs\n \u003c 20140406-r1 \u003e= 20140406-r1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in AMD64 x86 emulation\nbase libraries. Please review the CVE identifiers referenced below for\ndetails. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll users of the AMD64 x86 emulation base libraries should upgrade to\nthe latest version:\n\n # emerge --sync\n # emerge -1av \"\u003e=app-emulation/emul-linux-x86-baselibs-20140406-r1\"\n\nNOTE: One or more of the issues described in this advisory have been\nfixed in previous updates. They are included in this advisory for the\nsake of completeness. It is likely that your system is already no\nlonger affected by them. \n\nReferences\n==========\n\n[ 1 ] CVE-2007-0720\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0720\n[ 2 ] CVE-2007-1536\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1536\n[ 3 ] CVE-2007-2026\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2026\n[ 4 ] CVE-2007-2445\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2445\n[ 5 ] CVE-2007-2741\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2741\n[ 6 ] CVE-2007-3108\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3108\n[ 7 ] CVE-2007-4995\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4995\n[ 8 ] CVE-2007-5116\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5116\n[ 9 ] CVE-2007-5135\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5135\n[ 10 ] CVE-2007-5266\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5266\n[ 11 ] CVE-2007-5268\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5268\n[ 12 ] CVE-2007-5269\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5269\n[ 13 ] CVE-2007-5849\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5849\n[ 14 ] CVE-2010-1205\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1205\n[ 15 ] CVE-2013-0338\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0338\n[ 16 ] CVE-2013-0339\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0339\n[ 17 ] CVE-2013-1664\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1664\n[ 18 ] CVE-2013-1969\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1969\n[ 19 ] CVE-2013-2877\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877\n[ 20 ] CVE-2014-0160\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0160\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201412-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2014-04-22-4 AirPort Base Station Firmware Update 7.7.3\n\nAirPort Base Station Firmware Update 7.7.3 is now available and\naddresses the following:\n\nAvailable for:\nAirPort Extreme and AirPort Time Capsule base stations with 802.11ac\nImpact: An attacker in a privileged network position may obtain\nmemory contents\nDescription: An out-of-bounds read issue existed in the OpenSSL\nlibrary when handling TLS heartbeat extension packets. An attacker in\na privileged network position could obtain information from process\nmemory. This issue was addressed through additional bounds checking. \nOnly AirPort Extreme and AirPort Time Capsule base stations with\n802.11ac are affected, and only if they have Back to My Mac or Send\nDiagnostics enabled. Other AirPort base stations are not impacted by\nthis issue. \nCVE-ID\nCVE-2014-0160 : Riku, Antti, and Matti of Codenomicon and Neel Mehta\nof Google Security\n\n\nInstallation note for Firmware version 7.7.3\n\nFirmware version 7.7.3 is installed on AirPort Extreme or AirPort\nTime Capsule base stations with 802.11ac using AirPort Utility for\nMac or iOS. \n\nUse AirPort Utility 6.3.1 or later on OS X, or AirPort Utility 1.3.1\nor later on iOS to upgrade to Firmware version 7.7.3. \n\nAirPort Utility for Mac is a free download from\nhttp://www.apple.com/support/downloads/ and AirPort Utility for iOS\nis a free download from the App Store. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04236102\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04236102\nVersion: 5\n\nHPSBMU02995 rev.5 - HP Software HP Service Manager, Asset Manager, UCMDB\nBrowser, UCMDB Configuration Manager, Executive Scorecard, Server Automation,\nDiagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote\nDisclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2014-04-11\nLast Updated: 2014-04-23\n\nPotential Security Impact: Remote disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nThe Heartbleed vulnerability was detected in specific OpenSSL versions. \nOpenSSL is a 3rd party product that is embedded with some of HP Software\nproducts. This bulletin objective is to notify HP Software customers about\nproducts affected by the Heartbleed vulnerability. \n\nNote: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found\nin the OpenSSL product cryptographic software library product. This weakness\npotentially allows disclosure of information protected, under normal\nconditions, by the SSL/TLS protocol. The impacted products appear in the list\nbelow are vulnerable due to embedding OpenSSL standard release software. \n\nReferences: CVE-2014-0160 (SSRT101499)\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Product\n Impacted HP Product Versions\n Notes\n\nHP Service Manager\n v9.32, v9.33\n Security bulletin HPSBGN03008: https://h20564.www2.hp.com/portal/site/hpsc/p\nublic/kb/docDisplay/?docId=emr_na-c04248997\n\nHP Asset Manager\n v9.40, v9.40 CSC\n Security Bulletin HPSBMU03018: https://h20564.www2.hp.com/portal/site/hpsc/p\nublic/kb/docDisplay/?docId=emr_na-c04260505\n\nHP UCMDB Browser\n v1.x, v2.x, v3.x\n Security bulletin HPSBMU03019: https://h20564.www2.hp.com/portal/site/hpsc/p\nublic/kb/docDisplay/?docId=emr_na-c04260353\n\nnote: APR enabled on Tomcat includes an affected OpenSSL version\n\nHP UCMDB Configuration Manager\n v9.1x, v9.2x, v9.3x, v10.01, v10.10\n Security bulletin HPSBMU03019: https://h20564.www2.hp.com/portal/site/hpsc/p\nublic/kb/docDisplay/?docId=emr_na-c04260353\n\nHP CIT (ConnectIT)\n v9.52, v9.53\n Security bulletin HPSBMU03017: https://h20564.www2.hp.com/portal/site/hpsc/p\nublic/kb/docDisplay/?docId=emr_na-c04260456\n\nHP Executive Scorecard\n v9.40, v9.41\n\nHP Server Automation\n v10.00, v10.01\n Security bulletin HPSBGN03010: https://h20564.www2.hp.com/portal/site/hpsc/p\nublic/kb/docDisplay/?docId=emr_na-c04250814\n\nHP Diagnostics\n v9.23, v9.23 IP1\n\nHP LoadRunner\n v11.52, v12.0\n note: Controller/load generator communication channel\n\nHP Performance Center\n v11.52, v12.0\n note: Controller/load generator communication channel\n\nHP Autonomy WorkSite Server\n v9.0 SP1 (on-premises software)\n Security bulletin HPSBMU02999: https://h20564.www2.hp.com/portal/site/hpsc/p\nublic/kb/docDisplay/?docId=emr_na-c04239374\n\nImpacted Versions table\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-0160 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP Software is working to address this vulnerability for all affected product\nversions. HP Software will release product specific security bulletins for\neach impacted product. Each bulletin will include a patch and/or mitigation\nguideline. HP will update this bulletin with references to security bulletins\nfor each product in the impacted versions table. \n\nNote: OpenSSL is an external product embedded in HP products. \n\nBulletin Applicability:\n\nThis bulletin applies to each OpenSSL component that is embedded within the\nHP products listed in the security bulletin. The bulletin does not apply to\nany other 3rd party application (e.g. operating system, web server, or\napplication server) that may be required to be installed by the customer\naccording instructions in the product install guide. \n\nTo learn more about HP Software Incident Response, please visit http://www8.h\np.com/us/en/software-solutions/enterprise-software-security-center/response-c\nenter.html . \n\nSoftware updates are available from HP Software Support Online at\nhttp://support.openview.hp.com/downloads.jsp\n\nHISTORY\nVersion:1 (rev.1) - 11 April 2014 Initial release\nVersion:2 (rev.2) - 13 April 2014 Added HP UCMDB Configuration Manager as\nimpacted, updated HP UCMDB Browser impacted versions\nVersion:3 (rev.3) - 17 April 2014 Added HP Software Autonomy WorkSite Server\nas impacted. Added security bulletin pointers for Service Manager, Server\nAutomation and Worksite Server\nVersion:4 (rev.4) - 18 April 2014 Changed impacted version list for UCMDB\nBrowser\nVersion:5 (rev.5) - 23 April 2014 Added security bulletins pointers for HP\nAsset Manager, HP UCMDB Browser, HP UCMDB Configuration Manager and HP CIT\n(ConnectIT)\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (GNU/Linux)\n\niEYEARECAAYFAlNX3QEACgkQ4B86/C0qfVkq0QCfb4bmMN8zZV4uat0BdaeDQVvD\nNnAAmwS+9PMSnpjlE8uQgBjuIDMzhpd2\n=F9O3\n-----END PGP SIGNATURE-----\n. \nHP Multimedia Service Environment (MSE) 2.1.1\nHP Network Interactive Voice Response (NIVR) 2.1.0, Reactive Patches 001,\n002, 003\nHP Network Interactive Voice Response (NIVR) 2.0.7, Reactive Patch 003\n\nOnly the MSE (ACM TMP) database set up with Replication using SSL is impacted\nfor the above versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0160"
},
{
"db": "BID",
"id": "66478"
},
{
"db": "PACKETSTORM",
"id": "126450"
},
{
"db": "PACKETSTORM",
"id": "127279"
},
{
"db": "PACKETSTORM",
"id": "126454"
},
{
"db": "PACKETSTORM",
"id": "126420"
},
{
"db": "PACKETSTORM",
"id": "126045"
},
{
"db": "PACKETSTORM",
"id": "126774"
},
{
"db": "PACKETSTORM",
"id": "126208"
},
{
"db": "PACKETSTORM",
"id": "126304"
},
{
"db": "VULMON",
"id": "CVE-2014-0160"
},
{
"db": "PACKETSTORM",
"id": "126458"
},
{
"db": "PACKETSTORM",
"id": "129524"
},
{
"db": "PACKETSTORM",
"id": "126285"
},
{
"db": "PACKETSTORM",
"id": "126283"
},
{
"db": "PACKETSTORM",
"id": "127749"
},
{
"db": "PACKETSTORM",
"id": "126165"
},
{
"db": "PACKETSTORM",
"id": "126360"
},
{
"db": "PACKETSTORM",
"id": "126563"
}
],
"trust": 2.7
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=32745",
"trust": 0.4,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0160"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0160",
"trust": 3.0
},
{
"db": "SECUNIA",
"id": "57721",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59243",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "57836",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "57968",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59347",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "57966",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "57483",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "57347",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59139",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1030079",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1030074",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1030081",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1030080",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1030026",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1030077",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1030082",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1030078",
"trust": 1.1
},
{
"db": "BID",
"id": "66690",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "32745",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "32764",
"trust": 1.1
},
{
"db": "USCERT",
"id": "TA14-098A",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-635659",
"trust": 1.1
},
{
"db": "CERT/CC",
"id": "VU#720951",
"trust": 1.1
},
{
"db": "OCERT",
"id": "OCERT-2014-003",
"trust": 0.3
},
{
"db": "BID",
"id": "66478",
"trust": 0.3
},
{
"db": "ICS CERT",
"id": "ICSA-14-135-02",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-0160",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126360",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126165",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127749",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126283",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126285",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129524",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126458",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126563",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126450",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126304",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126208",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126774",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126045",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126420",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126454",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "127279",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0160"
},
{
"db": "BID",
"id": "66478"
},
{
"db": "PACKETSTORM",
"id": "126360"
},
{
"db": "PACKETSTORM",
"id": "126165"
},
{
"db": "PACKETSTORM",
"id": "127749"
},
{
"db": "PACKETSTORM",
"id": "126283"
},
{
"db": "PACKETSTORM",
"id": "126285"
},
{
"db": "PACKETSTORM",
"id": "129524"
},
{
"db": "PACKETSTORM",
"id": "126458"
},
{
"db": "PACKETSTORM",
"id": "126563"
},
{
"db": "PACKETSTORM",
"id": "126450"
},
{
"db": "PACKETSTORM",
"id": "126304"
},
{
"db": "PACKETSTORM",
"id": "126208"
},
{
"db": "PACKETSTORM",
"id": "126774"
},
{
"db": "PACKETSTORM",
"id": "126045"
},
{
"db": "PACKETSTORM",
"id": "126420"
},
{
"db": "PACKETSTORM",
"id": "126454"
},
{
"db": "PACKETSTORM",
"id": "127279"
},
{
"db": "NVD",
"id": "CVE-2014-0160"
}
]
},
"id": "VAR-201404-0592",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6038711649999999
},
"last_update_date": "2024-11-29T20:38:22.105000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2017/01/23/heartbleed_2017/"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2014/04/24/apple_posts_updates_for_heartbleed_flaw_in_airport/"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2014/04/11/hackers_hammering_heartbleed/"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2014/04/09/heartbleed_vuln_analysis/"
},
{
"title": "Debian CVElist Bug Report Logs: CVE-2014-0160 heartbeat read overrun (heartbleed)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=e4799ab8fe4804274ba2db4d65cd867b"
},
{
"title": "Debian Security Advisories: DSA-2896-1 openssl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=264ec318be06a69e28012f62b2dc5bb7"
},
{
"title": "Ubuntu Security Notice: openssl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2165-1"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2014-0160 "
},
{
"title": "exploits",
"trust": 0.1,
"url": "https://github.com/vs4vijay/exploits "
},
{
"title": "VULNIX",
"trust": 0.1,
"url": "https://github.com/El-Palomo/VULNIX "
},
{
"title": "openssl-heartbleed-fix",
"trust": 0.1,
"url": "https://github.com/sammyfung/openssl-heartbleed-fix "
},
{
"title": "cve-2014-0160",
"trust": 0.1,
"url": "https://github.com/cved-sources/cve-2014-0160 "
},
{
"title": "heartbleed_check",
"trust": 0.1,
"url": "https://github.com/ehoffmann-cp/heartbleed_check "
},
{
"title": "heartbleed",
"trust": 0.1,
"url": "https://github.com/okrutnik420/heartbleed "
},
{
"title": "heartbleed-test.crx",
"trust": 0.1,
"url": "https://github.com/iwaffles/heartbleed-test.crx "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Maheshmaske111/te "
},
{
"title": "AradSocket",
"trust": 0.1,
"url": "https://github.com/araditc/AradSocket "
},
{
"title": "sslscan",
"trust": 0.1,
"url": "https://github.com/kaisenlinux/sslscan "
},
{
"title": "Springboard_Capstone_Project",
"trust": 0.1,
"url": "https://github.com/jonahwinninghoff/Springboard_Capstone_Project "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/MrE-Fog/heartbleeder "
},
{
"title": "buffer_overflow_exploit",
"trust": 0.1,
"url": "https://github.com/olivamadrigal/buffer_overflow_exploit "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/ashrafulislamcs/Ubuntu-Server-Hardening "
},
{
"title": "insecure_project",
"trust": 0.1,
"url": "https://github.com/turtlesec-no/insecure_project "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Maheshmaske111/ssl "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/H4R335HR/heartbleed "
},
{
"title": "nmap-scripts",
"trust": 0.1,
"url": "https://github.com/takeshixx/nmap-scripts "
},
{
"title": "knockbleed",
"trust": 0.1,
"url": "https://github.com/siddolo/knockbleed "
},
{
"title": "heartbleed-masstest",
"trust": 0.1,
"url": "https://github.com/musalbas/heartbleed-masstest "
},
{
"title": "HeartBleedDotNet",
"trust": 0.1,
"url": "https://github.com/ShawInnes/HeartBleedDotNet "
},
{
"title": "heartbleed_test_openvpn",
"trust": 0.1,
"url": "https://github.com/weisslj/heartbleed_test_openvpn "
},
{
"title": "paraffin",
"trust": 0.1,
"url": "https://github.com/vmeurisse/paraffin "
},
{
"title": "sslscan",
"trust": 0.1,
"url": "https://github.com/rbsec/sslscan "
},
{
"title": "Heartbleed_Dockerfile_with_Nginx",
"trust": 0.1,
"url": "https://github.com/froyo75/Heartbleed_Dockerfile_with_Nginx "
},
{
"title": "heartbleed-bug",
"trust": 0.1,
"url": "https://github.com/cldme/heartbleed-bug "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/H4CK3RT3CH/awesome-web-hacking "
},
{
"title": "Web-Hacking",
"trust": 0.1,
"url": "https://github.com/adm0i/Web-Hacking "
},
{
"title": "cybersecurity-ethical-hacking",
"trust": 0.1,
"url": "https://github.com/paulveillard/cybersecurity-ethical-hacking "
},
{
"title": "Lastest-Web-Hacking-Tools-vol-I",
"trust": 0.1,
"url": "https://github.com/SARATOGAMarine/Lastest-Web-Hacking-Tools-vol-I "
},
{
"title": "HTBValentineWriteup",
"trust": 0.1,
"url": "https://github.com/zimmel15/HTBValentineWriteup "
},
{
"title": "heartbleed-poc",
"trust": 0.1,
"url": "https://github.com/sensepost/heartbleed-poc "
},
{
"title": "CVE-2014-0160",
"trust": 0.1,
"url": "https://github.com/0x90/CVE-2014-0160 "
},
{
"title": "Certified-Ethical-Hacker-Exam-CEH-v10",
"trust": 0.1,
"url": "https://github.com/Tung0801/Certified-Ethical-Hacker-Exam-CEH-v10 "
},
{
"title": "cs558heartbleed",
"trust": 0.1,
"url": "https://github.com/gkaptch1/cs558heartbleed "
},
{
"title": "HeartBleed",
"trust": 0.1,
"url": "https://github.com/archaic-magnon/HeartBleed "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/undacmic/heartbleed-proof-of-concept "
},
{
"title": "openvpn-jookk",
"trust": 0.1,
"url": "https://github.com/Jeypi04/openvpn-jookk "
},
{
"title": "Heartbleed",
"trust": 0.1,
"url": "https://github.com/Saiprasad16/Heartbleed "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/KickFootCode/LoveYouALL "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/imesecan/LeakReducer-artifacts "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/TVernet/Kali-Tools-liste-et-description "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/k4u5h41/Heartbleed "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/ronaldogdm/Heartbleed "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/rochacbruno/my-awesome-stars "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/asadhasan73/temp_comp_sec "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Aakaashzz/Heartbleed "
},
{
"title": "tls-channel",
"trust": 0.1,
"url": "https://github.com/marianobarrios/tls-channel "
},
{
"title": "fuzzx_cpp_demo",
"trust": 0.1,
"url": "https://github.com/guardstrikelab/fuzzx_cpp_demo "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Ppamo/recon_net_tools "
},
{
"title": "heatbleeding",
"trust": 0.1,
"url": "https://github.com/idkqh7/heatbleeding "
},
{
"title": "HeartBleed-Vulnerability-Checker",
"trust": 0.1,
"url": "https://github.com/waqasjamal/HeartBleed-Vulnerability-Checker "
},
{
"title": "heartbleed",
"trust": 0.1,
"url": "https://github.com/iSCInc/heartbleed "
},
{
"title": "heartbleed-dtls",
"trust": 0.1,
"url": "https://github.com/hreese/heartbleed-dtls "
},
{
"title": "heartbleedchecker",
"trust": 0.1,
"url": "https://github.com/roganartu/heartbleedchecker "
},
{
"title": "nmap-heartbleed",
"trust": 0.1,
"url": "https://github.com/azet/nmap-heartbleed "
},
{
"title": "sslscan",
"trust": 0.1,
"url": "https://github.com/delishen/sslscan "
},
{
"title": "web-hacking",
"trust": 0.1,
"url": "https://github.com/hr-beast/web-hacking "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Miss-Brain/Web-Application-Security "
},
{
"title": "web-hacking",
"trust": 0.1,
"url": "https://github.com/Hemanthraju02/web-hacking "
},
{
"title": "awesome-web-hacking",
"trust": 0.1,
"url": "https://github.com/QWERTSKIHACK/awesome-web-hacking "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/himera25/web-hacking-list "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/dorota-fiit/bp-Heartbleed-defense-game "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Maheshmaske111/sslscan "
},
{
"title": "Heart-bleed",
"trust": 0.1,
"url": "https://github.com/anonymouse327311/Heart-bleed "
},
{
"title": "goScan",
"trust": 0.1,
"url": "https://github.com/stackviolator/goScan "
},
{
"title": "sec-tool-list",
"trust": 0.1,
"url": "https://github.com/alphaSeclab/sec-tool-list "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/utensil/awesome-stars-test "
},
{
"title": "insecure-cplusplus-dojo",
"trust": 0.1,
"url": "https://github.com/patricia-gallardo/insecure-cplusplus-dojo "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/jubalh/awesome-package-maintainer "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Elnatty/tryhackme_labs "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/hzuiw33/OpenSSL "
},
{
"title": "makeItBleed",
"trust": 0.1,
"url": "https://github.com/mcampa/makeItBleed "
},
{
"title": "CVE-2014-0160-Chrome-Plugin",
"trust": 0.1,
"url": "https://github.com/Xyl2k/CVE-2014-0160-Chrome-Plugin "
},
{
"title": "heartbleedfixer.com",
"trust": 0.1,
"url": "https://github.com/reenhanced/heartbleedfixer.com "
},
{
"title": "CVE-2014-0160-Scanner",
"trust": 0.1,
"url": "https://github.com/obayesshelton/CVE-2014-0160-Scanner "
},
{
"title": "openmagic",
"trust": 0.1,
"url": "https://github.com/isgroup-srl/openmagic "
},
{
"title": "heartbleeder",
"trust": 0.1,
"url": "https://github.com/titanous/heartbleeder "
},
{
"title": "cardiac-arrest",
"trust": 0.1,
"url": "https://github.com/ah8r/cardiac-arrest "
},
{
"title": "heartbleed_openvpn_poc",
"trust": 0.1,
"url": "https://github.com/tam7t/heartbleed_openvpn_poc "
},
{
"title": "docker-wheezy-with-heartbleed",
"trust": 0.1,
"url": "https://github.com/simonswine/docker-wheezy-with-heartbleed "
},
{
"title": "docker-testssl",
"trust": 0.1,
"url": "https://github.com/mbentley/docker-testssl "
},
{
"title": "heartbleedscanner",
"trust": 0.1,
"url": "https://github.com/hybridus/heartbleedscanner "
},
{
"title": "HeartLeak",
"trust": 0.1,
"url": "https://github.com/OffensivePython/HeartLeak "
},
{
"title": "HBL",
"trust": 0.1,
"url": "https://github.com/ssc-oscar/HBL "
},
{
"title": "awesome-stars",
"trust": 0.1,
"url": "https://github.com/utensil/awesome-stars "
},
{
"title": "SecurityTesting_web-hacking",
"trust": 0.1,
"url": "https://github.com/mostakimur/SecurityTesting_web-hacking "
},
{
"title": "awesome-web-hacking",
"trust": 0.1,
"url": "https://github.com/winterwolf32/awesome-web-hacking "
},
{
"title": "awesome-web-hacking-1",
"trust": 0.1,
"url": "https://github.com/winterwolf32/awesome-web-hacking-1 "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Mehedi-Babu/ethical_hacking_cyber "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/drakyanerlanggarizkiwardhana/awesome-web-hacking "
},
{
"title": "awesome-web-hacking",
"trust": 0.1,
"url": "https://github.com/thanshurc/awesome-web-hacking "
},
{
"title": "hack",
"trust": 0.1,
"url": "https://github.com/nvnpsplt/hack "
},
{
"title": "awesome-web-hacking",
"trust": 0.1,
"url": "https://github.com/noname1007/awesome-web-hacking "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/ImranTheThirdEye/awesome-web-hacking "
},
{
"title": "web-hacking",
"trust": 0.1,
"url": "https://github.com/Ondrik8/web-hacking "
},
{
"title": "CheckSSL-ciphersuite",
"trust": 0.1,
"url": "https://github.com/kal1gh0st/CheckSSL-ciphersuite "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/undacmic/HeartBleed-Demo "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/MrE-Fog/ssl-heartbleed.nse "
},
{
"title": "welivesecurity",
"trust": 0.1,
"url": "https://www.welivesecurity.com/2015/08/03/worlds-biggest-bug-bounty-payouts/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/oracle-gives-heartbleed-update-patches-14-products/105576/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0160"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0160"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160"
},
{
"trust": 1.4,
"url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"
},
{
"trust": 1.4,
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"
},
{
"trust": 1.4,
"url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
},
{
"trust": 1.4,
"url": "http://www.getchef.com/blog/2014/04/09/chef-server-heartbleed-cve-2014-0160-releases/"
},
{
"trust": 1.2,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140409-heartbleed"
},
{
"trust": 1.2,
"url": "http://www.ubuntu.com/usn/usn-2165-1"
},
{
"trust": 1.2,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 1.2,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 1.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1084875"
},
{
"trust": 1.1,
"url": "http://www.openssl.org/news/secadv_20140407.txt"
},
{
"trust": 1.1,
"url": "http://heartbleed.com/"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1030078"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2014/apr/109"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2014/apr/190"
},
{
"trust": 1.1,
"url": "https://lists.balabit.hu/pipermail/syslog-ng-announce/2014-april/000184.html"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2014-0376.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2014-0396.html"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1030082"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/57347"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139722163017074\u0026w=2"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1030077"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670161"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2014/dsa-2896"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2014-0377.html"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1030080"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-april/131221.html"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1030074"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2014/apr/90"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1030081"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2014-0378.html"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2014/apr/91"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/57483"
},
{
"trust": 1.1,
"url": "http://www.splunk.com/view/sp-caaamb3"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-april/131291.html"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1030079"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/57721"
},
{
"trust": 1.1,
"url": "http://www.blackberry.com/btsc/kb35882"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1030026"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00005.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/66690"
},
{
"trust": 1.1,
"url": "http://www.us-cert.gov/ncas/alerts/ta14-098a"
},
{
"trust": 1.1,
"url": "http://blog.fox-it.com/2014/04/08/openssl-heartbleed-bug-live-blog/"
},
{
"trust": 1.1,
"url": "https://blog.torproject.org/blog/openssl-bug-cve-2014-0160"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/57966"
},
{
"trust": 1.1,
"url": "http://www.f-secure.com/en/web/labs_global/fsc-2014-1"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2014/apr/173"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/57968"
},
{
"trust": 1.1,
"url": "https://code.google.com/p/mod-spdy/issues/detail?id=85"
},
{
"trust": 1.1,
"url": "http://www.exploit-db.com/exploits/32745"
},
{
"trust": 1.1,
"url": "http://www.kb.cert.org/vuls/id/720951"
},
{
"trust": 1.1,
"url": "https://www.cert.fi/en/reports/2014/vulnerability788210.html"
},
{
"trust": 1.1,
"url": "http://www.exploit-db.com/exploits/32764"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/57836"
},
{
"trust": 1.1,
"url": "https://gist.github.com/chapmajs/10473815"
},
{
"trust": 1.1,
"url": "http://cogentdatahub.com/releasenotes.html"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139905458328378\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139869891830365\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139889113431619\u0026w=2"
},
{
"trust": 1.1,
"url": "http://public.support.unisys.com/common/public/vulnerability/nvd_detail_rpt.aspx?id=1"
},
{
"trust": 1.1,
"url": "http://www.kerio.com/support/kerio-control/release-history"
},
{
"trust": 1.1,
"url": "http://public.support.unisys.com/common/public/vulnerability/nvd_detail_rpt.aspx?id=3"
},
{
"trust": 1.1,
"url": "http://advisories.mageia.org/mgasa-2014-0165.html"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?spf_p.tpst=kbdocdisplay\u0026spf_p.prp_kbdocdisplay=wsrp-navigationalstate%3ddocid%253demr_na-c04260637-4%257cdoclocale%253den_us%257ccalledby%253dsearch_result\u0026javax.portlet.begcachetok=com.vignette.cachetoken\u0026javax.portlet.endcachetok=com.vignette.cachetoken"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001843"
},
{
"trust": 1.1,
"url": "https://filezilla-project.org/versions.php?type=server"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg400001841"
},
{
"trust": 1.1,
"url": "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html?sr=36517217"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=141287864628122\u0026w=2"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2014/dec/23"
},
{
"trust": 1.1,
"url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=142660345230545\u0026w=2"
},
{
"trust": 1.1,
"url": "http://www.websense.com/support/article/kbarticle/vulnerabilities-resolved-in-triton-apx-version-8-0"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139817727317190\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139757726426985\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139758572430452\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139905653828999\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139842151128341\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139905405728262\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139833395230364\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139824993005633\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139843768401936\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139905202427693\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139774054614965\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139889295732144\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139835815211508\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=140724451518351\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139808058921905\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139836085512508\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139869720529462\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139905868529690\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139765756720506\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=140015787404650\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139824923705461\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139757919027752\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139774703817488\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139905243827825\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=140075368411126\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139905295427946\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139835844111589\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139757819327350\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139817685517037\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139905351928096\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=139817782017443\u0026w=2"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2"
},
{
"trust": 1.1,
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160512_00"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004661"
},
{
"trust": 1.1,
"url": "http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_release_notes.pdf"
},
{
"trust": 1.1,
"url": "http://www.apcmedia.com/salestools/sjhn-7rkgnm/sjhn-7rkgnm_r4_en.pdf"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59347"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59243"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59139"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html"
},
{
"trust": 1.1,
"url": "http://download.schneider-electric.com/files?p_doc_ref=sevd%202014-119-01"
},
{
"trust": 1.1,
"url": "https://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html"
},
{
"trust": 1.1,
"url": "http://support.citrix.com/article/ctx140605"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00061.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008"
},
{
"trust": 1.1,
"url": "https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-635659.pdf"
},
{
"trust": 1.1,
"url": "https://yunus-shn.medium.com/ricon-industrial-cellular-router-heartbleed-attack-2634221c02bd"
},
{
"trust": 1.1,
"url": "http://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=96db9023b881d7cd9f379b0c154650d6c108e9a3"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.5,
"url": "http://support.openview.hp.com/downloads.jsp"
},
{
"trust": 0.3,
"url": "http://www.ocert.org/advisories/ocert-2014-003.html"
},
{
"trust": 0.3,
"url": "https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048"
},
{
"trust": 0.3,
"url": "https://www.ruby-lang.org/en/news/2014/03/29/heap-overflow-in-yaml-uri-escape-parsing-cve-2014-2525/"
},
{
"trust": 0.3,
"url": "http://pyyaml.org/wiki/libyaml"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2014-0353.html"
},
{
"trust": 0.3,
"url": "http://puppetlabs.com/security/cve/cve-2014-2525"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2014-0354.html"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0355.html"
},
{
"trust": 0.3,
"url": "http://www8.hp.com/us/en/software-so"
},
{
"trust": 0.2,
"url": "http://www8.h"
},
{
"trust": 0.2,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "http://seclists.org/fulldisclosure/2019/jan/42"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/./dsa-2896"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/oracle-gives-heartbleed-update-patches-14-products/105576/"
},
{
"trust": 0.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-135-02"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2165-1/"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/km00868126"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/p"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5116"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5269"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-2741"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5135"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0160"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2026"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5268"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-3108"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5266"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-2445"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0338"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5269"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-1536"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-3108"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1969"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-1536"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5266"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2741"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1205"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1664"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0338"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201412-11.xml"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-2026"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-0720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2877"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5135"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0339"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1969"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-2445"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1205"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-0720"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-4995"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-5849"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-4995"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2877"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5268"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-0339"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5116"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1664"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/hpsm_00556"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/km00843525"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/hpsm_00560"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/hpsm_00557"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/hpsm_00559"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/hpsm_00558"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_n"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_"
},
{
"trust": 0.1,
"url": "https://www.hp.com/go/support"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/km00843314/binary/sa_alert_"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/lrlg_00051"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/lrlg_00052"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/lr_03304"
},
{
"trust": 0.1,
"url": "http://support.openview.hp.com/selfsolve/document/lid/lr_03333"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.12"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1c-3ubuntu2.7"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0076"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140430-mxp"
},
{
"trust": 0.1,
"url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber"
},
{
"trust": 0.1,
"url": "http://www.hp.com/support/eslg3"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0160"
},
{
"db": "BID",
"id": "66478"
},
{
"db": "PACKETSTORM",
"id": "126360"
},
{
"db": "PACKETSTORM",
"id": "126165"
},
{
"db": "PACKETSTORM",
"id": "127749"
},
{
"db": "PACKETSTORM",
"id": "126283"
},
{
"db": "PACKETSTORM",
"id": "126285"
},
{
"db": "PACKETSTORM",
"id": "129524"
},
{
"db": "PACKETSTORM",
"id": "126458"
},
{
"db": "PACKETSTORM",
"id": "126563"
},
{
"db": "PACKETSTORM",
"id": "126450"
},
{
"db": "PACKETSTORM",
"id": "126304"
},
{
"db": "PACKETSTORM",
"id": "126208"
},
{
"db": "PACKETSTORM",
"id": "126774"
},
{
"db": "PACKETSTORM",
"id": "126045"
},
{
"db": "PACKETSTORM",
"id": "126420"
},
{
"db": "PACKETSTORM",
"id": "126454"
},
{
"db": "PACKETSTORM",
"id": "127279"
},
{
"db": "NVD",
"id": "CVE-2014-0160"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2014-0160"
},
{
"db": "BID",
"id": "66478"
},
{
"db": "PACKETSTORM",
"id": "126360"
},
{
"db": "PACKETSTORM",
"id": "126165"
},
{
"db": "PACKETSTORM",
"id": "127749"
},
{
"db": "PACKETSTORM",
"id": "126283"
},
{
"db": "PACKETSTORM",
"id": "126285"
},
{
"db": "PACKETSTORM",
"id": "129524"
},
{
"db": "PACKETSTORM",
"id": "126458"
},
{
"db": "PACKETSTORM",
"id": "126563"
},
{
"db": "PACKETSTORM",
"id": "126450"
},
{
"db": "PACKETSTORM",
"id": "126304"
},
{
"db": "PACKETSTORM",
"id": "126208"
},
{
"db": "PACKETSTORM",
"id": "126774"
},
{
"db": "PACKETSTORM",
"id": "126045"
},
{
"db": "PACKETSTORM",
"id": "126420"
},
{
"db": "PACKETSTORM",
"id": "126454"
},
{
"db": "PACKETSTORM",
"id": "127279"
},
{
"db": "NVD",
"id": "CVE-2014-0160"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-07T00:00:00",
"db": "VULMON",
"id": "CVE-2014-0160"
},
{
"date": "2014-03-26T00:00:00",
"db": "BID",
"id": "66478"
},
{
"date": "2014-04-28T20:35:41",
"db": "PACKETSTORM",
"id": "126360"
},
{
"date": "2014-04-15T23:02:07",
"db": "PACKETSTORM",
"id": "126165"
},
{
"date": "2014-08-05T21:06:31",
"db": "PACKETSTORM",
"id": "127749"
},
{
"date": "2014-04-23T21:24:44",
"db": "PACKETSTORM",
"id": "126283"
},
{
"date": "2014-04-23T21:26:11",
"db": "PACKETSTORM",
"id": "126285"
},
{
"date": "2014-12-12T17:43:12",
"db": "PACKETSTORM",
"id": "129524"
},
{
"date": "2014-05-03T02:17:11",
"db": "PACKETSTORM",
"id": "126458"
},
{
"date": "2014-05-09T17:31:25",
"db": "PACKETSTORM",
"id": "126563"
},
{
"date": "2014-05-02T23:02:22",
"db": "PACKETSTORM",
"id": "126450"
},
{
"date": "2014-04-24T22:21:00",
"db": "PACKETSTORM",
"id": "126304"
},
{
"date": "2014-04-17T22:04:49",
"db": "PACKETSTORM",
"id": "126208"
},
{
"date": "2014-05-22T22:17:58",
"db": "PACKETSTORM",
"id": "126774"
},
{
"date": "2014-04-07T22:44:13",
"db": "PACKETSTORM",
"id": "126045"
},
{
"date": "2014-05-01T02:18:26",
"db": "PACKETSTORM",
"id": "126420"
},
{
"date": "2014-05-03T02:07:11",
"db": "PACKETSTORM",
"id": "126454"
},
{
"date": "2014-06-30T23:47:20",
"db": "PACKETSTORM",
"id": "127279"
},
{
"date": "2014-04-07T22:55:03.893000",
"db": "NVD",
"id": "CVE-2014-0160"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2014-0160"
},
{
"date": "2017-05-02T04:07:00",
"db": "BID",
"id": "66478"
},
{
"date": "2024-11-21T02:01:30.317000",
"db": "NVD",
"id": "CVE-2014-0160"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "66478"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LibYAML \u0027yaml_parser_scan_uri_escapes()\u0027 Function Remote Heap Based Buffer Overflow Vulnerability",
"sources": [
{
"db": "BID",
"id": "66478"
}
],
"trust": 0.3
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "66478"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.