OpenSSL project reports :

- Reclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204). OpenSSL only.

- Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)

- ASN.1 structure reuse memory corruption (CVE-2015-0287)

- PKCS#7 NULL pointer dereferences (CVE-2015-0289)

- Base64 decode (CVE-2015-0292). OpenSSL only.

- DoS via reachable assert in SSLv2 servers (CVE-2015-0293). OpenSSL only.

- Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)

- X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)

Multiple vulnerabilities has been discovered and corrected in openssl :

Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment (CVE-2010-5298).

The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack (CVE-2014-0076).

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug (CVE-2014-0160).

The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment (CVE-2014-0195).

The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition (CVE-2014-0198).

The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake (CVE-2014-0221).

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability (CVE-2014-0224).

The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value (CVE-2014-3470).

Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted handshake message (CVE-2014-3513).

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the POODLE issue (CVE-2014-3566).

Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service (memory consumption) via a crafted session ticket that triggers an integrity-check failure (CVE-2014-3567).

The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, 1.0.0o, and 1.0.1j does not properly handle attempts to use unsupported protocols, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an unexpected handshake, as demonstrated by an SSLv3 handshake to a no-ssl3 application with certain error handling. NOTE: this issue became relevant after the CVE-2014-3568 fix (CVE-2014-3569).

The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (CVE-2014-3570).

OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted DTLS message that is processed with a different read operation for the handshake header than for the handshake body, related to the dtls1_get_record function in d1_pkt.c and the ssl3_read_n function in s3_pkt.c (CVE-2014-3571).

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (CVE-2014-3572).

OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c (CVE-2014-8275).

The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the FREAK issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations (CVE-2015-0204).

The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support (CVE-2015-0205).

Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection (CVE-2015-0206).

Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import (CVE-2015-0209).

The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature (CVE-2015-0286).

The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structures, which might allow attackers to cause a denial of service (invalid write operation and memory corruption) by leveraging an application that relies on ASN.1 structure reuse (CVE-2015-0287).

The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key (CVE-2015-0288).

The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, related to crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c (CVE-2015-0289).

The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message (CVE-2015-0293).

The updated packages have been upgraded to the 1.0.1m version where these security flaws has been fixed.

libressl was updated to version 2.2.1 to fix 16 security issues.

LibreSSL is a fork of OpenSSL. Because of that CVEs affecting OpenSSL often also affect LibreSSL.

These security issues were fixed :

  - CVE-2014-3570: The BN_sqr implementation in OpenSSL     before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before     1.0.1k did not properly calculate the square of a BIGNUM     value, which might make it easier for remote attackers     to defeat cryptographic protection mechanisms via     unspecified vectors, related to crypto/bn/asm/mips.pl,     crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c     (bsc#912296).

  - CVE-2014-3572: The ssl3_get_key_exchange function in     s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before     1.0.0p, and 1.0.1 before 1.0.1k allowed remote SSL     servers to conduct ECDHE-to-ECDH downgrade attacks and     trigger a loss of forward secrecy by omitting the     ServerKeyExchange message (bsc#912015).

  - CVE-2015-1792: The do_free_upto function in     crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0     before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before     1.0.2b allowed remote attackers to cause a denial of     service (infinite loop) via vectors that trigger a NULL     value of a BIO data structure, as demonstrated by an     unrecognized X.660 OID for a hash function (bsc#934493).

  - CVE-2014-8275: OpenSSL before 0.9.8zd, 1.0.0 before     1.0.0p, and 1.0.1 before 1.0.1k did not enforce certain     constraints on certificate data, which allowed remote     attackers to defeat a fingerprint-based     certificate-blacklist protection mechanism by including     crafted data within a certificate's unsigned portion,     related to crypto/asn1/a_verify.c,     crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and     crypto/x509/x_all.c (bsc#912018).

  - CVE-2015-0209: Use-after-free vulnerability in the     d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in     OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1     before 1.0.1m, and 1.0.2 before 1.0.2a might allowed     remote attackers to cause a denial of service (memory     corruption and application crash) or possibly have     unspecified other impact via a malformed Elliptic Curve     (EC) private-key file that is improperly handled during     import (bsc#919648).

  - CVE-2015-1789: The X509_cmp_time function in     crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0     before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before     1.0.2b allowed remote attackers to cause a denial of     service (out-of-bounds read and application crash) via a     crafted length field in ASN1_TIME data, as demonstrated     by an attack against a server that supports client     authentication with a custom verification callback     (bsc#934489).

  - CVE-2015-1788: The BN_GF2m_mod_inv function in     crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0     before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before     1.0.2b did not properly handle ECParameters structures     in which the curve is over a malformed binary polynomial     field, which allowed remote attackers to cause a denial     of service (infinite loop) via a session that used an     Elliptic Curve algorithm, as demonstrated by an attack     against a server that supports client authentication     (bsc#934487).

  - CVE-2015-1790: The PKCS7_dataDecodefunction in     crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0     before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before     1.0.2b allowed remote attackers to cause a denial of     service (NULL pointer dereference and application crash)     via a PKCS#7 blob that used ASN.1 encoding and lacks     inner EncryptedContent data (bsc#934491).

  - CVE-2015-0287: The ASN1_item_ex_d2i function in     crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0     before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before     1.0.2a did not reinitialize CHOICE and ADB data     structures, which might allowed attackers to cause a     denial of service (invalid write operation and memory     corruption) by leveraging an application that relies on     ASN.1 structure reuse (bsc#922499).

  - CVE-2015-0286: The ASN1_TYPE_cmp function in     crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0     before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before     1.0.2a did not properly perform boolean-type     comparisons, which allowed remote attackers to cause a     denial of service (invalid read operation and     application crash) via a crafted X.509 certificate to an     endpoint that used the certificate-verification feature     (bsc#922496).

  - CVE-2015-0289: The PKCS#7 implementation in OpenSSL     before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before     1.0.1m, and 1.0.2 before 1.0.2a did not properly handle     a lack of outer ContentInfo, which allowed attackers to     cause a denial of service (NULL pointer dereference and     application crash) by leveraging an application that     processes arbitrary PKCS#7 data and providing malformed     data with ASN.1 encoding, related to     crypto/pkcs7/pk7_doit.c and crypto/pkcs7/pk7_lib.c     (bsc#922500).

  - CVE-2015-0288: The X509_to_X509_REQ function in     crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0     before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before     1.0.2a might allowed attackers to cause a denial of     service (NULL pointer dereference and application crash)     via an invalid certificate key (bsc#920236).

  - CVE-2014-8176: The dtls1_clear_queues function in     ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before     1.0.0m, and 1.0.1 before 1.0.1h frees data structures     without considering that application data can arrive     between a ChangeCipherSpec message and a Finished     message, which allowed remote DTLS peers to cause a     denial of service (memory corruption and application     crash) or possibly have unspecified other impact via     unexpected application data (bsc#934494).

  - CVE-2015-4000: The TLS protocol 1.2 and earlier, when a     DHE_EXPORT ciphersuite is enabled on a server but not on     a client, did not properly convey a DHE_EXPORT choice,     which allowed man-in-the-middle attackers to conduct     cipher-downgrade attacks by rewriting a ClientHello with     DHE replaced by DHE_EXPORT and then rewriting a     ServerHello with DHE_EXPORT replaced by DHE, aka the     'Logjam' issue (bsc#931600).

  - CVE-2015-0205: The ssl3_get_cert_verify function in     s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1     before 1.0.1k accepts client authentication with a     Diffie-Hellman (DH) certificate without requiring a     CertificateVerify message, which allowed remote     attackers to obtain access without knowledge of a     private key via crafted TLS Handshake Protocol traffic     to a server that recognizes a Certification Authority     with DH support (bsc#912293).

  - CVE-2015-0206: Memory leak in the dtls1_buffer_record     function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and     1.0.1 before 1.0.1k allowed remote attackers to cause a     denial of service (memory consumption) by sending many     duplicate records for the next epoch, leading to failure     of replay detection (bsc#912292).

OpenSSL before 0.9.8zf, 1.0.0r, or 1.0.1m are unpatched for the following vulnerabilities :

  - An invalid read flaw exists in the 'ASN1_TYPE_cmp()' function due to improperly performed boolean-type comparisons. A remote attacker can exploit this, via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature, to cause an invalid read operation, resulting in a denial of service. (CVE-2015-0286)

  - A flaw exists in the 'ASN1_item_ex_d2i()' function due to a failure to reinitialize 'CHOICE' and 'ADB' data structures when reusing a structure in ASN.1 parsing. This allows a remote attacker to cause an invalid write operation and memory corruption, resulting in a denial of service. (CVE-2015-0287)

  - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing outer 'ContentInfo'. This allows a remote attacker, using an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, to cause a denial of service. (CVE-2015-0289)

  - A flaw exists in servers that both support SSLv2 and enable export cipher suites due to improper implementation of SSLv2. A remote attacker can exploit this, via a crafted CLIENT-MASTER-KEY message, to cause a denial of service. (CVE-2015-0293)

  - A NULL pointer dereference flaw exists in the 'X509_to_X509_REQ()' function due to improper processing of certificate keys. This allows a remote attacker, via a crafted X.509 certificate, to cause a denial of service. (CVE-2015-0288)

  - A use-after-free condition exists in the 'd2i_ECPrivateKey() function due to improper processing of malformed EC private key files during import. A remote attacker can exploit this to dereference or free already freed memory, resulting in a denial of service or other unspecified impact. (CVE-2015-0209)

The remote host is running a version of Mac OS X 10.10.x that is prior to version 10.10.4 and the following components contain vulnerabilities :

  - Admin Framework 
-  afpserver 
 - apache 
 - AppleFSCompression 
 - AppleGraphicsControl 
 - AppleThunderboltEDMService 
 - ATS 
 - Bluetooth 
 - Certificate Trust Policy 
 - CFNetwork HTTPAuthentication 
 - CoreText 
 - coreTLS 
 - DiskImages 
 - Display Drivers 
 - EFI 
 - FontParser 
 - Graphics Driver 
 - ImageIO 
 - Install Framework Legacy 
 - Intel Graphics Driver 
 - IOAcceleratorFamily 
 - IOFireWireFamily 
 - Kernel 
 - kext tools 
 - Mail 
 - ntfs 
 - ntp 
 - OpenSSL 
 - QuickTime 
 - Security 
 - Spotlight 
 - SQLite 
 - System Stats 
 - TrueTypeScaler 
 - zip

OpenSSL 1.0.2 prior to 1.0.2a are unpatched for the following vulnerabilities:

  - A flaw exists in the 'DTLSv1_listen()' function due to the state being preserved in the SSL object from one invocation to the next. A remote attacker can exploit this, via crafted DTLS traffic, to cause a segmentation fault, resulting in a denial of service. (CVE-2015-0207)

  - A flaw exists in the 'rsa_item_verify()' function due to improper implementation of ASN.1 signature verification. A remote attacker can exploit this, via an ASN.1 signature using the RSA PSS algorithm and invalid parameters, to cause a NULL pointer dereference, resulting in a denial of service. (CVE-2015-0208)

  - A use-after-free condition exists in the 'd2i_ECPrivateKey() function due to improper processing of malformed EC private key files during import. A remote attacker can exploit this to dereference or free already freed memory, resulting in a denial of service or other unspecified impact. (CVE-2015-0209)

  - A flaw exists in the 'ssl3_client_hello()' function due to improper validation of a PRNG seed before proceeding with a handshake, resulting in insufficient entropy and predictable output. This allows a man-in-the-middle attacker to defeat cryptographic protection mechanisms via a brute-force attack, resulting in the disclosure of sensitive information. (CVE-2015-0285)

  - An invalid read flaw exists in the 'ASN1_TYPE_cmp()' function due to improperly performed boolean-type comparisons. A remote attacker can exploit this, via a crafted X.509 certificate to an endpoint that uses the certificate-verification feature, to cause an invalid read operation, resulting in a denial of service. (CVE-2015-0286)

  - A flaw exists in the 'ASN1_item_ex_d2i()' function due to a failure to reinitialize 'CHOICE' and 'ADB' data structures when reusing a structure in ASN.1 parsing. This allows a remote attacker to cause an invalid write operation and memory corruption, resulting in a denial of service. (CVE-2015-0287)

  - A NULL pointer dereference flaw exists in the 'X509_to_X509_REQ()' function due to improper processing of certificate keys. This allows a remote attacker, via a crafted X.509 certificate, to cause a denial of service. (CVE-2015-0288)

  - A NULL pointer dereference flaw exists in the PKCS#7 parsing code due to incorrect handling of missing outer 'ContentInfo'. This allows a remote attacker, using an application that processes arbitrary PKCS#7 data and providing malformed data with ASN.1 encoding, to cause a denial of service. (CVE-2015-0289)

  - A flaw exists with the 'multiblock' feature in the 'ssl3_write_bytes()' function due to improper handling of certain non-blocking I/O cases. This allows a remote attacker to cause failed connections or a segmentation fault, resulting in a denial of service. (CVE-2015-0290)

  - A NULL pointer dereference flaw exists when handling clients attempting to renegotiate using an invalid signature algorithm extension. A remote attacker can exploit this to cause a denial of service. (CVE-2015-0291)

  - A flaw exists in servers that both support SSLv2 and enable export cipher suites due to improper implementation of SSLv2. A remote attacker can exploit this, via a crafted CLIENT-MASTER-KEY message, to cause a denial of service. (CVE-2015-0293)

  - A flaw exists in the 'ssl3_get_client_key_exchange()' function when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled. This allows a remote attacker, via a ClientKeyExchange message with a length of zero, to cause a denial of service. (CVE-2015-1787)

Multiple Cisco products incorporate a version of the OpenSSL package affected by one or more vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or corrupt portions of OpenSSL process memory.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed Elliptic Curve (EC) private-key file that is improperly handled during import.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

ID	Name	Product	Family	Published	Updated	Severity
81962	FreeBSD : OpenSSL -- multiple vulnerabilities (9d15355b-ce7c-11e4-9db0-d050992ecde8) (FREAK)	Nessus	FreeBSD Local Security Checks	3/20/2015	1/6/2021	high
82315	Mandriva Linux Security Advisory : openssl (MDVSA-2015:062)	Nessus	Mandriva Local Security Checks	3/30/2015	5/5/2022	high
84998	openSUSE Security Update : libressl (openSUSE-2015-507) (Logjam)	Nessus	SuSE Local Security Checks	7/27/2015	12/5/2022	high
8662	OpenSSL 0.9.8 < 0.9.8zf / 1.0.0 < 1.0.0r / 1.0.1 < 1.0.1m Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	3/27/2015	3/6/2019	medium
8801	Mac OS X < 10.10.4 Multiple Vulnerabilities	Nessus Network Monitor	Operating System Detection	10/12/2015	3/6/2019	critical
8661	OpenSSL 1.0.2 < 1.0.2a Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	3/27/2015	3/6/2019	medium
501779	Rockwell Automation Stratix OpenSSL Elliptic Curve d2i_ECPrivateKey Denial of Service (CVE-2015-0209)	Tenable OT Security	Tenable.ot	11/15/2023	12/18/2024	high
503102	Siemens SCALANCE X-200RNA Switch Devices Use After Free (CVE-2015-0209)	Tenable OT Security	Tenable.ot	3/13/2025	3/13/2025	high

Detections

Analytics

Plugins Search

high

high

high

medium

critical

medium

high

high