CVE-2016-6303
published 2016-09-16CVE-2016-6303: Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service…
PriorityP354critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
31.99%
98.1th percentile
Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
Affected
44 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | macos_sierra_10.12.2_security_update_2016-003_el_capitan_and_security_update_201 | — | — |
| debian | openssl | < openssl 1.0.2i-1 (bookworm) | openssl 1.0.2i-1 (bookworm) |
| nodejs | node.js | < 0.12.16 | 0.12.16 |
| nodejs | node.js | >= 4.0.0 < 4.6.0 | 4.6.0 |
| nodejs | node.js | >= 6.0.0 < 6.6.0 | 6.6.0 |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
| openssl | openssl | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_cisco5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w6xc-jcff-g3vg: Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst
ghsa_unreviewed·2022-05-14
CVE-2016-6303 [CRITICAL] CWE-787 GHSA-w6xc-jcff-g3vg: Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst
Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
OSV
openssl regression
osv·2016-09-23·CVSS 9.8
CVE-2016-2182 [CRITICAL] openssl regression
openssl regression
USN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182 was
incomplete and caused a regression when parsing certificates. This update
fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Shi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request
extension. A remote attacker could possibly use this issue to cause memory
consumption, resulting in a denial of service. (CVE-2016-6304)
Guido Vranken discovered that OpenSSL used undefined behaviour when
performing pointer arithmetic. A remote attacker could possibly use this
issue to cause OpenSSL to crash, resulting in a denial of service. This
issue has only been addressed in Ubuntu 16.04 LTS in this update.
(CVE-2016-2177)
César Pereida, Billy Brumley, and Y
OSV
openssl vulnerabilities
osv·2016-09-22·CVSS 9.8
CVE-2016-6304 [CRITICAL] openssl vulnerabilities
openssl vulnerabilities
Shi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request
extension. A remote attacker could possibly use this issue to cause memory
consumption, resulting in a denial of service. (CVE-2016-6304)
Guido Vranken discovered that OpenSSL used undefined behaviour when
performing pointer arithmetic. A remote attacker could possibly use this
issue to cause OpenSSL to crash, resulting in a denial of service. This
issue has only been addressed in Ubuntu 16.04 LTS in this update.
(CVE-2016-2177)
César Pereida, Billy Brumley, and Yuval Yarom discovered that OpenSSL
did not properly use constant-time operations when performing DSA signing.
A remote attacker could possibly use this issue to perform a cache-timing
attack and recover private DSA keys. (CVE-201
OSV
CVE-2016-6303: Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst
osv·2016-09-16·CVSS 9.8
CVE-2016-6303 [CRITICAL] CVE-2016-6303: Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst
Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
Palo Alto
PAN-SA-2024-0014 Informational Bulletin: Impact of OSS CVEs in Cortex XDR Agent
vendor_paloalto·2024-11-07·CVSS 6.8
CVE-2014-0195 [MEDIUM] PAN-SA-2024-0014 Informational Bulletin: Impact of OSS CVEs in Cortex XDR Agent
PAN-SA-2024-0014 Informational Bulletin: Impact of OSS CVEs in Cortex XDR Agent
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to Cortex XDR Agent. While Cortex XDR Agent may include the
CVEs: CVE-2014-0195, CVE-2014-0224, CVE-2014-3509, CVE-2014-3512, CVE-2014-3513, CVE-2014-3567, CVE-2015-0209, CVE-2015-0292, CVE-2015-1789, CVE-2015-1791, CVE-2015-1793, CVE-2015-3194, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176, CVE-2016-2177, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-2183, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2019-1551, CVE-2019-1552, CVE-2019-1559, CVE-2019-1563, CVE-2020-196
CISA ICS
Siemens SCALANCE X-200RNA Switch Devices
cisa_ics·2022-12-19
Siemens SCALANCE X-200RNA Switch Devices
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SCALANCE X-200RNA Switch Devices
Last RevisedDecember 19, 2022
Alert CodeICSA-22-349-21
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available
- Vendor: Siemens
- Equipment: SCALANCE X-200RNA switch devices before V3.2.7
- Vulnerabilities: Observable Timing Discrepancy; Race Condition; Improper Restriction of Operations within the Bounds of a Memory Buffer; Improper Input Validation; NULL Pointer Dereference; Use After Free; Cryptographic Issues; Comparison of Incompatible Types; Resource Management
Apple
CVE-2016-6303: macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite
vendor_apple·2016-12-13·CVSS 9.8
CVE-2016-6303 [CRITICAL] CVE-2016-6303: macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite
Apple Security Update: About the security content of macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite
Product: macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite
CVE: CVE-2016-6303
Component: CVE-2016-6303
Cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
vendor_cisco·2016-09-27·CVSS 5.5
CVE-2016-2177 [MEDIUM] CWE-119 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
On September 22, 2016, the OpenSSL Software Foundation released an advisory that describes 14 vulnerabilities. Of these 14 vulnerabilities, the OpenSSL Software Foundation classifies one as “Critical Severity,” one as “Moderate Severity,” and the other 12 as “Low Severity.”
Subsequently, on September 26, the OpenSSL Software Foundation released an additional advisory that describes two new vulnerabilities. These vulnerabilities affect the OpenSSL versions that were released to address the vulnerabilities disclosed in the previous advisory. One of the new vulnerabilities was rated as “High Severity” and the other as “Moderate Severity.”
Of the 16 released vulnerabilities:
Fourteen track issues that could resu
Ubuntu
OpenSSL regression
vendor_ubuntu·2016-09-23·CVSS 9.8
CVE-2016-2182 [CRITICAL] OpenSSL regression
Title: OpenSSL regression
Summary: USN-3087-1 introduced a regression in OpenSSL.
USN-3087-1 fixed vulnerabilities in OpenSSL. The fix for CVE-2016-2182 was
incomplete and caused a regression when parsing certificates. This update
fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Shi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request
extension. A remote attacker could possibly use this issue to cause memory
consumption, resulting in a denial of service. (CVE-2016-6304)
Guido Vranken discovered that OpenSSL used undefined behaviour when
performing pointer arithmetic. A remote attacker could possibly use this
issue to cause OpenSSL to crash, resulting in a denial of service. This
issue has only been addressed in Ubuntu 16.04 LTS in t
BSD
FreeBSD-SA-16:26.openssl: Multiple OpenSSL vulnerabilities
bsd_advisories·2016-09-23·CVSS 9.8
CVE-2016-2177 [CRITICAL] FreeBSD-SA-16:26.openssl: Multiple OpenSSL vulnerabilities
FreeBSD-SA-16:26.openssl Security Advisory
The FreeBSD Project
Topic: Multiple OpenSSL vulnerabilities
Category: contrib
Module: openssl
Announced: 2016-09-23; revised on 2016-09-26
Credits: OpenSSL Project
Affects: All supported versions of FreeBSD.
Corrected: 2016-09-22 14:57:48 UTC (stable/11, 11.0-STABLE)
2016-09-22 15:55:27 UTC (releng/11.0, 11.0-RELEASE)
2016-09-22 15:05:38 UTC (stable/10, 10.3-STABLE)
2016-09-26 08:21:29 UTC (releng/10.3, 10.3-RELEASE-p9)
2016-09-26 08:21:29 UTC (releng/10.2, 10.2-RELEASE-p22)
2016-09-26 08:21:29 UTC (releng/10.1, 10.1-RELEASE-p39)
2016-09-26 08:19:33 UTC (stable/9, 9.3-STABLE)
2016-09-26 08:21:29 UTC (releng/9.3, 9.3-RELEASE-p47)
CVE Name: CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180,
CVE-2016-2181, CVE-2016-2182, CVE-2016-6302, CVE
Ubuntu
OpenSSL vulnerabilities
vendor_ubuntu·2016-09-22·CVSS 9.8
CVE-2016-2177 [CRITICAL] OpenSSL vulnerabilities
Title: OpenSSL vulnerabilities
Summary: Several security issues were fixed in OpenSSL.
Shi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request
extension. A remote attacker could possibly use this issue to cause memory
consumption, resulting in a denial of service. (CVE-2016-6304)
Guido Vranken discovered that OpenSSL used undefined behaviour when
performing pointer arithmetic. A remote attacker could possibly use this
issue to cause OpenSSL to crash, resulting in a denial of service. This
issue has only been addressed in Ubuntu 16.04 LTS in this update.
(CVE-2016-2177)
César Pereida, Billy Brumley, and Yuval Yarom discovered that OpenSSL
did not properly use constant-time operations when performing DSA signing.
A remote attacker could possibly use this issue to perf
Red Hat
openssl: Integer overflow in MDC2_Update()
vendor_redhat·2016-08-20·CVSS 9.8
CVE-2016-6303 [CRITICAL] CWE-190 openssl: Integer overflow in MDC2_Update()
openssl: Integer overflow in MDC2_Update()
Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
Statement: Not vulnerable. This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 4, 5, 6, and 7, as they did not include support for MDC-2.
Package: openssl (Red Hat Enterprise Linux 5) - Not affected
Package: openssl097a (Red Hat Enterprise Linux 5) - Not affected
Package: openssl (Red Hat Enterprise Linux 6) - Not affected
Package: openssl098e (Red Hat Enterprise Linux 6) - Not affected
Package: openssl (Red Hat Enterprise Linux 7) - Not affected
Pack
Debian
CVE-2016-6303: openssl - Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSS...
vendor_debian·2016·CVSS 9.8
CVE-2016-6303 [CRITICAL] CVE-2016-6303: openssl - Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSS...
Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
Scope: local
bookworm: resolved (fixed in 1.0.2i-1)
bullseye: resolved (fixed in 1.0.2i-1)
forky: resolved (fixed in 1.0.2i-1)
sid: resolved (fixed in 1.0.2i-1)
trixie: resolved (fixed in 1.0.2i-1)
Cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
vendor_cisco
CVE-2016-6303 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
CVE-2016-6303: Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
On September 22, 2016, the OpenSSL Software Foundation released an advisory that describes 14 vulnerabilities. Of these 14 vulnerabilities, the OpenSSL Software Foundation classifies one as “Critical Severity,” one as “Moderate Severity,” and the other 12 as “Low Severity.” Subsequently, on September 26, the OpenSSL Software Foundation released an additional advisory that describes two new vulnerabilities. These vulnerabilities affect the OpenSSL versions that were released to address the vulnerabilities disclosed in the previous advisory. One of the new vulnerabilities was rated as “High Severity” and the other as “Moderate Severity.” Of the 16 released vulnerabilities: Fourteen track issues that c
No detection rules found.
No public exploits indexed.
HackerOne
OOB write in MDC2_Update() (CVE-2016-6303)
hackerone·2017-05-25·CVSS 9.8
CVE-2016-6303 [CRITICAL] OOB write in MDC2_Update() (CVE-2016-6303)
OOB write in MDC2_Update() (CVE-2016-6303)
An overflow can occur in MDC2_Update() either if called directly or
through the EVP_DigestUpdate() function using MDC2. If an attacker
is able to supply very large amounts of input data after a previous
call to EVP_EncryptUpdate() with a partial block then a length check
can overflow resulting in a heap corruption.
The amount of data needed is comparable to SIZE_MAX which is impractical
on most platforms.
refer:
https://www.openssl.org/news/secadv/20160922.txt
An overflow can occur in MDC2_Update() either if called directly or through the EVP_DigestUpdate() function using MDC2. If an attacker is able to supply very large amounts of input data after a previous call to EVP_EncryptUpdate() with a partial block then a length check can overflow res
Bugzilla
CVE-2016-6303 openssl: Integer overflow in MDC2_Update() [fedora-all]
bugzilla·2016-08-25·CVSS 9.8
CVE-2016-6303 [CRITICAL] CVE-2016-6303 openssl: Integer overflow in MDC2_Update() [fedora-all]
CVE-2016-6303 openssl: Integer overflow in MDC2_Update() [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora.
Bugzilla
CVE-2016-6303 openssl: Integer overflow in MDC2_Update()
bugzilla·2016-08-25·CVSS 9.8
CVE-2016-6303 [CRITICAL] CVE-2016-6303 openssl: Integer overflow in MDC2_Update()
CVE-2016-6303 openssl: Integer overflow in MDC2_Update()
Possible integer overflow vulnerability was found in MDC2_Update() function that can lead to out-of-bounds write.
Upstream patch:
https://github.com/openssl/openssl/commit/2b4029e68fd7002d2307e6c3cde0f3784eef9c83
Discussion:
Created openssl101e tracking bugs for this issue:
Affects: epel-5 [bug 1370149]
---
Created openssl tracking bugs for this issue:
Affects: fedora-all [bug 1370147]
---
Created mingw-openssl tracking bugs for this issue:
Affects: fedora-all [bug 1370148]
---
MDC-2 support is not enabled in OpenSSL packages in Red Hat products. Therefore, this issue can not affect those packages.
---
Statement:
Not vulnerable. This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linu
Bugzilla
CVE-2016-6303 mingw-openssl: openssl: Integer overflow in MDC2_Update() [fedora-all]
bugzilla·2016-08-25·CVSS 9.8
CVE-2016-6303 [CRITICAL] CVE-2016-6303 mingw-openssl: openssl: Integer overflow in MDC2_Update() [fedora-all]
CVE-2016-6303 mingw-openssl: openssl: Integer overflow in MDC2_Update() [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versi
Bugzilla
CVE-2016-6303 openssl101e: openssl: Integer overflow in MDC2_Update() [epel-5]
bugzilla·2016-08-25·CVSS 9.8
CVE-2016-6303 [CRITICAL] CVE-2016-6303 openssl101e: openssl: Integer overflow in MDC2_Update() [epel-5]
CVE-2016-6303 openssl101e: openssl: Integer overflow in MDC2_Update() [epel-5]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
[bug automatically created by: add-tracking-bugs]
arXiv
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
arxiv_fulltext·2022-12-29
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
## Abstract
Currently, the development of IoT firmware heavily depends on third-party components (TPCs) to improve development efficiency. Nevertheless, TPCs are not secure, and the vulnerabilities in TPCs will influence the security of IoT firmware. Existing works pay less attention to the vulnerabilities caused by TPCs, and we still lack a comprehensive understanding of the security impact of TPC vulnerability against firmware. To fill in the knowledge gap, we design and implement , which leverages syntactical features and control-flow graph features to detect the TPCs in firmware, and then recognizes the corresponding vulnerabilities. Based on , we present the first l
Tenable
[R7] Nessus 6.9 Fixes Multiple Vulnerabilities
blogs_tenable·2016-10-25
[R7] Nessus 6.9 Fixes Multiple Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759http://www-01.ibm.com/support/docview.wss?uid=swg21995039http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.securityfocus.com/bid/92984http://www.securitytracker.com/id/1036885https://bto.bluecoat.com/security-advisory/sa132https://bugzilla.redhat.com/show_bug.cgi?id=1370146https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=55d83bf7c10c7b205fffa23fa7c3977491e56c07https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.aschttps://www.tenable.com/security/tns-2016-16https://www.tenable.com/security/tns-2016-20https://www.tenable.com/security/tns-2016-21http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759http://www-01.ibm.com/support/docview.wss?uid=swg21995039http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.securityfocus.com/bid/92984http://www.securitytracker.com/id/1036885https://bto.bluecoat.com/security-advisory/sa132https://bugzilla.redhat.com/show_bug.cgi?id=1370146https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfhttps://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=55d83bf7c10c7b205fffa23fa7c3977491e56c07https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.aschttps://www.tenable.com/security/tns-2016-16https://www.tenable.com/security/tns-2016-20https://www.tenable.com/security/tns-2016-21
2016-09-16
Published