On March 25, 2021, the OpenSSL Project released a security advisory, OpenSSL Security Advisory [25 March 2021], that disclosed two vulnerabilities. Exploitation of these vulnerabilities could allow an malicious user to use a valid non-certificate authority (CA) certificate to act as a CA and sign a certificate for an arbitrary organization, user or device, or to cause a denial of service (DoS) condition. This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-openssl-2021-GHY28dJd
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openssl openssl |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
freebsd freebsd 12.2 |
||
netapp santricity smi-s provider - |
||
netapp snapcenter - |
||
netapp oncommand workflow automation - |
||
netapp storagegrid - |
||
netapp oncommand insight - |
||
netapp ontap select deploy administration utility - |
||
netapp active iq unified manager - |
||
netapp cloud volumes ontap mediator - |
||
netapp e-series performance analyzer - |
||
tenable tenable.sc |
||
tenable nessus |
||
tenable nessus network monitor 5.11.1 |
||
tenable nessus network monitor 5.12.0 |
||
tenable nessus network monitor 5.12.1 |
||
tenable nessus network monitor 5.13.0 |
||
tenable nessus network monitor 5.11.0 |
||
tenable log correlation engine |
||
fedoraproject fedora 34 |
||
mcafee web gateway cloud service 10.1.1 |
||
mcafee web gateway cloud service 9.2.10 |
||
mcafee web gateway cloud service 8.2.19 |
||
mcafee web gateway 10.1.1 |
||
mcafee web gateway 9.2.10 |
||
mcafee web gateway 8.2.19 |
||
checkpoint quantum security management firmware r80.40 |
||
checkpoint quantum security management firmware r81 |
||
checkpoint multi-domain management firmware r80.40 |
||
checkpoint multi-domain management firmware r81 |
||
checkpoint quantum security gateway firmware r80.40 |
||
checkpoint quantum security gateway firmware r81 |
||
oracle peoplesoft enterprise peopletools 8.57 |
||
oracle jd edwards world security a9.4 |
||
oracle primavera unifier |
||
oracle peoplesoft enterprise peopletools 8.58 |
||
oracle primavera unifier 19.12 |
||
oracle enterprise manager for storage management 13.4.0.0 |
||
oracle primavera unifier 20.12 |
||
oracle zfs storage appliance kit 8.8 |
||
oracle secure global desktop 5.6 |
||
oracle graalvm 20.3.1.2 |
||
oracle graalvm 21.0.0.2 |
||
oracle graalvm 19.3.5 |
||
oracle mysql server |
||
oracle mysql workbench |
||
oracle peoplesoft enterprise peopletools 8.59 |
||
oracle essbase 21.2 |
||
oracle mysql connectors |
||
oracle jd edwards enterpriseone tools |
||
oracle primavera unifier 21.12 |
||
oracle secure backup |
||
oracle communications communications policy management 12.6.0.0.0 |
||
sonicwall sma100 firmware |
||
sonicwall capture client 3.5 |
||
sonicwall sonicos 7.0.1.0 |
||
siemens ruggedcom rcm1224 firmware |
||
siemens scalance lpe9403 firmware |
||
siemens scalance m-800 firmware |
||
siemens scalance s602 firmware |
||
siemens scalance s612 firmware |
||
siemens scalance s615 firmware |
||
siemens scalance s623 firmware |
||
siemens scalance s627-2m firmware |
||
siemens scalance sc-600 firmware |
||
siemens scalance w700 firmware |
||
siemens scalance w1700 firmware |
||
siemens scalance xb-200 firmware |
||
siemens scalance xc-200 firmware |
||
siemens scalance xf-200ba firmware |
||
siemens scalance xm-400 firmware |
||
siemens scalance xp-200 firmware |
||
siemens scalance xr-300wg firmware |
||
siemens scalance xr524-8c firmware |
||
siemens scalance xr526-8c firmware |
||
siemens scalance xr528-6m firmware |
||
siemens scalance xr552-12 firmware |
||
siemens simatic cloud connect 7 firmware |
||
siemens simatic cloud connect 7 firmware - |
||
siemens simatic cp 1242-7 gprs v2 firmware |
||
siemens simatic cp 1242-7 gprs v2 firmware - |
||
siemens simatic hmi basic panels 2nd generation firmware |
||
siemens simatic hmi comfort outdoor panels firmware |
||
siemens simatic hmi ktp mobile panels firmware |
||
siemens simatic mv500 firmware |
||
siemens simatic net cp 1243-1 firmware |
||
siemens simatic net cp1243-7 lte eu firmware |
||
siemens simatic net cp1243-7 lte us firmware |
||
siemens simatic net cp 1243-8 irc firmware |
||
siemens simatic net cp 1542sp-1 irc firmware |
||
siemens simatic net cp 1543-1 firmware |
||
siemens simatic net cp 1543sp-1 firmware |
||
siemens simatic net cp 1545-1 firmware |
||
siemens simatic pcs 7 telecontrol firmware |
||
siemens simatic pcs neo firmware |
||
siemens simatic pdm firmware |
||
siemens simatic process historian opc ua server firmware |
||
siemens simatic rf166c firmware |
||
siemens simatic rf185c firmware |
||
siemens simatic rf186c firmware |
||
siemens simatic rf186ci firmware |
||
siemens simatic rf188c firmware |
||
siemens simatic rf188ci firmware |
||
siemens simatic rf360r firmware |
||
siemens simatic s7-1200 cpu 1211c firmware |
||
siemens simatic s7-1200 cpu 1212c firmware |
||
siemens simatic s7-1200 cpu 1212fc firmware |
||
siemens simatic s7-1200 cpu 1214 fc firmware |
||
siemens simatic s7-1200 cpu 1214c firmware |
||
siemens simatic s7-1200 cpu 1215 fc firmware |
||
siemens simatic s7-1200 cpu 1215c firmware |
||
siemens simatic s7-1200 cpu 1217c firmware |
||
siemens simatic s7-1500 cpu 1518-4 pn/dp mfp firmware |
||
siemens sinamics connect 300 firmware |
||
siemens tim 1531 irc firmware |
||
siemens simatic wincc runtime advanced |
||
siemens sinema server 14.0 |
||
siemens simatic logon |
||
siemens simatic logon 1.5 |
||
siemens simatic wincc telecontrol - |
||
siemens sinec nms 1.0 |
||
siemens sinec pni - |
||
siemens tia administrator |
||
siemens sinumerik opc ua server |
||
siemens sinec infrastructure network services |
||
nodejs node.js |
Debian, Ubuntu ahead of the curve in patching at least β don't be late yourself How do you fix a problem like open-source security? Google has an idea, though constraints may not go down well
Two high-severity vulnerabilities in the OpenSSL software library were disclosed on Thursday alongside the release of a patched version of the software, OpenSSL 1.1.1k. OpenSSL is widely used to implement the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, which support encrypted network connections. Alternatives include BoringSSL and LibreSSL, among others. The first flaw, a certificate check bypass (CVE-2021-3450), arose as a result of code implemented in v1.1.1h to pe...