CVE-2016-2176
published 2016-05-05CVE-2016-2176: The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive…
PriorityP348high8.2CVSS 3.0
AVNACLPRNUINSUCLINAH
EPSS
22.84%
97.4th percentile
The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | os_x_el_capitan_v10.11.6_and_security_update_2016-004 | — | — |
| debian | openssl | — | — |
| openssl | openssl | <= 1.0.1s | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | >= 0 < 1.0.2h-r0 | 1.0.2h-r0 |
| openssl | openssl | >= 0 < 1.0.2h-r0 | 1.0.2h-r0 |
| openssl | openssl | >= 0 < 1.0.2h-r0 | 1.0.2h-r0 |
| openssl | openssl | >= 0 < 1.0.2h-r0 | 1.0.2h-r0 |
| openssl | openssl | >= 0 < 1.0.2h-r0 | 1.0.2h-r0 |
| openssl | openssl | >= 0 < 1.0.2h-r0 | 1.0.2h-r0 |
| openssl | openssl | >= 0 < 1.0.2h-r0 | 1.0.2h-r0 |
| paloalto | cortex_xdr | — | — |
| paloalto | globalprotect | — | — |
| paloalto | pan-os | — | — |
CVSS provenance
nvdv3.08.2HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:P
osv8.2HIGH
vendor_debian8.2LOW
vendor_redhat8.2HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9p7f-7v7j-rq7j: The X509_NAME_oneline function in crypto/x509/x509_obj
ghsa_unreviewed·2022-05-14
CVE-2016-2176 [HIGH] CWE-119 GHSA-9p7f-7v7j-rq7j: The X509_NAME_oneline function in crypto/x509/x509_obj
The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.
OSV
CVE-2016-2176: The X509_NAME_oneline function in crypto/x509/x509_obj
osv·2016-05-05·CVSS 8.2
CVE-2016-2176 [HIGH] CVE-2016-2176: The X509_NAME_oneline function in crypto/x509/x509_obj
The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.
Palo Alto
PAN-SA-2024-0014 Informational Bulletin: Impact of OSS CVEs in Cortex XDR Agent
vendor_paloalto·2024-11-07·CVSS 6.8
CVE-2014-0195 [MEDIUM] PAN-SA-2024-0014 Informational Bulletin: Impact of OSS CVEs in Cortex XDR Agent
PAN-SA-2024-0014 Informational Bulletin: Impact of OSS CVEs in Cortex XDR Agent
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to Cortex XDR Agent. While Cortex XDR Agent may include the
CVEs: CVE-2014-0195, CVE-2014-0224, CVE-2014-3509, CVE-2014-3512, CVE-2014-3513, CVE-2014-3567, CVE-2015-0209, CVE-2015-0292, CVE-2015-1789, CVE-2015-1791, CVE-2015-1793, CVE-2015-3194, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176, CVE-2016-2177, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2019-1551, CVE-2019-1552, CVE-2019-1559, CVE-2019-1563, CVE-2020-196
CISA ICS
Siemens SCALANCE X-200RNA Switch Devices
cisa_ics·2022-12-19
Siemens SCALANCE X-200RNA Switch Devices
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SCALANCE X-200RNA Switch Devices
Last RevisedDecember 19, 2022
Alert CodeICSA-22-349-21
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
- Vendor: Siemens
- Equipment: SCALANCE X-200RNA switch devices before V3.2.7
- Vulnerabilities: Observable Timing Discrepancy; Race Condition; Improper Restriction of Operations within the Bounds of a Memory Buffer; Improper Input Validation; NULL Pointer Dereference; Use After Free; Cryptographic Issues; Comparison of Incompatible Types; Resource Management
Palo Alto
PAN-SA-2016-0023 OpenSSL Vulnerabilities
vendor_paloalto·2016-09-02·CVSS 2.6
CVE-2013-0169 [LOW] CWE-119 PAN-SA-2016-0023 OpenSSL Vulnerabilities
PAN-SA-2016-0023 OpenSSL Vulnerabilities
The OpenSSL library embedded in the GlobalProtect™ agent, TerminalServer™ agent and UserID™ agent is
CVEs: CVE-2013-0169, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2109, CVE-2016-2176
Affected products: GlobalProtect
Palo Alto
PAN-SA-2016-0020 OpenSSL Vulnerabilities
vendor_paloalto·2016-08-15·CVSS 7.5
CVE-2014-8176 [HIGH] CWE-119 PAN-SA-2016-0020 OpenSSL Vulnerabilities
PAN-SA-2016-0020 OpenSSL Vulnerabilities
The OpenSSL library has been found to contain several vulnerabilities CVE-2014-8176, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-1794, CVE-2015-3195, CVE-2015-4000, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176, CVE-2016-2842. Palo Alto Networks software makes use of the vulnerable library. (Ref # 95622). The OpenSSL library in use by PAN-OS is patched on a regular basis. Severities of the CVEs listed under the summary section range from low to high but, have not been shown to be exploitable at the time of this advisory. This issue affects PAN-OS 5.0.X; PAN-OS-5.1.X; PAN-OS 6.0.13 and earlier; PAN-OS 6.1.12 and earlier; PAN-OS 7.0.8 and earlier; PAN-OS 7.1.3 and earl
Apple
CVE-2016-2176: OS X El Capitan v10.11.6 and Security Update 2016-004
vendor_apple·2016-07-18·CVSS 8.2
CVE-2016-2176 [HIGH] CVE-2016-2176: OS X El Capitan v10.11.6 and Security Update 2016-004
Apple Security Update: About the security content of OS X El Capitan v10.11.6 and Security Update 2016-004
Product: OS X El Capitan v10.11.6 and Security Update 2016-004
CVE: CVE-2016-2176
Component: OpenSSL
Impact: A remote attacker may be able to execute arbitrary code
Description: Multiple issues existed in OpenSSL. These issues were resolved by backporting the fixes from OpenSSL 1.0.2h/1.0.1 to OpenSSL 0.9.8.
BSD
FreeBSD-SA-16:17.openssl: Multiple OpenSSL vulnerabilities
bsd_advisories·2016-05-04·CVSS 7.5
CVE-2016-2105 [HIGH] FreeBSD-SA-16:17.openssl: Multiple OpenSSL vulnerabilities
FreeBSD-SA-16:17.openssl Security Advisory
The FreeBSD Project
Topic: Multiple OpenSSL vulnerabilities
Category: contrib
Module: openssl
Announced: 2016-05-04
Credits: OpenSSL Project
Affects: All supported versions of FreeBSD.
Corrected: 2016-05-03 18:54:20 UTC (stable/10, 10.3-STABLE)
2016-05-04 15:25:47 UTC (releng/10.3, 10.3-RELEASE-p2)
2016-05-04 15:26:23 UTC (releng/10.2, 10.2-RELEASE-p16)
2016-05-04 15:27:09 UTC (releng/10.1, 10.1-RELEASE-p33)
2016-05-04 06:53:02 UTC (stable/9, 9.3-STABLE)
2016-05-04 15:27:09 UTC (releng/9.3, 9.3-RELEASE-p41)
CVE Name: CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2109,
CVE-2016-2176
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, ple
Cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
vendor_cisco·2016-05-04
CVE-2016-2105 [MEDIUM] CWE-119 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
On May 3, 2016, the OpenSSL Software Foundation released a security advisory that included six vulnerabilities. Of the six vulnerabilities disclosed, four of them may cause memory corruption or excessive memory usage, one could allow a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server supports AES-NI, and, lastly, one is specific to a product performing an operation with Extended Binary Coded Decimal Interchange Code (EBCDIC) encoding.
Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities.
This advisory will be updated as additional information becomes available.
This advisory is available at the following link:
Red Hat
openssl: EBCDIC overread in X509_NAME_oneline()
vendor_redhat·2016-05-03·CVSS 8.2
CVE-2016-2176 [HIGH] CWE-125 openssl: EBCDIC overread in X509_NAME_oneline()
openssl: EBCDIC overread in X509_NAME_oneline()
The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.
Package: openssl (Red Hat Enterprise Linux 4) - Not affected
Package: openssl096b (Red Hat Enterprise Linux 4) - Not affected
Package: openssl (Red Hat Enterprise Linux 5) - Not affected
Package: openssl097a (Red Hat Enterprise Linux 5) - Not affected
Package: openssl (Red Hat Enterprise Linux 6) - Not affected
Package: openssl098e (Red Hat Enterprise Linux 6) - Not affected
Package: openssl (Red Hat Enterprise Linux 7) - Not affected
Package: openssl098e (Red Hat Enterpr
Debian
CVE-2016-2176: openssl - The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1...
vendor_debian·2016·CVSS 8.2
CVE-2016-2176 [HIGH] CVE-2016-2176: openssl - The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1...
The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
Cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
vendor_cisco
CVE-2016-2176 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
CVE-2016-2176: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016
On May 3, 2016, the OpenSSL Software Foundation released a security advisory that included six vulnerabilities. Of the six vulnerabilities disclosed, four of them may cause memory corruption or excessive memory usage, one could allow a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server supports AES-NI, and, lastly, one is specific to a product performing an operation with Extended Binary Coded Decimal Interchange Code (EBCDIC) encoding. Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities. This advisory will be updated as additional information becomes available. This advisory is available at the follow
Suricata
ET EXPLOIT Possible Internet Explorer VBscript failure to handle error case information disclosure CVE-2014-6332 Common Construct M2
suricata·2016-05-06·CVSS 8.8
CVE-2014-6332 [HIGH] ET EXPLOIT Possible Internet Explorer VBscript failure to handle error case information disclosure CVE-2014-6332 Common Construct M2
ET EXPLOIT Possible Internet Explorer VBscript failure to handle error case information disclosure CVE-2014-6332 Common Construct M2
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Possible Internet Explorer VBscript failure to handle error case information disclosure CVE-2014-6332 Common Construct M2"; flow:established,to_client; file.data; content:"redim"; nocase; fast_pattern; content:"Preserve"; nocase; content:"VBScript"; nocase; content:"chrw"; content:"32767"; distance:0; content:"chrw"; content:"2176"; distance:0; classtype:attempted-admin; sid:2022797; rev:4; metadata:created_at 2016_05_06, cve CVE_2014_6332, confidence Medium, signature_severity Major, tag CISA_KEV, updated_at 2024_03_14, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_i
Metasploit
Microsoft Exchange ProxyLogon Collector
metasploit·CVSS 9.8
CVE-2021-26855 [CRITICAL] Microsoft Exchange ProxyLogon Collector
Microsoft Exchange ProxyLogon Collector
This module exploit a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855). By taking advantage of this vulnerability, it is possible to dump all mailboxes (emails, attachments, contacts, ...). This vulnerability affects (Exchange 2013 Versions < 15.00.1497.012, Exchange 2016 CU18 < 15.01.2106.013, Exchange 2016 CU19 < 15.01.2176.009, Exchange 2019 CU7 < 15.02.0721.013, Exchange 2019 CU8 < 15.02.0792.010). All components are vulnerable by default.
Metasploit
Microsoft Exchange ProxyLogon Scanner
metasploit·CVSS 9.8
CVE-2021-26855 [CRITICAL] Microsoft Exchange ProxyLogon Scanner
Microsoft Exchange ProxyLogon Scanner
This module scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855). By chaining this bug with another post-auth arbitrary-file-write vulnerability to get code execution (CVE-2021-27065). As a result, an unauthenticated attacker can execute arbitrary commands on Microsoft Exchange Server. This vulnerability affects (Exchange 2013 Versions < 15.00.1497.012, Exchange 2016 CU18 < 15.01.2106.013, Exchange 2016 CU19 < 15.01.2176.009, Exchange 2019 CU7 < 15.02.0721.013, Exchange 2019 CU8 < 15.02.0792.010). All components are vulnerable by default.
Metasploit
Microsoft Exchange ProxyShell RCE
metasploit·CVSS 6.6
CVE-2021-31207 [MEDIUM] Microsoft Exchange ProxyShell RCE
Microsoft Exchange ProxyShell RCE
This module exploits a vulnerability on Microsoft Exchange Server that allows an attacker to bypass the authentication (CVE-2021-31207), impersonate an arbitrary user (CVE-2021-34523) and write an arbitrary file (CVE-2021-34473) to achieve the RCE (Remote Code Execution). By taking advantage of this vulnerability, you can execute arbitrary commands on the remote Microsoft Exchange Server. This vulnerability affects Exchange 2013 CU23 < 15.0.1497.15, Exchange 2016 CU19 < 15.1.2176.12, Exchange 2016 CU20 < 15.1.2242.5, Exchange 2019 CU8 < 15.2.792.13, Exchange 2019 CU9 < 15.2.858.9. All components are vulnerable by default.
Metasploit
Microsoft Exchange ProxyLogon RCE
metasploit·CVSS 9.8
CVE-2021-26855 [CRITICAL] Microsoft Exchange ProxyLogon RCE
Microsoft Exchange ProxyLogon RCE
This module exploit a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication, impersonating as the admin (CVE-2021-26855) and write arbitrary file (CVE-2021-27065) to get the RCE (Remote Code Execution). By taking advantage of this vulnerability, you can execute arbitrary commands on the remote Microsoft Exchange Server. This vulnerability affects (Exchange 2013 Versions < 15.00.1497.012, Exchange 2016 CU18 < 15.01.2106.013, Exchange 2016 CU19 < 15.01.2176.009, Exchange 2019 CU7 < 15.02.0721.013, Exchange 2019 CU8 < 15.02.0792.010). All components are vulnerable by default.
Tenable
[R5] OpenSSL '20160503' Advisory Affects Tenable Products
blogs_tenable·2016-05-18
[R5] OpenSSL '20160503' Advisory Affects Tenable Products
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
HackerOne
EBCDIC overread (CVE-2016-2176)
hackerone·2016-05-03·CVSS 8.2
CVE-2016-2176 [HIGH] EBCDIC overread (CVE-2016-2176)
EBCDIC overread (CVE-2016-2176)
https://github.com/openssl/openssl/commit/ea96ad5a206b7b5f25dad230333e8ff032df3219
Severity: Low
ASN1 Strings that are over 1024 bytes can cause an overread in applications using the X509_NAME_oneline() function on EBCDIC systems. This could result in arbitrary stack data being returned in the buffer.
OpenSSL 1.0.2 users should upgrade to 1.0.2h
OpenSSL 1.0.1 users should upgrade to 1.0.1t
This issue was reported to OpenSSL on 5th March 2016 by Guido Vranken. The fix was developed by Matt Caswell of the OpenSSL development team.
Note
====
As per our previous announcements and our Release Strategy (https://www.openssl.org/policies/releasestrat.html), support for OpenSSL version 1.0.1 will cease on 31st December 2016. No security updates for that versio
Bugzilla
CVE-2016-2176 openssl: EBCDIC overread in X509_NAME_oneline()
bugzilla·2016-04-28·CVSS 8.2
CVE-2016-2176 [HIGH] CVE-2016-2176 openssl: EBCDIC overread in X509_NAME_oneline()
CVE-2016-2176 openssl: EBCDIC overread in X509_NAME_oneline()
Quoting form the draft of OpenSSL upstream advisory:
EBCDIC overread (CVE-2016-2176)
Severity: Low
ASN1 Strings that are over 1024 bytes can cause an overread in applications
using the X509_NAME_oneline() function on EBCDIC systems. This could result in
arbitrary stack data being returned in the buffer.
OpenSSL 1.0.2 users should upgrade to 1.0.2h
OpenSSL 1.0.1 users should upgrade to 1.0.1t
This issue was reported to OpenSSL on 5th March 2016 by Guido Vranken. The
fix was developed by Matt Caswell of the OpenSSL development team.
Discussion:
Acknowledgments:
Name: the OpenSSL project
Upstream: Guido Vranken
---
Created attachment 1152051
OpenSSL upstream fix
---
OpenSSL packages distributed by Red Hat do not enable
http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.htmlhttp://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.htmlhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-opensslhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttp://www.securityfocus.com/bid/89746http://www.securityfocus.com/bid/91787http://www.securitytracker.com/id/1035721http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103https://bto.bluecoat.com/security-advisory/sa123https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=2919516136a4227d9e6d8f2fe66ef976aaf8c561https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_ushttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_ushttps://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202https://kc.mcafee.com/corporate/index?page=content&id=SB10160https://security.gentoo.org/glsa/201612-16https://security.netapp.com/advisory/ntap-20160504-0001/https://support.apple.com/HT206903https://www.openssl.org/news/secadv/20160503.txthttps://www.tenable.com/security/tns-2016-18http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.htmlhttp://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.htmlhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-opensslhttp://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlhttp://www.securityfocus.com/bid/89746http://www.securityfocus.com/bid/91787http://www.securitytracker.com/id/1035721http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.542103https://bto.bluecoat.com/security-advisory/sa123https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=2919516136a4227d9e6d8f2fe66ef976aaf8c561https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03756en_ushttps://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03765en_ushttps://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202https://kc.mcafee.com/corporate/index?page=content&id=SB10160https://security.gentoo.org/glsa/201612-16https://security.netapp.com/advisory/ntap-20160504-0001/https://support.apple.com/HT206903https://www.openssl.org/news/secadv/20160503.txthttps://www.tenable.com/security/tns-2016-18
2016-05-05
Published