var-201404-0008
Vulnerability from variot
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment. OpenSSL is prone to a remote memory-corruption vulnerability. An attacker can exploit this issue to cause denial-of-service condition. Due to the nature of this issue, arbitrary code execution may be possible; however, this has not been confirmed. As long as all other products which SMH V7.3.3.1 for Linux x86 communicates with have been upgraded to the latest versions, it will not be vulnerable to the exploits described in CVE-2014-0224. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
ESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities
EMC Identifier: ESA-2014-079
CVE Identifier: See below for individual CVEs
Severity Rating: CVSS v2 Base Score: See below for individual CVSS score for each CVE
Affected products:
\x95 All EMC Documentum Content Server versions of 7.1 prior to P07
\x95 All EMC Documentum Content Server versions of 7.0
\x95 All EMC Documentum Content Server versions of 6.7 SP2 prior to P16
\x95 All EMC Documentum Content Server versions of 6.7 SP1
\x95 All EMC Documentum Content Server versions prior to 6.7 SP1
Summary:
EMC Documentum Content Server contains fixes for multiple vulnerabilities which also include vulnerabilities disclosed by the OpenSSL project on June 5, 2014 in OpenSSL.
Details: EMC Documentum Content Server may be susceptible to the following vulnerabilities:
\x95 Arbitrary Code Execution (CVE-2014-4618): Authenticated non-privileged users can potentially execute Documentum methods with higher level privileges (up to and including superuser privileges) due to improper authorization checks being performed on user-created system objects. CVSS v2 Base Score: 8.2 (AV:N/AC:M/Au:S/C:C/I:C/A:P)
\x95 DQL Injection (CVE-2014-2520): Certain DQL hints in EMC Documentum Content Server may be potentially exploited by an authenticated non-privileged malicious user to conduct DQL injection attacks and read the database contents. CVSS v2 Base Score: 6.3 (AV:N/AC:M/Au:S/C:C/I:N/A:N)
\x95 Information Disclosure (CVE-2014-2521): Authenticated non-privileged users are allowed to retrieve meta-data of unauthorized system objects due to improper authorization checks being performed on certain RPC commands in Content Server. CVSS v2 Base Score: 6.3 (AV:N/AC:M/Au:S/C:C/I:N/A:N)
\x95 Multiple OpenSSL vulnerabilities (See individual CVEs below and refer to NVD for each of their scores): SSL/TLS Man-in-the-middle (MITM) vulnerability (CVE-2014-0224) DTLS recursion flaw (CVE-2014-0221) DTLS invalid fragment vulnerability (CVE-2014-0195) SSL_MODE_RELEASE_BUFFERS NULL pointer deference (CVE-2014-0198) SSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298) Anonymous ECDH denial of service (CVE-2014-3470) FLUSH + RELOAD cache side-channel attack (CVE-2014-0076) For more information about these vulnerabilities, please visit the original OpenSSL advisory https://www.openssl.org/news/secadv_20140605.txt
Resolution: The following versions contain the resolution for these issues: \x95 EMC Documentum Content Server version 7.1 P07 and later \x95 EMC Documentum Content Server version 7.0: Hotfixes are available for Windows & Linux. Contact EMC Support to obtain them. For Solaris and AIX, contact EMC Support to open Hotfix requests. \x95 EMC Documentum Content Server version 6.7 SP2 P16 and later \x95 EMC Documentum Content Server version 6.7 SP1: Hotfixes are available for Windows & Linux. Contact EMC Support to obtain them. For Solaris and AIX, contact EMC Support to open Hotfix requests.
EMC recommends all customers to upgrade to one of the above versions at the earliest opportunity.
Link to remedies: Registered EMC Online Support customers can download patches and software from support.emc.com at: https://support.emc.com/downloads/2732_Documentum-Server
For Hotfix, contact EMC Support.
Read and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867.
For an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.
EMC Corporation distributes EMC Security Advisories, in order to bring to the attention of users of the affected EMC products, important security information. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.
Release Date: 2014-08-08 Last Updated: 2014-08-08
Potential Security Impact: Remote denial of service (DoS), code execution, unauthorized access, disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH), HP Smart Update Manager (SUM), and HP Version Control Agent (VCA) running on Linux and Windows. These components of HP Insight Control server deployment could be exploited remotely resulting in denial of service (DoS), code execution, unauthorized access, or disclosure of information.
HP Insight Control server deployment packages HP System Management Homepage (SMH) and HP Version Control Agent (VCA), and HP Smart Update Manager (SUM) and deploys them through the following components. This bulletin provides the information needed to update the HP Insight Control server deployment solution.
Install HP Management Agents for Windows x86/x64 Install HP Management Agents for RHEL 5 x64 Install HP Management Agents for RHEL 6 x64 Install HP Management Agents for SLES 10 x64 Install HP Management Agents for SLES 11 x64 Upgrade Proliant Firmware
References:
CVE-2010-5298 Remote Denial of Service CVE-2014-0076 Unauthorized Disclosure of Information CVE-2014-0195 Remote Unauthorized Access CVE-2014-0198 Remote Denial of Service CVE-2014-0221 Remote Denial of Service (DoS) CVE-2014-0224 Remote Unauthorized Access or Disclosure of Information CVE-2014-3470 Remote Code Execution or Unauthorized Access SSRT101628
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, v7.2.2, v7.3.1
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2010-5298 (AV:N/AC:H/Au:N/C:N/I:P/A:P) 4.0 CVE-2014-0076 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2014-0195 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-0198 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0221 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0224 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2014-3470 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following updates to v7.3.1 of HP Insight Control server deployment to resolve this vulnerability. HP has provided manual update steps if a version upgrade is not possible; if users wish to remain at v7.1.2, v7.2.0, or v7.2.1.
Note: It is important to check your current running version of HP Insight Control server deployment and to follow the correct steps listed below. For HP Insight Control server deployment v7.2.2, users must upgrade to v7.3.1 and follow the steps below to remove the vulnerability. The vulnerability known as Heartbleed (CVE-2014-0160) was fixed in HP Insight Control server deployment v7.3.1. That Security Bulletin with instructions on how to upgrade to v7.3.1 can be found here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_n a-c04267749
HP Insight Control server deployment users of v7.1.2, v7.2.0, v7.2.1 should take the following steps to remove this vulnerability.
Delete the files smhamd64-.exe/smhx86-.exe" from Component Copy Location listed in the following table, rows 1 and 2. Delete the files "vcax86-.exe/vcaamd64-.exe from Component Copy Location listed in the following table, rows 3 and 4. Delete the files hpsmh-7.*.rpm" from Component Copy Location listed in row 5. In sequence, perform the steps from left to right in the following table. First, download components from Download Link; Second, rename the component as suggested in Rename to. Third, copy the component to the location specified in Component Copy Location. Table Row Number Download Link Rename to Component Copy Location
1 http://www.hp.com/swpublishing/MTX-e8076c2a35804685ad65b2b1ba smhamd64-ccp023716.exe \express\hpfeatures\hpagents-ws\components\Win2008
2 http://www.hp.com/swpublishing/MTX-3395d737d98f42149125b9bb05 smhx86-cp023715.exe \express\hpfeatures\hpagents-ws\components\Win2008
3 http://www.hp.com/swpublishing/MTX-8aefeaf490284a7691eca97d13 vcax86-cp023742.exe \express\hpfeatures\hpagents-ws\components\Win2008
4 http://www.hp.com/swpublishing/MTX-c0d32bac154a4d93839d8cd1f2 vcaamd64-cp023743.exe \express\hpfeatures\hpagents-ws\components\Win2008
5 http://www.hp.com/swpublishing/MTX-bd9a1cf60e344c549c4888db93 Do not rename the downloaded component for this step. \express\hpfeatures\hpagents-sles11-x64\components \express\hpfeatures\hpagents-sles10-x64\components \express\hpfeatures\hpagents-rhel5-x64\components \express\hpfeatures\hpagents-rhel6-x64\components
Download and extract the HPSUM 5.3.6 component from ftp://ftp.hp.com/pub/softlib2/software1/pubsw-windows/p750586112/v99793
Copy all content from extracted ZIP folder and paste into \eXpress\hpfeatures\fw-proLiant\components Initiate Install HP Management Agents for SLES 11 x64 on targets running SLES11 x64. Initiate Install HP Management Agents for SLES 10 x64 on targets running SLES10 x64. Initiate Install HP Management Agents for RHEL 6 x64 on targets running RHEL 6 x64. Initiate Install HP Management Agents for RHEL 5 x64 on targets running RHEL 5 x64. Initiate Install HP Management Agents for Windows x86/x64 on targets running Windows.
HP Insight Control server deployment users with v7.2.2:
Please upgrade to Insight Control server deployment v7.3.1 and follow the steps below for v7.3.1.
HP Insight Control server deployment users with v7.3.1:
Perform steps 1 - 4 as outlined above for users with HP Insight Control server deployment v7.1.2, v7.2.0, and v7.2.1. Download the HP SUM ZIP file from http://www.hp.com/swpublishing/MTX-f6c141a7feeb4a358bbb28300f
Extract the contents from the HP SUM ZIP file to \eXpress\hpfeatures\fw-proLiant\components location on the Insight Control server deployment server
Related security bulletins:
For System Management Homepage please see Security bulletin HPSBMU03051 https ://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04 345210
For HP Version Control Agent please see Security bulletin HPSBMU03057 https:/ /h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c0434 9897
HISTORY Version:1 (rev.1) - 8 August 2014 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: openssl security update Advisory ID: RHSA-2014:0625-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0625.html Issue date: 2014-06-05 CVE Names: CVE-2010-5298 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 =====================================================================
- Summary:
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
- Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.
It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224)
Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433
A buffer overflow flaw was found in the way OpenSSL handled invalid DTLS packet fragments. A remote attacker could possibly use this flaw to execute arbitrary code on a DTLS client or server. (CVE-2014-0195)
Multiple flaws were found in the way OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or server using OpenSSL could crash or unexpectedly drop connections when processing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)
A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash. (CVE-2014-0221)
A NULL pointer dereference flaw was found in the way OpenSSL performed anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially crafted handshake packet could cause a TLS/SSL client that has the anonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)
Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of CVE-2014-0224, Jüri Aedla as the original reporter of CVE-2014-0195, Imre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix Gröbert and Ivan Fratrić of Google as the original reporters of CVE-2014-3470.
All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1087195 - CVE-2010-5298 openssl: freelist misuse causing a possible use-after-free 1093837 - CVE-2014-0198 openssl: SSL_MODE_RELEASE_BUFFERS NULL pointer dereference in do_ssl3_write() 1103586 - CVE-2014-0224 openssl: SSL/TLS MITM vulnerability 1103593 - CVE-2014-0221 openssl: DoS when sending invalid DTLS handshake 1103598 - CVE-2014-0195 openssl: Buffer overflow via DTLS invalid fragment 1103600 - CVE-2014-3470 openssl: client-side denial of service when using anonymous ECDH
- Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source: openssl-1.0.1e-16.el6_5.14.src.rpm
i386: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm
x86_64: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source: openssl-1.0.1e-16.el6_5.14.src.rpm
i386: openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm openssl-perl-1.0.1e-16.el6_5.14.i686.rpm openssl-static-1.0.1e-16.el6_5.14.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source: openssl-1.0.1e-16.el6_5.14.src.rpm
x86_64: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source: openssl-1.0.1e-16.el6_5.14.src.rpm
x86_64: openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source: openssl-1.0.1e-16.el6_5.14.src.rpm
i386: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm
ppc64: openssl-1.0.1e-16.el6_5.14.ppc.rpm openssl-1.0.1e-16.el6_5.14.ppc64.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.ppc.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.ppc64.rpm openssl-devel-1.0.1e-16.el6_5.14.ppc.rpm openssl-devel-1.0.1e-16.el6_5.14.ppc64.rpm
s390x: openssl-1.0.1e-16.el6_5.14.s390.rpm openssl-1.0.1e-16.el6_5.14.s390x.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.s390.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.s390x.rpm openssl-devel-1.0.1e-16.el6_5.14.s390.rpm openssl-devel-1.0.1e-16.el6_5.14.s390x.rpm
x86_64: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source: openssl-1.0.1e-16.el6_5.14.src.rpm
i386: openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-perl-1.0.1e-16.el6_5.14.i686.rpm openssl-static-1.0.1e-16.el6_5.14.i686.rpm
ppc64: openssl-debuginfo-1.0.1e-16.el6_5.14.ppc64.rpm openssl-perl-1.0.1e-16.el6_5.14.ppc64.rpm openssl-static-1.0.1e-16.el6_5.14.ppc64.rpm
s390x: openssl-debuginfo-1.0.1e-16.el6_5.14.s390x.rpm openssl-perl-1.0.1e-16.el6_5.14.s390x.rpm openssl-static-1.0.1e-16.el6_5.14.s390x.rpm
x86_64: openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source: openssl-1.0.1e-16.el6_5.14.src.rpm
i386: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm
x86_64: openssl-1.0.1e-16.el6_5.14.i686.rpm openssl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm openssl-devel-1.0.1e-16.el6_5.14.i686.rpm openssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source: openssl-1.0.1e-16.el6_5.14.src.rpm
i386: openssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm openssl-perl-1.0.1e-16.el6_5.14.i686.rpm openssl-static-1.0.1e-16.el6_5.14.i686.rpm
x86_64: openssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm openssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm openssl-static-1.0.1e-16.el6_5.14.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2010-5298.html https://www.redhat.com/security/data/cve/CVE-2014-0195.html https://www.redhat.com/security/data/cve/CVE-2014-0198.html https://www.redhat.com/security/data/cve/CVE-2014-0221.html https://www.redhat.com/security/data/cve/CVE-2014-0224.html https://www.redhat.com/security/data/cve/CVE-2014-3470.html https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/site/articles/904433 https://access.redhat.com/site/solutions/905793
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFTkGAKXlSAg2UNWIIRAnrwAJ9sLrj3wCAZhJU00jxgt03unDAHywCfVjUB pJJhdOUzRUL8R2haDM4xrsk= =hZF8 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce. Unvalidated Redirect Vulnerability (CVE-2015-0512)
A potential vulnerability in Unisphere Central may allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. The attacker can specify the location of the arbitrary site in the unvalidated parameter of a crafted URL. If this URL is accessed, the browser is redirected to the arbitrary site specified in the parameter.
CVSSv2 Base Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
- To search for a particular CVE, use the NVD database\x92s search utility at http://web.nvd.nist.gov/view/vuln/search
Resolution: The following Unisphere Central release contains resolutions to the above issues: \x95 Unisphere Central version 4.0.
The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack (CVE-2014-0076).
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug (CVE-2014-0160).
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the CCS Injection vulnerability (CVE-2014-0224).
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the POODLE issue (CVE-2014-3566).
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c (CVE-2014-3570).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message (CVE-2014-3572).
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c (CVE-2014-8275).
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the FREAK issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations (CVE-2015-0204).
The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support (CVE-2015-0205).
The updated packages have been upgraded to the 1.0.1m version where these security flaws has been fixed.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293 http://openssl.org/news/secadv_20150108.txt http://openssl.org/news/secadv_20150319.txt
Updated Packages:
Mandriva Business Server 2/X86_64: 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS kz0ex6eI6hA6qSwklA2NoXY= =GYjX -----END PGP SIGNATURE----- . These vulnerabilities include:
-
The SSLv3 vulnerability known as "Padding Oracle on Downgraded Legacy Encryption" also known as "POODLE", which could be exploited remotely resulting in disclosure of information.
-
HP StoreVirtual VSA Software 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 China Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4530 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5
- HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2010-5298
4.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
4.0 (AV:N/AC:H/Au:N/C:N/I:P/A:P)
CVE-2014-0076
4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N)
CVE-2014-0195
7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVE-2014-0198
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVE-2014-0221
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVE-2014-0224
6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVE-2014-3470
5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVE-2014-3566
3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVE-2016-0705
9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE recommends applying the following software updates to resolve the vulnerabilities in the impacted versions of HPE StoreVirtual products running HPE LeftHand OS.
LeftHand OS v11.5 - Patches 45019-00 and 45020 LeftHand OS v12.0 - Patches 50016-00 and 50017-00 LeftHand OS v12.5 - Patch 55016-00 LeftHand OS v12.6 - Patch 56002-00
Notes:
These patches enable TLSv1.2 protocol and upgrades the OpenSSL RPM revision to OpenSSL v1.0.1e 48. These patches migrate Certificate Authority Hashing Algorithm from a weak hashing algorithm SHA1 to the stronger hashing algorithm SHA256. Summary
VMware product updates address OpenSSL security vulnerabilities. Relevant Releases
ESXi 5.5 prior to ESXi550-201406401-SG
- Problem Description
a.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2014-0224, CVE-2014-0198,
CVE-2010-5298, CVE-2014-3470, CVE-2014-0221 and CVE-2014-0195 to
these issues. The most important of these issues is
CVE-2014-0224.
CVE-2014-0198, CVE-2010-5298 and CVE-2014-3470 are considered to
be of moderate severity. Exploitation is highly unlikely or is
mitigated due to the application configuration.
CVE-2014-0221 and CVE-2014-0195, which are listed in the OpenSSL
Security Advisory (see Reference section below), do not affect
any VMware products. For readability
the affected products have been split into 3 tables below,
based on the different client-server configurations and
deployment scenarios. Applying these patches to
affected servers will mitigate the affected clients (See Table 1
below). can be mitigated by using a secure network such as
VPN (see Table 2 below).
Clients and servers that are deployed on an isolated network are
less exposed to CVE-2014-0224 (see Table 3 below). The affected
products are typically deployed to communicate over the
management network.
RECOMMENDATIONS
VMware recommends customers evaluate and deploy patches for
affected Servers in Table 1 below as these patches become
available. Patching these servers will remove the ability to
exploit the vulnerability described in CVE-2014-0224 on both
clients and servers. VMware recommends customers consider
applying patches to products listed in Table 2 & 3 as required.
Column 4 of the following tables lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============== ======= ======= =============
ESXi 5.5 ESXi ESXi550-
201406401-SG
Big Data Extensions 1.1 patch pending
Charge Back Manager 2.6 patch pending
Horizon Workspace Server
GATEWAY 1.8.1 patch pending
Horizon Workspace Server
GATEWAY 1.5 patch pending
Horizon Workspace Server
DATA 1.8.1 patch pending
Horizon Mirage Edge Gateway 4.4.2 patch pending
Horizon View 5.3.1 patch pending
Horizon View Feature Pack 5.3 SP2 patch pending
NSX for Multi-Hypervisor 4.1.2 patch pending
NSX for Multi-Hypervisor 4.0.3 patch pending
NSX for vSphere 6.0.4 patch pending
NVP 3.2.2 patch pending
vCAC 6.0.1 patch pending
vCloud Networking and Security 5.5.2 patch pending
vCloud Networking and Security 5.1.2 patch pending
vFabric Web Server 5.3.4 patch pending
vCHS - DPS-Data Protection 2.0 patch pending
Service
Table 2
========
Affected clients running a vulnerable version of OpenSSL 0.9.8
or 1.0.1 and communicating over an untrusted network.
VMware Product Running Replace with/
Product Version on Apply Patch
============== ======= ======= =============
vCSA 5.5 patch pending
vCSA 5.1 patch pending
vCSA 5.0 patch pending
ESXi 5.1 ESXi patch pending
ESXi 5.0 ESXi patch pending
Workstation 10.0.2 any patch pending
Workstation 9.0.3 any patch pending
Fusion 6.x OSX patch pending
Fusion 5.x OSX patch pending
Player 10.0.2 any patch pending
Player 9.0.3 any patch pending
Chargeback Manager 2.5.x patch pending
Horizon Workspace Client for 1.8.1 OSX patch pending
Mac
Horizon Workspace Client for 1.5 OSX patch pending
Mac
Horizon Workspace Client for 1.8.1 Windows patch pending
Windows
Horizon Workspace Client for 1.5 Windows patch pending
OVF Tool 3.5.1 patch pending
OVF Tool 3.0.1 patch pending
vCenter Operations Manager 5.8.1 patch pending
vCenter Support Assistant 5.5.0 patch pending
vCenter Support Assistant 5.5.1 patch pending
vCD 5.1.2 patch pending
vCD 5.1.3 patch pending
vCD 5.5.1.1 patch pending
vCenter Site Recovery Manager 5.0.3.1 patch pending
Table 3
=======
The following table lists all affected clients running a
vulnerable version of OpenSSL 0.9.8 or 1.0.1 and communicating
over an untrusted network.
VMware Product Running Replace with/
Product Version on Apply Patch
============== ======= ======= =============
vCenter Server 5.5 any patch pending
vCenter Server 5.1 any patch pending
vCenter Server 5.0 any patch pending
Update Manager 5.5 Windows patch pending
Update Manager 5.1 Windows patch pending
Update Manager 5.0 Windows patch pending
Config Manager (VCM) 5.6 patch pending
Horizon View Client 5.3.1 patch pending
Horizon View Client 4.x patch pending
Horizon Workspace 1.8.1 patch pending
Horizon Workspace 1.5 patch pending
ITBM Standard 1.0.1 patch pending
ITBM Standard 1.0 patch pending
Studio 2.6.0.0 patch pending
Usage Meter 3.3 patch pending
vCenter Chargeback Manager 2.6 patch pending
vCenter Converter Standalone 5.5 patch pending
vCenter Converter Standalone 5.1 patch pending
vCD (VCHS) 5.6.2 patch pending
vCenter Site Recovery Manager 5.5.1 patch pending
vCenter Site Recovery Manager 5.1.1 patch pending
vFabric Application Director 5.2.0 patch pending
vFabric Application Director 5.0.0 patch pending
View Client 5.3.1 patch pending
View Client 4.x patch pending
VIX API 5.5 patch pending
VIX API 1.12 patch pending
vMA (Management Assistant) 5.1.0.1 patch pending
VMware Data Recovery 2.0.3 patch pending
VMware vSphere CLI 5.5 patch pending
vSphere Replication 5.5.1 patch pending
vSphere Replication 5.6 patch pending
vSphere SDK for Perl 5.5 patch pending
vSphere Storage Appliance 5.5.1 patch pending
vSphere Storage Appliance 5.1.3 patch pending
vSphere Support Assistant 5.5.1 patch pending
vSphere Support Assistant 5.5.0 patch pending
vSphere Virtual Disk 5.5 patch pending
Development Kit
vSphere Virtual Disk 5.1 patch pending
Development Kit
vSphere Virtual Disk 5.0 patch pending
Development Kit
- Solution
ESXi 5.5
Download: https://www.vmware.com/patchmgr/download.portal
Release Notes and Remediation Instructions: http://kb.vmware.com/kb/2077359
- Change Log
2014-06-10 VMSA-2014-0006 Initial security advisory in conjunction with the release of ESXi 5.5 updates on 2014-06-10
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories http://www.vmware.com/security/advisories
VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html
Twitter https://twitter.com/VMwareSRC
Copyright 2014 VMware Inc. All rights reserved.
The attack can only be performed between a vulnerable client and server.
Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and researching this issue. This issue was reported to OpenSSL on 1st May 2014 via JPCERT/CC.
The fix was developed by Stephen Henson of the OpenSSL core team partly based on an original patch from KIKUCHI Masashi.
DTLS recursion flaw (CVE-2014-0221)
By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack.
OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.
Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. This issue was reported to OpenSSL on 9th May 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.
Thanks to Jüri Aedla for reporting this issue. This issue was reported to OpenSSL on 23rd April 2014 via HP ZDI.
The fix was developed by Stephen Henson of the OpenSSL core team. This flaw only affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.
OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 1.0.1 users should upgrade to 1.0.1h.
This issue was reported in public. The fix was developed by Matt Caswell of the OpenSSL development team. This flaw only affects multithreaded applications using OpenSSL 1.0.0 and 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the default and not common.
OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 1.0.1 users should upgrade to 1.0.1h.
This issue was reported in public.
OpenSSL 0.9.8 users should upgrade to 0.9.8za OpenSSL 1.0.0 users should upgrade to 1.0.0m. OpenSSL 1.0.1 users should upgrade to 1.0.1h.
Thanks to Felix Gröbert and Ivan Fratrić at Google for discovering this issue. This issue was reported to OpenSSL on 28th May 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
Other issues
OpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for CVE-2014-0076: Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" Reported by Yuval Yarom and Naomi Benger. This issue was previously fixed in OpenSSL 1.0.1g.
References
URL for this Security Advisory: http://www.openssl.org/news/secadv_20140605.txt
Note: the online version of the advisory may be updated with additional details over time.
HP Systems Insight Manager v7.3 Hotfix kit HP Systems Insight Manager v7.2 Hotfix kit
http://h18013.www1.hp.com/products/servers/management/hpsim/download.html
NOTE: No reboot of the system is required after applying the HP SIM Hotfix kit. ============================================================================ Ubuntu Security Notice USN-2192-1 May 05, 2014
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 13.10
- Ubuntu 12.10
- Ubuntu 12.04 LTS
Summary:
OpenSSL could be made to crash if it received specially crafted network traffic. (CVE-2010-5298)
It was discovered that OpenSSL incorrectly handled memory in the do_ssl3_write() function. (CVE-2014-0198)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.1
Ubuntu 13.10: libssl1.0.0 1.0.1e-3ubuntu1.3
Ubuntu 12.10: libssl1.0.0 1.0.1c-3ubuntu2.8
Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.13
After a standard system update you need to reboot your computer to make all the necessary changes
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201404-0008", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "19" }, { "model": "linux enterprise software development kit", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "12" }, { "model": "mariadb", "scope": "lt", "trust": 1.0, "vendor": "mariadb", "version": "10.0.13" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "20" }, { "model": "openssl", "scope": "lte", "trust": 1.0, "vendor": "openssl", "version": "1.0.1g" }, { "model": "linux enterprise desktop", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "12" }, { "model": "mariadb", "scope": "gte", "trust": 1.0, "vendor": "mariadb", "version": "10.0.0" }, { "model": "linux enterprise workstation extension", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "12" }, { "model": "linux enterprise server", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "12" }, { "model": "bladecenter advanced management module 3.66e", "scope": null, "trust": 0.9, "vendor": "ibm", "version": null }, { "model": "project openssl 1.0.0a", "scope": null, "trust": 0.6, "vendor": "openssl", "version": null }, { "model": "ssl vpn 8.0r4", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storevirtual 1tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "security enterprise scanner", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.1" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.3.3" }, { "model": "real-time compression appliance", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.8.106" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.3.3.1" }, { "model": "spa232d multi-line dect ata", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security access manager for web appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "policy center v100r003c00spc305", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "solaris", "scope": "ne", "trust": 0.3, "vendor": "oracle", "version": "11.1.20.5.0" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.9" }, { "model": "storevirtual 1tb mdl china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "junos d30", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x45" }, { "model": "infosphere guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "algo audit and compliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.2" }, { "model": "project openssl 0.9.8f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "58200" }, { "model": "documentum content server p06", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "7.1" }, { "model": "tandberg mxp", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "8800" }, { "model": "proactive network operations center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos os 13.1r4-s3", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "junos 12.1r8-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl 1.0.0d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "prime network analysis module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6" }, { "model": "project openssl 1.0.1e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "ip video phone e20", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "project openssl g", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "ios software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos 12.1x46-d25", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "ios xe software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.5" }, { "model": "project openssl beta3", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "mate products", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "6.2" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.2.12" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32400" }, { "model": "project openssl 1.0.1a", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.6.1" }, { "model": "cp1543-1", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "computer telephony integration object server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 4tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "junos 12.1r", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "isoc v200r001c00spc202", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "3000" }, { "model": "family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "60000" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "3.1.9" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.1" }, { "model": "small business isa500 series integrated security appliances", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "srg1200\u00262200\u00263200 v100r002c02hp0001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "security network intrusion prevention system gx3002", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "9.2" }, { "model": "ace application control engine module", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1" }, { "model": "junos 12.3r5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storevirtual 600gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413011.5" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "storevirtual 2tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3100v2-480" }, { "model": "junos 13.3r3", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 11.4r11", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.3.28" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.470" }, { "model": "systems insight manager 7.3.0a", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "storevirtual hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433511.5" }, { "model": "project openssl 1.0.0g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "56000" }, { "model": "anyconnect secure mobility client for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.1.3" }, { "model": "uacos c4.4r11.1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "dsr-500n 1.09.b61", "scope": "ne", "trust": 0.3, "vendor": "d link", "version": null }, { "model": "unified contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.3" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "junos 12.1x44-d35", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "msr3000 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "video surveillance series ip camera", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "40000" }, { "model": "anyconnect secure mobility client for desktop platforms", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-iq device", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.2" }, { "model": "idp 4.1r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "10.4" }, { "model": "jabber guest", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "8.3" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.2" }, { "model": "m220 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "7775" }, { "model": "web security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "usg9500 usg9500 v300r001c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "s2750\u0026s5700\u0026s6700 v200r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "58300" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "spa510 series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "espace u19** v100r001c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "content security management appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "4800g switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.3.1" }, { "model": "junos 12.1x44-d34", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "uma v200r001c00spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "idp 4.1r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.3" }, { "model": "storevirtual vsa software", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "11.5" }, { "model": "storevirtual 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x44" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "usg9500 v200r001c01sph902", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "vpn client v100r001c02spc702", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "secure analytics 2013.2r8", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "telepresence content server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tandberg codian mse model", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83200" }, { "model": "uma v200r001c00spc200", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "api management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "oceanstor s6800t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl 0.9.8w", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "junos 12.1x47-d10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "11.4" }, { "model": "oneview", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.0" }, { "model": "isoc v200r001c00", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "3000" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "119000" }, { "model": "secure analytics 2014.2r3", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.5" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "enterprise linux server eus 6.5.z", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "9.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.10" }, { "model": "simatic wincc oa", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "3.12" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.1.2" }, { "model": "junos 13.1r3-s1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "manageone v100r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1" }, { "model": "eupp v100r001c10spc002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "rox", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "10" }, { "model": "prime performance manager for sps", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.1g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storevirtual 4tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "5.0" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.6" }, { "model": "clustered data ontap antivirus connector", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.0.2" }, { "model": "oneview", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "1.10" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "f1000a and s family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "s7700\u0026s9700 v200r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "storevirtual vsa software", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "12.6" }, { "model": "prime access registrar appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "87100" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "u200a and m family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.10" }, { "model": "flex system fc5022", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "sterling file gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "850/8700" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "junos 11.4r9", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.0" }, { "model": "s3900 v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 600gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.6" }, { "model": "ips", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual china hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433511.5" }, { "model": "unified communications widgets click to call", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "agile controller v100r001c00spc200", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace usm v100r001 v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "softco v100r003", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s5500t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "7765" }, { "model": "videoscape anyres live", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence t series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 1tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5" }, { "model": "junos d20", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": "12.1x46" }, { "model": "unified attendant console advanced", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.0h", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mds switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart update manager for linux", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.3.5" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "4.3" }, { "model": "storevirtual 450gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "proventia network security controller 1.0.3352m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "documentum content server p07", "scope": "ne", "trust": 0.3, "vendor": "emc", "version": "7.1" }, { "model": "hsr6602 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6.4" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.0" }, { "model": "wag310g wireless-g adsl2+ gateway with voip", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.5" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.4.6" }, { "model": "project openssl g", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "telepresence tx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "90000" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10000" }, { "model": "security threat response manager", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "2012.1" }, { "model": "nexus switch", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "31640" }, { "model": "jabber for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.2.2" }, { "model": "fastsetup", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.11" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "unified wireless ip phone series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "29200" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "9.5" }, { "model": "fusionsphere v100r003c10spc600", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "msr93x family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "telepresence advanced media gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32100" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.3" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.4" }, { "model": "solaris", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "11.1" }, { "model": "smc2.0 v100r002c01b025sp07", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.0" }, { "model": "s2700\u0026s3700 v100r006", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl 0.9.8r", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "espace cc v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "wx5002/5004 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "storevirtual 1tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "ida pro", "scope": "eq", "trust": 0.3, "vendor": "hex ray", "version": "6.5" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.2.4.1" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1.5-3" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.6" }, { "model": "jabber for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "upward integration modules for vmware vsphere", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.5" }, { "model": "usg5000 v300r001c10sph201", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "updatexpress system packs installer", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.61" }, { "model": "security information and event management", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "9.4" }, { "model": "security network intrusion prevention system gx5208", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "junos 11.4r12", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.14" }, { "model": "prime optical for sps", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "10.0-release-p2", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "a6600 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "isoc v200r001c01", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "5000" }, { "model": "si switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "51200" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473011.5" }, { "model": "project openssl 0.9.8y", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.3" }, { "model": "junos 12.1x44-d40", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "vsr1000 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "project openssl beta4", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.0" }, { "model": "esight-ewl v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos 13.3r2-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.3.2.4" }, { "model": "junos 12.1r5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "10.1" }, { "model": "security network intrusion prevention system gx4004-v2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "guardium database activity monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "hyperdp oceanstor n8500 v200r001c91", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "asg2000 v100r001c10sph001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.11" }, { "model": "storevirtual hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.0" }, { "model": "documentum content server", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "7.1" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.2" }, { "model": "manageone v100r001c02", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "10.2" }, { "model": "project openssl 1.0.0l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "wireless lan controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart call home", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "oncommand unified manager core package", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "simatic wincc oa", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "3.8" }, { "model": "storevirtual 1tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "project openssl beta5", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.2" }, { "model": "s7700\u0026s9700 v100r006", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.3" }, { "model": "big-ip apm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "11.5.1" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.0" }, { "model": "oic v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "storevirtual 3tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.0" }, { "model": "s6900 v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.3" }, { "model": "spa300 series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": "14.1" }, { "model": "vsm v200r002c00spc503", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "upward integration modules for microsoft system center", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.5" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.2" }, { "model": "ecns610 v100r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "ucs b-series servers", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.3" }, { "model": "junos 12.3r7", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl 0.9.8p", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "junos 13.2r5", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos r7", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.3" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "documentum content server sp1", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "telepresence isdn link", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "3.1.4" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.5" }, { "model": "storevirtual china hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433511.5" }, { "model": "storevirtual hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.6" }, { "model": "junos 12.3r6", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "universal small cell series software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50003.4.2.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.13" }, { "model": "tandberg codian isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32200" }, { "model": "hardware management console release", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v77.9" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "storevirtual fc 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "security access manager for web appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "msr20 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "junos 12.1r9", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "s5900 v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos 13.2r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos 11.4r10-s1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "documentum content server p05", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "7.1" }, { "model": "oceanstor s6800t v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos 12.1x46-d20", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.2" }, { "model": "jabber video for telepresence", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.5" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.5" }, { "model": "secure access control server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos 12.2r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.0" }, { "model": "junos 5.0r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "129000" }, { "model": "fortios build", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "5.2.0589" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.4" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "virtualization experience media engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "documentum content server sp2", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.2.10" }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.1" }, { "model": "storevirtual 4tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "hsr6800 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "jabber im for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "snapdrive for windows", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "project openssl 0.9.8m beta1", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "ssl vpn 7.4r11.1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "6.1" }, { "model": "small cell factory recovery root filesystem", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.99.4" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.4" }, { "model": "guardium database activity monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.0.0" }, { "model": "big-iq device", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.3" }, { "model": "project openssl 0.9.8q", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "sterling connect:express for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.5.0.11" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "msr20 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "manageone v100r002c10 spc320", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "svn2200 v200r001c01spc600", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "rational application developer for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0.1" }, { "model": "s2750\u0026s5700\u0026s6700 v100r006", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual china hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.3.10" }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3200" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "msr1000 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "11.1" }, { "model": "storevirtual 3tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "secblade iii", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "espace vtm v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "jabber software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "spa122 ata with router", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "junos 10.4r", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "8.0" }, { "model": "junos 12.1r8-s3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "security network intrusion prevention system gx5208-v2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.6" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "junos 13.2r5", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.5" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "infosphere guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "junos 12.1x46-d10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl 1.0.1c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "advanced settings utility", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.60" }, { "model": "spa525 series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "data ontap smi-s agent", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "junos 13.1r4-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "(comware family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "12500v7)0" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.4.0.15" }, { "model": "automation stratix", "scope": "ne", "trust": 0.3, "vendor": "rockwell", "version": "590015.6.3" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.2" }, { "model": "cp1543-1", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "1.1.25" }, { "model": "project openssl 0.9.8m", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "tssc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "secure analytics", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "2013.2" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473011.5" }, { "model": "advanced settings utility", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.52" }, { "model": "eupp v100r001c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "msr30 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "nexus series fabric extenders", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "20000" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.3.2" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.4.0" }, { "model": "security network intrusion prevention system gx6116", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "project openssl 1.0.1f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "463012.0" }, { "model": "storevirtual china hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.6" }, { "model": "strm 2012.1r8", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storevirtual 600gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.0" }, { "model": "oncommand workflow automation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "telepresence mxp series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.3.2" }, { "model": "algo audit and compliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "upward integration modules for vmware vsphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.2" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "13000" }, { "model": "documentum content server p02", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "7.1" }, { "model": "espace u2980 v100r001c02", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos os 12.1x47-d10", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "uma-db v2r1coospc101", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "security information and event management hf6", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "9.2.2" }, { "model": "upward integration modules for microsoft system center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0.1" }, { "model": "identity service engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 0.9.8g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "jsa 2014.2r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "8.2" }, { "model": "telepresence exchange system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cms r17", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7900.00" }, { "model": "usg9300 usg9300 v100r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "s12700 v200r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "f1000e family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "smart update manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.4" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7" }, { "model": "oncommand workflow automation", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "sterling file gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "desktop collaboration experience dx650", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos os 12.2r9", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "oncommand unified manager core package 5.2.1p1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "automation stratix", "scope": "eq", "trust": 0.3, "vendor": "rockwell", "version": "59000" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.3" }, { "model": "oceanstor s2200t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "19200" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.3" }, { "model": "storevirtual hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433511.5" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.0" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "smart analytics system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7600-" }, { "model": "espace u2990 v200r001c02", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "hsr6602 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.1.1" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "11.0" }, { "model": "msr93x russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "telepresence system series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "30000" }, { "model": "secure analytics 2014.2r2", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "s7-1500", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "storevirtual 3tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "s2900 v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "srg1200\u00262200\u00263200 v100r002c02spc800", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "telepresence server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70100" }, { "model": "dsr-1000n rev. a1", "scope": null, "trust": 0.3, "vendor": "d link", "version": null }, { "model": "open source security information management", "scope": "ne", "trust": 0.3, "vendor": "alienvault", "version": "4.10" }, { "model": "junos 13.3r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "9.6" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "storevirtual hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.5" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "ei switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "51200" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.2" }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.1.21" }, { "model": "svn5500 v200r001c01spc600", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual vsa software", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "12.0" }, { "model": "telepresence ip gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "email security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7.6" }, { "model": "junos 12.1r10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "simatic s7-1500", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "1.5.0" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.2.0.1055" }, { "model": "msr50 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1" }, { "model": "open systems snapvault 3.0.1p6", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "smart update manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.0" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.2" }, { "model": "onepk all-in-one vm", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.7" }, { "model": "usg5000 v300r001c10spc200", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "jabber voice for android", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual china hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.0" }, { "model": "idp 4.2r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.1.1" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.9" }, { "model": "infosphere guardium", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.1.5.1" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.5" }, { "model": "idp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.0" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.2" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.3" }, { "model": "tandberg mxp", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7700" }, { "model": "virusscan enterprise for linux", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "1.7.1" }, { "model": "strm", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "2012.1" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "9.4" }, { "model": "msr50 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "big-iq security", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.3" }, { "model": "storevirtual 1tb mdl china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "prime data center network manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "11.4x27" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.1" }, { "model": "junos 12.1x45-d25", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "cc v200r001c31", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.5.0.15" }, { "model": "junos 13.2r3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "junos 13.2r2-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "u200s and cs family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.0.4" }, { "model": "security threat response manager 2013.2r8", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "s12700 v200r005+v200r005hp0", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "s5900 v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "xenmobile app controller", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "2.10" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.0.10648" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.1" }, { "model": "project openssl l", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "xenmobile app controller", "scope": "eq", "trust": 0.3, "vendor": "citrix", "version": "2.9" }, { "model": "esight v2r3c10spc201", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s5500t v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.0" }, { "model": "ssl vpn", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.4" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "isoc v200r001c02", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "9000" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6.1" }, { "model": "software development kit", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.0" }, { "model": "storevirtual china hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.6" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.4" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.3" }, { "model": "security information and event management hf3", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "9.1.4" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "project openssl 0.9.8l", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security information and event management", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "9.1" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6.6" }, { "model": "hsr6800 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "documentum content server sp2 p13", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "agent desktop for cisco unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.1" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.5" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.1" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "s3900 v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oneview", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.01" }, { "model": "switch series (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10500v5)0" }, { "model": "smart update manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0" }, { "model": "ddos secure", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "anyoffice emm", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "2.6.0601.0090" }, { "model": "adaptive security appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ddos secure", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": "5.14.1-1" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "security manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ip office server edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.1" }, { "model": "s2750\u0026s5700\u0026s6700 v200r005+v200r005hp0", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.1.2" }, { "model": "video surveillance series ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "tivoli storage flashcopy manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.3" }, { "model": "tssc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.12" }, { "model": "vsm v200r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos 13.3r2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "one-x client enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "simatic s7-1500", "scope": "ne", "trust": 0.3, "vendor": "siemens", "version": "1.6" }, { "model": "strm/jsa 2013.2r8", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl 1.0.0i", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network intrusion prevention system gx7412", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "ngfw family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "powervu d9190 comditional access manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "storevirtual 3tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "11.3" }, { "model": "junos 10.4r16", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "msr9xx russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "junos 12.3r4-s3", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "10" }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl 1.0.1h", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "security network intrusion prevention system gx5108", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "ssl vpn", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "8.0" }, { "model": "real-time compression appliance", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.1.203" }, { "model": "anyconnect secure mobility client", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "msr50-g2 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "storevirtual 1tb mdl china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "storevirtual fc 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.1.21" }, { "model": "security network intrusion prevention system gx5008", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "usg9500 usg9500 v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual china hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.5" }, { "model": "tssc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3" }, { "model": "softco v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "documentum content server sp2 p14", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "junos 5.0r4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "s2750\u0026s5700\u0026s6700 v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "s2700\u0026s3700 v100r006c05+v100r06h", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3.1" }, { "model": "junos 12.1x44-d20", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "oceanstor s6800t v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "rox", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "11.16" }, { "model": "storevirtual 4tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "ecns600 v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "ive os", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.2.13" }, { "model": "telepresence mcu series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "web gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.4.2.1" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.3" }, { "model": "storevirtual 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "jabber voice for iphone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "prime network services controller", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "asg2000 v100r001c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "idp 5.1r4", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "unified ip conference phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "88310" }, { "model": "virusscan enterprise for linux", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "1.8" }, { "model": "project openssl 1.0.0e", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "oic v100r001c00spc402", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "documentum content server", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "7.0" }, { "model": "junos os 12.1x46-d25", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "uacos c5.0r4.1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "security network intrusion prevention system gx4004", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "security network intrusion prevention system gv1000", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "webex messenger service", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos 13.1r.3-s1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "nac manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "s7700\u0026s9700 v200r005+v200r005hp0", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "smc2.0 v100r002c01b017sp17", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "463012.6" }, { "model": "storevirtual 450gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "58000" }, { "model": "hardware management console release", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v77.8" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6.5" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1x8664" }, { "model": "hardware management console release", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v77.7" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "junos os 12.1x46-d20", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.6" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "dsr-1000 1.09.b61", "scope": "ne", "trust": 0.3, "vendor": "d link", "version": null }, { "model": "family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3100v20" }, { "model": "junos 12.1x45-d10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.10" }, { "model": "aura collaboration environment", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "tivoli storage flashcopy manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "security network intrusion prevention system gx7800", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.1.2" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0" }, { "model": "uacos c5.0", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "workcentre", "scope": "eq", "trust": 0.3, "vendor": "xerox", "version": "7755" }, { "model": "strm/jsa", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "2013.2" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8x" }, { "model": "vtm v100r001c30", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "logcenter v200r003c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s5500t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "security network intrusion prevention system", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.6.1" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473011.5" }, { "model": "storevirtual 2tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "dynamic system analysis", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.61" }, { "model": "storevirtual 1tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99510" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.1" }, { "model": "storevirtual hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.0" }, { "model": "imc uam", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.00" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89450" }, { "model": "telepresence supervisor mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "80500" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.2.0.9" }, { "model": "usg2000 v300r001c10sph201", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "1.0.4" }, { "model": "dsm v100r002c05spc615", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos 10.4s", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "4.0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.6" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.6" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "ive os", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "8.0" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.3" }, { "model": "tapi service provider", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "espace u2980 v100r001 v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.3" }, { "model": "project openssl 0.9.8t", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.5" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.1.1" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1.5" }, { "model": "storevirtual 3tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "storevirtual 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "switch series (comware", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "10500v7)0" }, { "model": "hosted collaboration mediation fulfillment", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos 11.4r8", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl 0.9.8n", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.3.2.6" }, { "model": "big-iq cloud", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.0" }, { "model": "s7700\u0026s9700 v200r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "ecns600 v100r002c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "application networking manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "oceanstor s2600t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace u19** v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl 1.0.0c", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "webex meetings server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "2.0" }, { "model": "spa112 2-port phone adapter", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "idp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "4.2" }, { "model": "spa500 series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.4" }, { "model": "project openssl l", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.4" }, { "model": "storevirtual vsa software", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "12.5" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.5" }, { "model": "universal small cell series software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70003.4.20" }, { "model": "oceanstor s5600t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "paging server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "data ontap smi-s agent", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1.2" }, { "model": "9500e family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "ace application control engine module ace20", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "msr30-16 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "jabber for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "cloud manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.4.1" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.1.5.2" }, { "model": "storevirtual china hybrid san solution", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.5" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.1.0.1880" }, { "model": "hyperdp oceanstor n8500 v200r001c09", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.2" }, { "model": "telepresence video communication server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "3.1.10" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.1.0.2354" }, { "model": "agent desktop for cisco unified contact center", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "toolscenter suite", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "9.53" }, { "model": "simatic s7-1500", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "telepresence ip vcr series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "msr20-1x russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "11000" }, { "model": "unified communications series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "telepresence sx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-iq cloud", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.2" }, { "model": "si switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "55000" }, { "model": "virusscan enterprise for linux", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "2.0" }, { "model": "linux lts", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "14.04" }, { "model": "ape", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "0" }, { "model": "hyperdp v200r001c91spc201", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "idp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "4.1" }, { "model": "unified attendant console", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security threat response manager 2012.1r8", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "project openssl 1.0.0f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "dsr-500 1.09.b61", "scope": "ne", "trust": 0.3, "vendor": "d link", "version": null }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "99710" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "s3900 v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s5600t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "4.1" }, { "model": "documentum content server sp1 p26", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "tivoli management framework", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.1" }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "11.3" }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.1" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.6" }, { "model": "junos 12.1x44-d30", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "security information and event management hf11", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "9.3.2" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "project openssl 0.9.8o", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.0.12" }, { "model": "storevirtual 2tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.5" }, { "model": "junos 12.1x45-d30", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "ata analog telephone adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1870" }, { "model": "project openssl 1.0.0j", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "eupp v100r001c01spc101", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "ace application control engine module ace10", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 1.0.0b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "junos 10.4s15", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "rox", "scope": "eq", "trust": 0.3, "vendor": "siemens", "version": "20" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "6.4" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.1" }, { "model": "ecns600 v100r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "36100" }, { "model": "junos 13.2r4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "expressway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "hi switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "55000" }, { "model": "storevirtual 600gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.6" }, { "model": "storevirtual 1tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "aura experience portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "big-iq cloud", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.1" }, { "model": "msr30-1x russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.7" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1209" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "oceanstor s2600t v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x46" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "msr9xx family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "msr2000 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "10.0" }, { "model": "enterprise linux server aus", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6.5" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.3" }, { "model": "security information and event management", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "9.3" }, { "model": "storevirtual 3tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "aura presence services sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.1.2" }, { "model": "aura presence services sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "smartcloud entry", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "6.3" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "3.1.12" }, { "model": "junos os 13.3r2-s3", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "msr30 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "smart update manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3.1" }, { "model": "manageone v100r002c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "463011.5" }, { "model": "junos 12.2r7", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.0" }, { "model": "ave2000 v100r001c00sph001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "security information and event management ga", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "9.4.0" }, { "model": "svn2200 v200r001c01hp0001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "125000" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.2" }, { "model": "esight-ewl v300r001c10spc300", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "ave2000 v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "8.4" }, { "model": "storevirtual fc 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8v" }, { "model": "project openssl beta3", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "tsm v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "usg9500 v300r001c01spc300", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "msr30-16 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "imc ead", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.00" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "9.1" }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3600v20" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1" }, { "model": "fortios b064", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1.5-1" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "documentum content server sp2 p15", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2.2" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "10.3" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.0.3" }, { "model": "usg9500 v300r001c20sph102", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "storevirtual 1tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2" }, { "model": "fortios", "scope": "ne", "trust": 0.3, "vendor": "fortinet", "version": "5.0.8" }, { "model": "asa cx context-aware security", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 450gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "telepresence integrator c series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.4.13" }, { "model": "project openssl 1.0.1d", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "msr4000 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.5" }, { "model": "unified im and presence services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos 12.2r8", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.9" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.1.21" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473011.5" }, { "model": "usg9300 v200r001c01sph902", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "security network intrusion prevention system gv200", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.6" }, { "model": "elog v100r003c01spc503", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "anyoffice v200r002c10", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "463012.5" }, { "model": "nac appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "nexus series switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "60000" }, { "model": "digital media players series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "43000" }, { "model": "hardware management console release", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v77.6" }, { "model": "vpn client v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "telepresence server on multiparty media", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3100" }, { "model": "metro ethernet series access devices", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "12000" }, { "model": "mcp russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "66000" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "31005.1.1" }, { "model": "storevirtual 1tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.9.1" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1.2" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "s5900 v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "13.10" }, { "model": "prime network", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "s6900 v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "ecns610 v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.0.0" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.1" }, { "model": "storevirtual hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.5" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "storevirtual 3tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453012.6" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "snapdrive for unix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.1" }, { "model": "a6600 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "storevirtual fc 900gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "junos 12.1r11", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "f5000 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "storevirtual 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.5" }, { "model": "family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "19100" }, { "model": "fusionsphere v100r003", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0.1" }, { "model": "junos 13.3r2-s3", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "usg9500 usg9500 v300r001c20", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "tsm v100r002c07spc219", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "espace u2990 v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "prime infrastructure", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "smartcloud provisioning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.3" }, { "model": "espace iad v300r002c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos r11", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.913" }, { "model": "ace application control engine appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl beta3", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "documentum content server sp1 p28", "scope": "eq", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "telepresence isdn gw", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "32410" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.2.3" }, { "model": "family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "66020" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "11.4x27.62" }, { "model": "real-time compression appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.8" }, { "model": "prime collaboration provisioning", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "10.5" }, { "model": "oceanstor s5600t v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos os 12.1x44-d40", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "7.2" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x47" }, { "model": "security network intrusion prevention system gx7412-10", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "espace iad v300r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.6" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "virusscan enterprise for linux", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "1.9" }, { "model": "pk family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1810v10" }, { "model": "telepresence ex series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473011.5" }, { "model": "junos os 13.3r3", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "telepresence server on virtual machine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "59200" }, { "model": "oceanstor s6800t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "manageone v100r001c02 spc901", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos 11.4r10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "security information and event management", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "9.2" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "41005.2" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "2.1.5-2" }, { "model": "project openssl 1.0.0m", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "junos 12.1x45-d20", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.6.1" }, { "model": "oceanstor s2600t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "dsr-500n rev. a1", "scope": null, "trust": 0.3, "vendor": "d link", "version": null }, { "model": "project openssl m", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "security network intrusion prevention system gx5008-v2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "s2750\u0026s5700\u0026s6700 v200r003", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s5800t v100r005", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "security network intrusion prevention system gx4002", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.0" }, { "model": "4210g switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "oceanstor s5800t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "isoc v200r001c02spc202", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "9000" }, { "model": "ios xr software", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 2tb mdl sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "junos r1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": "14.1" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413011.5" }, { "model": "unified series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "79000" }, { "model": "ons series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "154000" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "aura experience portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "unified intelligent contact management enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "arx", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.1" }, { "model": "nip2000\u00265000 v100r002c10spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "hyperdp v200r001c09spc501", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "sterling b2b integrator", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.1" }, { "model": "webapp secure", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.8.0" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "anyconnect secure mobility client for ios", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.7.0" }, { "model": "security threat response manager", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "2013.2" }, { "model": "eupp v100r001c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "ei switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "55000" }, { "model": "toolscenter suite", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.52" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3" }, { "model": "junos 13.1r4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "version control agent", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.2" }, { "model": "fortios", "scope": "eq", "trust": 0.3, "vendor": "fortinet", "version": "5.0" }, { "model": "guardium database activity monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "dsr-500 rev. a1", "scope": null, "trust": 0.3, "vendor": "d link", "version": null }, { "model": "aura system manager sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "policy center v100r003c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "sdk for node.js", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.0.2" }, { "model": "junos d15", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x45-" }, { "model": "big-iq security", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.0" }, { "model": "telepresence", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "13100" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl 1.0.1b", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "project openssl 1.0.0k", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "cms r17ac.g", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "storevirtual 3tb mdl sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "tandberg mxp", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "9900" }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "59000" }, { "model": "updatexpress system packs installer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.60" }, { "model": "oceanstor s5800t v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.1" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.1" }, { "model": "jabber for mac", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "usg2000 v300r001c10spc200", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "d9036 modular encoding platform", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "video surveillance 4300e/4500e high-definition ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smart update manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "6.4.1" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "mcp", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "66000" }, { "model": "storevirtual 600gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.5" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.0.92743" }, { "model": "switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "75000" }, { "model": "unified series ip phones", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "69000" }, { "model": "family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8300" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "453011.5" }, { "model": "junos 12.2r8-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.2" }, { "model": "oceanstor s5600t v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "big-iq cloud", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.3" }, { "model": "10.0-stable", "scope": "ne", "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.3" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "4.6.7" }, { "model": "sterling b2b integrator", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "473012.0" }, { "model": "jabber video for ipad", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "secblade fw family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "tssc", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.3.15" }, { "model": "junos 12.1x44-d26", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos os 13.2r5", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "big-iq security", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.2" }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.1.2" }, { "model": "guardium database activity monitor", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.2" }, { "model": "web gateway", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "7.3.2.2" }, { "model": "unified communications manager session management edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network protection", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "51005.1" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "junos os 14.1r1", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "snapdrive for windows", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "video surveillance ptz ip cameras", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "snapdrive for unix", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "project openssl 0.9.8s", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "webex connect client for windows", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence serial gateway series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "clustered data ontap antivirus connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1" }, { "model": "junos 10.4r15", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "uacos c4.4", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "elog v100r003c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "security module for cisco network registar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "ata series analog telephone adaptor", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1900" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.2.5" }, { "model": "aura utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "4.6" }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89610" }, { "model": "open systems snapvault", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "p2 family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1810v10" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "storevirtual fc 900gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "storevirtual 450gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-320" }, { "model": "junos 10.0s25", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "storevirtual hybrid storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433512.6" }, { "model": "big-iq security", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.1" }, { "model": "unified contact center express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "security network intrusion prevention system gx5108-v2", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "softco v200r001c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "storevirtual 450gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1x45" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "4.2" }, { "model": "s6900 v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "web gateway", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "7.3.2.10" }, { "model": "svn5500 v200r001c01hp0001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "1.0.1" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.6" }, { "model": "prime lan management solution", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "11.2" }, { "model": "junos d10", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": "12.1x47" }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "epolicy orchestrator", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "5.1" }, { "model": "proventia network security controller 1.0.3350m", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "msr50 g2 russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "9.0" }, { "model": "security access manager for mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "junos 10.4r10", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "agent desktop for cisco unified contact center enterprise", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "junos 12.3r4-s2", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "dsm v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "cms r17ac.h", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "agile controller v100r001c00", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "8.1" }, { "model": "nip2000\u00265000 v100r002c10hp0001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "telepresence mx series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "insight control server deployment", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2.2" }, { "model": "infosphere master data management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "storevirtual 1tb mdl china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433012.0" }, { "model": "telepresence system", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "500-370" }, { "model": "russian version", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "66020" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "4.4" }, { "model": "junos r5", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "13.2" }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "12.1" }, { "model": "oceanstor s5800t v100r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "oceanstor s5500t v100r002", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "css series content services switches", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "115000" }, { "model": "blackberry os", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "10.0.10" }, { "model": "telepresence isdn gw mse", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "83210" }, { "model": "ucs central", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "telepresence profile series", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "smc2.0 v100r002c01b017sp16", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.3.0" }, { "model": "emergency responder", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "espace iad v300r001c07", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "storevirtual 900gb sas storage/s-buy", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "security network intrusion prevention system gx7412-05", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "6.0" }, { "model": "dynamic system analysis", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.60" }, { "model": "s7700\u0026s9700 v200r003", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "blackberry link", "scope": "eq", "trust": 0.3, "vendor": "rim", "version": "1.2" }, { "model": "oneview", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.05" }, { "model": "storevirtual 600gb sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "413012.5" }, { "model": "msr20-1x family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "real-time compression appliance", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "3.9.107" }, { "model": "project openssl m", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "open source security information management", "scope": "eq", "trust": 0.3, "vendor": "alienvault", "version": "1.0.6" }, { "model": "vios", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2.1.3" }, { "model": "msr30-1x family", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "junos 12.1x44-d32", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "4510g switch series", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.2" }, { "model": "proventia network security controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.1768" }, { "model": "physical access gateways", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "storevirtual 450gb china sas storage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "433011.5" }, { "model": "dsr-1000 rev. a1", "scope": null, "trust": 0.3, "vendor": "d link", "version": null }, { "model": "nac guest server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "session border controller enterprise", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "s7700\u0026s9700 v200r001", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "version control repository manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3.4" }, { "model": "dsr-1000n 1.09.b61", "scope": "ne", "trust": 0.3, "vendor": "d link", "version": null }, { "model": "junos 12.1r7", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "unified ip phone", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "89410" }, { "model": "unity connection", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "project openssl 0.9.8u", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "isoc v200r001c01spc101", "scope": "eq", "trust": 0.3, "vendor": "huawei", "version": "5000" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "idp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.1" }, { "model": "documentum content server sp2 p16", "scope": "ne", "trust": 0.3, "vendor": "emc", "version": "6.7" }, { "model": "oceanstor s2200t v100r005c30spc100", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "prime network registrar", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "espace usm v100r001c01", "scope": null, "trust": 0.3, "vendor": "huawei", "version": null }, { "model": "junos os 12.3r7", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "junos", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.1" } ], "sources": [ { "db": "BID", "id": "66801" }, { "db": "NVD", "id": "CVE-2010-5298" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "1.0.1g", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.0.13", "versionStartIncluding": "10.0.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2010-5298" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "HP", "sources": [ { "db": "PACKETSTORM", "id": "127362" }, { "db": "PACKETSTORM", "id": "127807" }, { "db": "PACKETSTORM", "id": "140720" }, { "db": "PACKETSTORM", "id": "127326" }, { "db": "PACKETSTORM", "id": "128001" } ], "trust": 0.5 }, "cve": "CVE-2010-5298", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "exploitabilityScore": 4.9, "impactScore": 4.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "exploitabilityScore": 4.9, "id": "CVE-2010-5298", "impactScore": 4.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2010-5298", "trust": 1.0, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2010-5298", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2010-5298" }, { "db": "NVD", "id": "CVE-2010-5298" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment. OpenSSL is prone to a remote memory-corruption vulnerability. \nAn attacker can exploit this issue to cause denial-of-service condition. Due to the nature of this issue, arbitrary code execution may be possible; however, this has not been confirmed. As long as all other products which SMH V7.3.3.1 for Linux\nx86 communicates with have been upgraded to the latest versions, it will not\nbe vulnerable to the exploits described in CVE-2014-0224. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nESA-2014-079: EMC Documentum Content Server Multiple Vulnerabilities \n\nEMC Identifier: ESA-2014-079\n\nCVE Identifier: See below for individual CVEs\n\nSeverity Rating: CVSS v2 Base Score: See below for individual CVSS score for each CVE\n\nAffected products: \n\\x95\tAll EMC Documentum Content Server versions of 7.1 prior to P07\n\\x95\tAll EMC Documentum Content Server versions of 7.0\n\\x95\tAll EMC Documentum Content Server versions of 6.7 SP2 prior to P16\n\\x95\tAll EMC Documentum Content Server versions of 6.7 SP1\n\\x95\tAll EMC Documentum Content Server versions prior to 6.7 SP1\n \nSummary: \nEMC Documentum Content Server contains fixes for multiple vulnerabilities which also include vulnerabilities disclosed by the OpenSSL project on June 5, 2014 in OpenSSL. \n\nDetails: \nEMC Documentum Content Server may be susceptible to the following vulnerabilities:\n\n\\x95\tArbitrary Code Execution (CVE-2014-4618):\nAuthenticated non-privileged users can potentially execute Documentum methods with higher level privileges (up to and including superuser privileges) due to improper authorization checks being performed on user-created system objects. \nCVSS v2 Base Score: 8.2 (AV:N/AC:M/Au:S/C:C/I:C/A:P)\n\n\\x95\tDQL Injection (CVE-2014-2520):\nCertain DQL hints in EMC Documentum Content Server may be potentially exploited by an authenticated non-privileged malicious user to conduct DQL injection attacks and read the database contents. \nCVSS v2 Base Score: 6.3 (AV:N/AC:M/Au:S/C:C/I:N/A:N)\n\n\\x95\tInformation Disclosure (CVE-2014-2521):\nAuthenticated non-privileged users are allowed to retrieve meta-data of unauthorized system objects due to improper authorization checks being performed on certain RPC commands in Content Server. \nCVSS v2 Base Score: 6.3 (AV:N/AC:M/Au:S/C:C/I:N/A:N)\n\n\\x95\tMultiple OpenSSL vulnerabilities (See individual CVEs below and refer to NVD for each of their scores):\n\tSSL/TLS Man-in-the-middle (MITM) vulnerability (CVE-2014-0224)\n\tDTLS recursion flaw (CVE-2014-0221)\n\tDTLS invalid fragment vulnerability (CVE-2014-0195)\n\tSSL_MODE_RELEASE_BUFFERS NULL pointer deference (CVE-2014-0198)\n\tSSL_MODE_RELEASE_BUFFERS session injection or denial of service (CVE-2010-5298)\n\tAnonymous ECDH denial of service (CVE-2014-3470)\n\tFLUSH + RELOAD cache side-channel attack (CVE-2014-0076)\nFor more information about these vulnerabilities, please visit the original OpenSSL advisory https://www.openssl.org/news/secadv_20140605.txt \n\nResolution: \nThe following versions contain the resolution for these issues: \n\\x95\tEMC Documentum Content Server version 7.1 P07 and later\n\\x95\tEMC Documentum Content Server version 7.0: Hotfixes are available for Windows \u0026 Linux. Contact EMC Support to obtain them. For Solaris and AIX, contact EMC Support to open Hotfix requests. \n\\x95\tEMC Documentum Content Server version 6.7 SP2 P16 and later\n\\x95\tEMC Documentum Content Server version 6.7 SP1: Hotfixes are available for Windows \u0026 Linux. Contact EMC Support to obtain them. For Solaris and AIX, contact EMC Support to open Hotfix requests. \n\nEMC recommends all customers to upgrade to one of the above versions at the earliest opportunity. \n\nLink to remedies:\nRegistered EMC Online Support customers can download patches and software from support.emc.com at: https://support.emc.com/downloads/2732_Documentum-Server\n\nFor Hotfix, contact EMC Support. \n\n\n\nRead and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867. \n\nFor an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. \n\nEMC Corporation distributes EMC Security Advisories, in order to bring to the attention of users of the affected EMC products, important security information. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. \n\nRelease Date: 2014-08-08\nLast Updated: 2014-08-08\n\nPotential Security Impact: Remote denial of service (DoS), code execution,\nunauthorized access, disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP System\nManagement Homepage (SMH), HP Smart Update Manager (SUM), and HP Version\nControl Agent (VCA) running on Linux and Windows. These components of HP\nInsight Control server deployment could be exploited remotely resulting in\ndenial of service (DoS), code execution, unauthorized access, or disclosure\nof information. \n\nHP Insight Control server deployment packages HP System Management Homepage\n(SMH) and HP Version Control Agent (VCA), and HP Smart Update Manager (SUM)\nand deploys them through the following components. This bulletin provides the\ninformation needed to update the HP Insight Control server deployment\nsolution. \n\nInstall HP Management Agents for Windows x86/x64\nInstall HP Management Agents for RHEL 5 x64\nInstall HP Management Agents for RHEL 6 x64\nInstall HP Management Agents for SLES 10 x64\nInstall HP Management Agents for SLES 11 x64\nUpgrade Proliant Firmware\n\nReferences:\n\nCVE-2010-5298 Remote Denial of Service\nCVE-2014-0076 Unauthorized Disclosure of Information\nCVE-2014-0195 Remote Unauthorized Access\nCVE-2014-0198 Remote Denial of Service\nCVE-2014-0221 Remote Denial of Service (DoS)\nCVE-2014-0224 Remote Unauthorized Access or Disclosure of Information\nCVE-2014-3470 Remote Code Execution or Unauthorized Access\nSSRT101628\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP Insight Control server deployment v7.1.2, v7.2.0, v7.2.1, v7.2.2, v7.3.1\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2010-5298 (AV:N/AC:H/Au:N/C:N/I:P/A:P) 4.0\nCVE-2014-0076 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\nCVE-2014-0195 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-0198 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2014-0221 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\nCVE-2014-0224 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8\nCVE-2014-3470 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following updates to v7.3.1 of HP Insight Control server\ndeployment to resolve this vulnerability. HP has provided manual update steps\nif a version upgrade is not possible; if users wish to remain at v7.1.2,\nv7.2.0, or v7.2.1. \n\nNote: It is important to check your current running version of HP Insight\nControl server deployment and to follow the correct steps listed below. For\nHP Insight Control server deployment v7.2.2, users must upgrade to v7.3.1 and\nfollow the steps below to remove the vulnerability. The vulnerability known\nas Heartbleed (CVE-2014-0160) was fixed in HP Insight Control server\ndeployment v7.3.1. That Security Bulletin with instructions on how to upgrade\nto v7.3.1 can be found here:\n\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_n\na-c04267749\n\nHP Insight Control server deployment users of v7.1.2, v7.2.0, v7.2.1 should\ntake the following steps to remove this vulnerability. \n\nDelete the files smhamd64-*.exe/smhx86-*.exe\" from Component Copy Location\nlisted in the following table, rows 1 and 2. \nDelete the files \"vcax86-*.exe/vcaamd64-*.exe from Component Copy Location\nlisted in the following table, rows 3 and 4. \nDelete the files hpsmh-7.*.rpm\" from Component Copy Location listed in row 5. \nIn sequence, perform the steps from left to right in the following table. \nFirst, download components from Download Link; Second, rename the component\nas suggested in Rename to. Third, copy the component to the location\nspecified in Component Copy Location. \nTable Row Number\n Download Link\n Rename to\n Component Copy Location\n\n1\n http://www.hp.com/swpublishing/MTX-e8076c2a35804685ad65b2b1ba\n smhamd64-ccp023716.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n2\n http://www.hp.com/swpublishing/MTX-3395d737d98f42149125b9bb05\n smhx86-cp023715.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n3\n http://www.hp.com/swpublishing/MTX-8aefeaf490284a7691eca97d13\n vcax86-cp023742.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n4\n http://www.hp.com/swpublishing/MTX-c0d32bac154a4d93839d8cd1f2\n vcaamd64-cp023743.exe\n \\\\express\\hpfeatures\\hpagents-ws\\components\\Win2008\n\n5\n http://www.hp.com/swpublishing/MTX-bd9a1cf60e344c549c4888db93\n Do not rename the downloaded component for this step. \n \\\\express\\hpfeatures\\hpagents-sles11-x64\\components\n\\\\express\\hpfeatures\\hpagents-sles10-x64\\components\n\\\\express\\hpfeatures\\hpagents-rhel5-x64\\components\n\\\\express\\hpfeatures\\hpagents-rhel6-x64\\components\n\nDownload and extract the HPSUM 5.3.6 component from\nftp://ftp.hp.com/pub/softlib2/software1/pubsw-windows/p750586112/v99793\n\nCopy all content from extracted ZIP folder and paste into\n\\\\eXpress\\hpfeatures\\fw-proLiant\\components\nInitiate Install HP Management Agents for SLES 11 x64 on targets running\nSLES11 x64. \nInitiate Install HP Management Agents for SLES 10 x64 on targets running\nSLES10 x64. \nInitiate Install HP Management Agents for RHEL 6 x64 on targets running RHEL\n6 x64. \nInitiate Install HP Management Agents for RHEL 5 x64 on targets running RHEL\n5 x64. \nInitiate Install HP Management Agents for Windows x86/x64 on targets running\nWindows. \n\nHP Insight Control server deployment users with v7.2.2:\n\nPlease upgrade to Insight Control server deployment v7.3.1 and follow the\nsteps below for v7.3.1. \n\nHP Insight Control server deployment users with v7.3.1:\n\nPerform steps 1 - 4 as outlined above for users with HP Insight Control\nserver deployment v7.1.2, v7.2.0, and v7.2.1. \nDownload the HP SUM ZIP file from\nhttp://www.hp.com/swpublishing/MTX-f6c141a7feeb4a358bbb28300f\n\nExtract the contents from the HP SUM ZIP file to\n\\\\eXpress\\hpfeatures\\fw-proLiant\\components location on the Insight Control\nserver deployment server\n\nRelated security bulletins:\n\nFor System Management Homepage please see Security bulletin HPSBMU03051 https\n://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c04\n345210\n\nFor HP Version Control Agent please see Security bulletin HPSBMU03057 https:/\n/h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c0434\n9897\n\nHISTORY\nVersion:1 (rev.1) - 8 August 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: openssl security update\nAdvisory ID: RHSA-2014:0625-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2014-0625.html\nIssue date: 2014-06-05\nCVE Names: CVE-2010-5298 CVE-2014-0195 CVE-2014-0198 \n CVE-2014-0221 CVE-2014-0224 CVE-2014-3470 \n=====================================================================\n\n1. Summary:\n\nUpdated openssl packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 6. \n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64\nRed Hat Enterprise Linux HPC Node (v. 6) - x86_64\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64\nRed Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64\n\n3. Description:\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library. \n\nIt was found that OpenSSL clients and servers could be forced, via a\nspecially crafted handshake packet, to use weak keying material for\ncommunication. A man-in-the-middle attacker could use this flaw to decrypt\nand modify traffic between a client and a server. (CVE-2014-0224)\n\nNote: In order to exploit this flaw, both the server and the client must be\nusing a vulnerable version of OpenSSL; the server must be using OpenSSL\nversion 1.0.1 and above, and the client must be using any version of\nOpenSSL. For more information about this flaw, refer to:\nhttps://access.redhat.com/site/articles/904433\n\nA buffer overflow flaw was found in the way OpenSSL handled invalid DTLS\npacket fragments. A remote attacker could possibly use this flaw to execute\narbitrary code on a DTLS client or server. (CVE-2014-0195)\n\nMultiple flaws were found in the way OpenSSL handled read and write buffers\nwhen the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or\nserver using OpenSSL could crash or unexpectedly drop connections when\nprocessing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)\n\nA denial of service flaw was found in the way OpenSSL handled certain DTLS\nServerHello requests. A specially crafted DTLS handshake packet could cause\na DTLS client using OpenSSL to crash. (CVE-2014-0221)\n\nA NULL pointer dereference flaw was found in the way OpenSSL performed\nanonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially\ncrafted handshake packet could cause a TLS/SSL client that has the\nanonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)\n\nRed Hat would like to thank the OpenSSL project for reporting these issues. \nUpstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter\nof CVE-2014-0224, J\u00fcri Aedla as the original reporter of CVE-2014-0195,\nImre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix\nGr\u00f6bert and Ivan Fratri\u0107 of Google as the original reporters of\nCVE-2014-3470. \n\nAll OpenSSL users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. For the update to take\neffect, all services linked to the OpenSSL library (such as httpd and other\nSSL-enabled services) must be restarted or the system rebooted. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1087195 - CVE-2010-5298 openssl: freelist misuse causing a possible use-after-free\n1093837 - CVE-2014-0198 openssl: SSL_MODE_RELEASE_BUFFERS NULL pointer dereference in do_ssl3_write()\n1103586 - CVE-2014-0224 openssl: SSL/TLS MITM vulnerability\n1103593 - CVE-2014-0221 openssl: DoS when sending invalid DTLS handshake\n1103598 - CVE-2014-0195 openssl: Buffer overflow via DTLS invalid fragment\n1103600 - CVE-2014-3470 openssl: client-side denial of service when using anonymous ECDH\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\ni386:\nopenssl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\n\nRed Hat Enterprise Linux Desktop Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-static-1.0.1e-16.el6_5.14.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.14.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.14.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\ni386:\nopenssl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.i686.rpm\n\nppc64:\nopenssl-1.0.1e-16.el6_5.14.ppc.rpm\nopenssl-1.0.1e-16.el6_5.14.ppc64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.ppc.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.ppc64.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.ppc.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.ppc64.rpm\n\ns390x:\nopenssl-1.0.1e-16.el6_5.14.s390.rpm\nopenssl-1.0.1e-16.el6_5.14.s390x.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.s390.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.s390x.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.s390.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.s390x.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-static-1.0.1e-16.el6_5.14.i686.rpm\n\nppc64:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.ppc64.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.ppc64.rpm\nopenssl-static-1.0.1e-16.el6_5.14.ppc64.rpm\n\ns390x:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.s390x.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.s390x.rpm\nopenssl-static-1.0.1e-16.el6_5.14.s390x.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.14.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\ni386:\nopenssl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.i686.rpm\n\nx86_64:\nopenssl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-devel-1.0.1e-16.el6_5.14.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 6):\n\nSource:\nopenssl-1.0.1e-16.el6_5.14.src.rpm\n\ni386:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.i686.rpm\nopenssl-static-1.0.1e-16.el6_5.14.i686.rpm\n\nx86_64:\nopenssl-debuginfo-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-perl-1.0.1e-16.el6_5.14.x86_64.rpm\nopenssl-static-1.0.1e-16.el6_5.14.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2010-5298.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0195.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0198.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0221.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0224.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-3470.html\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/site/articles/904433\nhttps://access.redhat.com/site/solutions/905793\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFTkGAKXlSAg2UNWIIRAnrwAJ9sLrj3wCAZhJU00jxgt03unDAHywCfVjUB\npJJhdOUzRUL8R2haDM4xrsk=\n=hZF8\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce. \tUnvalidated Redirect Vulnerability (CVE-2015-0512)\n\nA potential vulnerability in Unisphere Central may allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. The attacker can specify the location of the arbitrary site in the unvalidated parameter of a crafted URL. If this URL is accessed, the browser is redirected to the arbitrary site specified in the parameter. \n\nCVSSv2 Base Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)\n\n2. To search for a particular CVE, use the NVD database\\x92s search utility at http://web.nvd.nist.gov/view/vuln/search\n\nResolution: \nThe following Unisphere Central release contains resolutions to the above issues:\n\\x95\tUnisphere Central version 4.0. \n \n The Montgomery ladder implementation in OpenSSL through 1.0.0l does\n not ensure that certain swap operations have a constant-time behavior,\n which makes it easier for local users to obtain ECDSA nonces via a\n FLUSH+RELOAD cache side-channel attack (CVE-2014-0076). \n \n The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before\n 1.0.1g do not properly handle Heartbeat Extension packets, which allows\n remote attackers to obtain sensitive information from process memory\n via crafted packets that trigger a buffer over-read, as demonstrated\n by reading private keys, related to d1_both.c and t1_lib.c, aka the\n Heartbleed bug (CVE-2014-0160). \n \n OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before\n 1.0.1h does not properly restrict processing of ChangeCipherSpec\n messages, which allows man-in-the-middle attackers to trigger use of a\n zero-length master key in certain OpenSSL-to-OpenSSL communications,\n and consequently hijack sessions or obtain sensitive information,\n via a crafted TLS handshake, aka the CCS Injection vulnerability\n (CVE-2014-0224). \n \n The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other\n products, uses nondeterministic CBC padding, which makes it easier\n for man-in-the-middle attackers to obtain cleartext data via a\n padding-oracle attack, aka the POODLE issue (CVE-2014-3566). \n \n The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before\n 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square\n of a BIGNUM value, which might make it easier for remote attackers to\n defeat cryptographic protection mechanisms via unspecified vectors,\n related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and\n crypto/bn/bn_asm.c (CVE-2014-3570). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote\n SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger\n a loss of forward secrecy by omitting the ServerKeyExchange message\n (CVE-2014-3572). \n \n OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k\n does not enforce certain constraints on certificate data, which allows\n remote attackers to defeat a fingerprint-based certificate-blacklist\n protection mechanism by including crafted data within a\n certificate\u0026#039;s unsigned portion, related to crypto/asn1/a_verify.c,\n crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c\n (CVE-2014-8275). \n \n The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before\n 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL\n servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate\n brute-force decryption by offering a weak ephemeral RSA key in a\n noncompliant role, related to the FREAK issue. NOTE: the scope of\n this CVE is only client code based on OpenSSL, not EXPORT_RSA issues\n associated with servers or other TLS implementations (CVE-2015-0204). \n \n The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before\n 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a\n Diffie-Hellman (DH) certificate without requiring a CertificateVerify\n message, which allows remote attackers to obtain access without\n knowledge of a private key via crafted TLS Handshake Protocol traffic\n to a server that recognizes a Certification Authority with DH support\n (CVE-2015-0205). \n \n The updated packages have been upgraded to the 1.0.1m version where\n these security flaws has been fixed. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0076\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0195\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0221\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3470\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0209\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0286\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0287\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0288\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0289\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0293\n http://openssl.org/news/secadv_20150108.txt\n http://openssl.org/news/secadv_20150319.txt\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n 324a85f7e1165ab02881e44dbddaf599 mbs2/x86_64/lib64openssl1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n 9c0bfb6ebd43cb6d81872abf71b4f85f mbs2/x86_64/lib64openssl-devel-1.0.1m-1.mbs2.x86_64.rpm\n 58df54e72ca7270210c7d8dd23df402b mbs2/x86_64/lib64openssl-engines1.0.0-1.0.1m-1.mbs2.x86_64.rpm\n b5313ffb5baaa65aea05eb05486d309a mbs2/x86_64/lib64openssl-static-devel-1.0.1m-1.mbs2.x86_64.rpm\n a9890ce4c33630cb9e00f3b2910dd784 mbs2/x86_64/openssl-1.0.1m-1.mbs2.x86_64.rpm \n 521297a5fe26e2de0c1222d8d03382d1 mbs2/SRPMS/openssl-1.0.1m-1.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVFTm1mqjQ0CJFipgRAoYFAKCaubn00colzVNnUBFjSElyDptGMQCfaGoS\nkz0ex6eI6hA6qSwklA2NoXY=\n=GYjX\n-----END PGP SIGNATURE-----\n. These vulnerabilities include: \n\n* The SSLv3 vulnerability known as \"Padding Oracle on Downgraded Legacy\nEncryption\" also known as \"POODLE\", which could be exploited remotely\nresulting in disclosure of information. \n\n - HP StoreVirtual VSA Software 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4130 600GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4130 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 1TB MDL China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 1TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 1TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 450GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 450GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 FC 900GB China SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4330 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4335 China Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4335 China Hybrid Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4335 Hybrid SAN Solution 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4335 Hybrid Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 2TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 3TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 3TB MDL SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 450GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 450GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 4TB MDL SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4530 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4630 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 600GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 600GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 900GB SAS Storage/S-Buy 12.6, 12.5, 12.0, 11.5\n - HP StoreVirtual 4730 FC 900GB SAS Storage 12.6, 12.5, 12.0, 11.5\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2010-5298\n 4.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L\n 4.0 (AV:N/AC:H/Au:N/C:N/I:P/A:P)\n\n CVE-2014-0076\n 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\n 1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N)\n\n CVE-2014-0195\n 7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\n 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n CVE-2014-0198\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n CVE-2014-0221\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n CVE-2014-0224\n 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L\n 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n CVE-2014-3470\n 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\n 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n CVE-2014-3566\n 3.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N\n 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n CVE-2016-0705\n 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\n 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE recommends applying the following software updates to resolve the\nvulnerabilities in the impacted versions of HPE StoreVirtual products running\nHPE LeftHand OS. \n\nLeftHand OS v11.5 - Patches 45019-00 and 45020 \nLeftHand OS v12.0 - Patches 50016-00 and 50017-00 \nLeftHand OS v12.5 - Patch 55016-00 \nLeftHand OS v12.6 - Patch 56002-00 \n\n**Notes:**\n\nThese patches enable TLSv1.2 protocol and upgrades the OpenSSL RPM revision\nto OpenSSL v1.0.1e 48. \nThese patches migrate Certificate Authority Hashing Algorithm from a weak\nhashing algorithm SHA1 to the stronger hashing algorithm SHA256. Summary\n\n VMware product updates address OpenSSL security vulnerabilities. Relevant Releases\n\n ESXi 5.5 prior to ESXi550-201406401-SG\n\n\n3. Problem Description\n\n a. \n \n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n\n has assigned the names CVE-2014-0224, CVE-2014-0198, \n CVE-2010-5298, CVE-2014-3470, CVE-2014-0221 and CVE-2014-0195 to\n these issues. The most important of these issues is \n CVE-2014-0224. \n\n CVE-2014-0198, CVE-2010-5298 and CVE-2014-3470 are considered to\n be of moderate severity. Exploitation is highly unlikely or is\n mitigated due to the application configuration. \n\n CVE-2014-0221 and CVE-2014-0195, which are listed in the OpenSSL \n Security Advisory (see Reference section below), do not affect\n any VMware products. For readability\n the affected products have been split into 3 tables below, \n based on the different client-server configurations and\n deployment scenarios. Applying these patches to \n affected servers will mitigate the affected clients (See Table 1\n below). can be mitigated by using a secure network such as \n VPN (see Table 2 below). \n \n Clients and servers that are deployed on an isolated network are\n less exposed to CVE-2014-0224 (see Table 3 below). The affected\n products are typically deployed to communicate over the\n management network. \n\n RECOMMENDATIONS\n\n VMware recommends customers evaluate and deploy patches for\n affected Servers in Table 1 below as these patches become\n available. Patching these servers will remove the ability to\n exploit the vulnerability described in CVE-2014-0224 on both\n clients and servers. VMware recommends customers consider \n applying patches to products listed in Table 2 \u0026 3 as required. \n\n Column 4 of the following tables lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch \n ============== ======= ======= =============\n ESXi 5.5 ESXi ESXi550-\n 201406401-SG \n\n Big Data Extensions 1.1 patch pending \n Charge Back Manager 2.6 patch pending \n\n Horizon Workspace Server \n GATEWAY 1.8.1 patch pending \n Horizon Workspace Server \n GATEWAY 1.5 patch pending \n\n Horizon Workspace Server \n DATA 1.8.1 patch pending \n\n Horizon Mirage Edge Gateway 4.4.2 patch pending \n Horizon View 5.3.1 patch pending \n\n Horizon View Feature Pack 5.3 SP2 patch pending \n\n NSX for Multi-Hypervisor 4.1.2 patch pending \n NSX for Multi-Hypervisor 4.0.3 patch pending \n NSX for vSphere 6.0.4 patch pending \n NVP 3.2.2 patch pending \n vCAC 6.0.1 patch pending \n\n vCloud Networking and Security 5.5.2 \t\t patch pending \n vCloud Networking and Security 5.1.2 \t\t patch pending \n\n vFabric Web Server 5.3.4 patch pending \n\n vCHS - DPS-Data Protection 2.0 patch pending \n Service\n\n Table 2\n ========\n Affected clients running a vulnerable version of OpenSSL 0.9.8 \n or 1.0.1 and communicating over an untrusted network. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch \n ============== ======= ======= =============\n vCSA 5.5 patch pending \n vCSA 5.1 patch pending \n vCSA 5.0 patch pending \n\n\n ESXi 5.1 ESXi patch pending \n ESXi 5.0 ESXi patch pending \n\n Workstation 10.0.2 any patch pending \n Workstation 9.0.3 any patch pending \n Fusion 6.x OSX patch pending \n Fusion 5.x OSX patch pending \n Player 10.0.2 any patch pending \n Player 9.0.3 any patch pending \n\n Chargeback Manager 2.5.x patch pending \n\n Horizon Workspace Client for 1.8.1 OSX patch pending \n Mac\n Horizon Workspace Client for 1.5 OSX patch pending \n Mac\n Horizon Workspace Client for 1.8.1 Windows patch pending \n Windows \n Horizon Workspace Client for 1.5 Windows patch pending \n\n OVF Tool 3.5.1 patch pending \n OVF Tool 3.0.1 patch pending \n\n vCenter Operations Manager 5.8.1 patch pending \n\n vCenter Support Assistant 5.5.0 patch pending \n vCenter Support Assistant 5.5.1 patch pending \n \n vCD 5.1.2 patch pending \n vCD 5.1.3 patch pending \n vCD 5.5.1.1 patch pending \n vCenter Site Recovery Manager 5.0.3.1 patch pending \n\n Table 3\n =======\n The following table lists all affected clients running a\n vulnerable version of OpenSSL 0.9.8 or 1.0.1 and communicating\n over an untrusted network. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch \n ============== ======= ======= =============\n vCenter Server 5.5 any patch pending\n vCenter Server 5.1 any patch pending\n vCenter Server 5.0 any patch pending\n\n Update Manager 5.5 Windows patch pending\n Update Manager 5.1 Windows patch pending\n Update Manager 5.0 Windows patch pending \n\n Config Manager (VCM) 5.6 patch pending \n\n Horizon View Client 5.3.1 patch pending \n Horizon View Client 4.x patch pending\n Horizon Workspace 1.8.1 patch pending \n Horizon Workspace 1.5 patch pending \n \n \n ITBM Standard 1.0.1 patch pending \n ITBM Standard 1.0 patch pending \n \n Studio 2.6.0.0 patch pending \n \n Usage Meter 3.3 patch pending \n vCenter Chargeback Manager 2.6 patch pending \n vCenter Converter Standalone 5.5 patch pending \n vCenter Converter Standalone 5.1 patch pending \n vCD (VCHS) 5.6.2 patch pending \n \n vCenter Site Recovery Manager 5.5.1 patch pending \n vCenter Site Recovery Manager 5.1.1 patch pending\n\n vFabric Application Director 5.2.0 patch pending \n vFabric Application Director 5.0.0 patch pending \n View Client 5.3.1 patch pending \n View Client 4.x patch pending\n VIX API 5.5 patch pending \n VIX API 1.12 patch pending \n \n vMA (Management Assistant) 5.1.0.1 patch pending \n \n\n VMware Data Recovery 2.0.3 patch pending \n \n VMware vSphere CLI 5.5 patch pending \n \n vSphere Replication 5.5.1 patch pending \n vSphere Replication 5.6 patch pending \n vSphere SDK for Perl 5.5 patch pending \n vSphere Storage Appliance 5.5.1 patch pending \n vSphere Storage Appliance 5.1.3 patch pending \n vSphere Support Assistant 5.5.1 patch pending \n vSphere Support Assistant 5.5.0 patch pending\n vSphere Virtual Disk 5.5 patch pending \n Development Kit \n vSphere Virtual Disk 5.1 patch pending \n Development Kit\n vSphere Virtual Disk 5.0 patch pending \n Development Kit\n \n 4. Solution\n\n ESXi 5.5\n ----------------------------\n\n Download:\n https://www.vmware.com/patchmgr/download.portal\n\n Release Notes and Remediation Instructions:\n http://kb.vmware.com/kb/2077359\n\n 5. Change Log\n\n 2014-06-10 VMSA-2014-0006\n Initial security advisory in conjunction with the release of\n ESXi 5.5 updates on 2014-06-10\n\n- -----------------------------------------------------------------------\n \n7. Contact\n\n E-mail list for product security notifications and announcements:\n http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\n This Security Advisory is posted to the following lists:\n\n security-announce at lists.vmware.com\n bugtraq at securityfocus.com\n fulldisclosure at seclists.org\n\n E-mail: security at vmware.com\n PGP key at: http://kb.vmware.com/kb/1055\n\n VMware Security Advisories\n http://www.vmware.com/security/advisories\n\n VMware Security Response Policy\n https://www.vmware.com/support/policies/security_response.html\n\n VMware Lifecycle Support Phases\n https://www.vmware.com/support/policies/lifecycle.html\n \n Twitter\n https://twitter.com/VMwareSRC\n\n Copyright 2014 VMware Inc. All rights reserved. \n\nThe attack can only be performed between a vulnerable client *and*\nserver. \n\nThanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and\nresearching this issue. This issue was reported to OpenSSL on 1st May\n2014 via JPCERT/CC. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team partly based\non an original patch from KIKUCHI Masashi. \n\nDTLS recursion flaw (CVE-2014-0221)\n====================================\n\nBy sending an invalid DTLS handshake to an OpenSSL DTLS client the code\ncan be made to recurse eventually crashing in a DoS attack. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. \n\nThanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. This\nissue was reported to OpenSSL on 9th May 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\nOpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za\nOpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h. \n\nThanks to J\u00fcri Aedla for reporting this issue. This issue was\nreported to OpenSSL on 23rd April 2014 via HP ZDI. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. This flaw\nonly affects OpenSSL 1.0.0 and 1.0.1 where SSL_MODE_RELEASE_BUFFERS is\nenabled, which is not the default and not common. \n\nOpenSSL 1.0.0 users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 users should upgrade to 1.0.1h. \n\nThis issue was reported in public. The fix was developed by\nMatt Caswell of the OpenSSL development team. \nThis flaw only affects multithreaded applications using OpenSSL 1.0.0\nand 1.0.1, where SSL_MODE_RELEASE_BUFFERS is enabled, which is not the\ndefault and not common. \n\nOpenSSL 1.0.0 users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 users should upgrade to 1.0.1h. \n\nThis issue was reported in public. \n\nOpenSSL 0.9.8 users should upgrade to 0.9.8za\nOpenSSL 1.0.0 users should upgrade to 1.0.0m. \nOpenSSL 1.0.1 users should upgrade to 1.0.1h. \n\nThanks to Felix Gr\u00f6bert and Ivan Fratri\u0107 at Google for discovering this\nissue. This issue was reported to OpenSSL on 28th May 2014. \n\nThe fix was developed by Stephen Henson of the OpenSSL core team. \n\nOther issues\n============\n\nOpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for\nCVE-2014-0076: Fix for the attack described in the paper \"Recovering\nOpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack\"\nReported by Yuval Yarom and Naomi Benger. This issue was previously\nfixed in OpenSSL 1.0.1g. \n\n\nReferences\n==========\n\nURL for this Security Advisory:\nhttp://www.openssl.org/news/secadv_20140605.txt\n\nNote: the online version of the advisory may be updated with additional\ndetails over time. \n\nHP Systems Insight Manager v7.3 Hotfix kit\nHP Systems Insight Manager v7.2 Hotfix kit\n\nhttp://h18013.www1.hp.com/products/servers/management/hpsim/download.html\n\nNOTE: No reboot of the system is required after applying the HP SIM Hotfix\nkit. ============================================================================\nUbuntu Security Notice USN-2192-1\nMay 05, 2014\n\nopenssl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 13.10\n- Ubuntu 12.10\n- Ubuntu 12.04 LTS\n\nSummary:\n\nOpenSSL could be made to crash if it received specially crafted network\ntraffic. \n(CVE-2010-5298)\n\nIt was discovered that OpenSSL incorrectly handled memory in the\ndo_ssl3_write() function. \n(CVE-2014-0198)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n libssl1.0.0 1.0.1f-1ubuntu2.1\n\nUbuntu 13.10:\n libssl1.0.0 1.0.1e-3ubuntu1.3\n\nUbuntu 12.10:\n libssl1.0.0 1.0.1c-3ubuntu2.8\n\nUbuntu 12.04 LTS:\n libssl1.0.0 1.0.1-4ubuntu5.13\n\nAfter a standard system update you need to reboot your computer to make all\nthe necessary changes", "sources": [ { "db": "NVD", "id": "CVE-2010-5298" }, { "db": "BID", "id": "66801" }, { "db": "VULMON", "id": "CVE-2010-5298" }, { "db": "PACKETSTORM", "id": "127362" }, { "db": "PACKETSTORM", "id": "127923" }, { "db": "PACKETSTORM", "id": "127807" }, { "db": "PACKETSTORM", "id": "126927" }, { "db": "PACKETSTORM", "id": "130188" }, { "db": "PACKETSTORM", "id": "131044" }, { "db": "PACKETSTORM", "id": "140720" }, { "db": "PACKETSTORM", "id": "127326" }, { "db": "PACKETSTORM", "id": "127045" }, { "db": "PACKETSTORM", "id": "126961" }, { "db": "PACKETSTORM", "id": "128001" }, { "db": "PACKETSTORM", "id": "126481" }, { "db": "PACKETSTORM", "id": "126930" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2010-5298", "trust": 2.7 }, { "db": "JUNIPER", "id": "JSA10629", "trust": 1.4 }, { "db": "BID", "id": "66801", "trust": 1.4 }, { "db": "MCAFEE", "id": "SB10075", "trust": 1.4 }, { "db": "SECUNIA", "id": "59490", "trust": 1.1 }, { "db": "SECUNIA", "id": "59666", "trust": 1.1 }, { "db": "SECUNIA", "id": "59440", "trust": 1.1 }, { "db": "SECUNIA", "id": "59437", "trust": 1.1 }, { "db": "SECUNIA", "id": "58977", "trust": 1.1 }, { "db": "SECUNIA", "id": "59301", "trust": 1.1 }, { "db": "SECUNIA", "id": "59450", "trust": 1.1 }, { "db": "SECUNIA", "id": "59287", "trust": 1.1 }, { "db": "SECUNIA", "id": "59342", "trust": 1.1 }, { "db": "SECUNIA", "id": "59721", "trust": 1.1 }, { "db": "SECUNIA", "id": "59413", "trust": 1.1 }, { "db": "SECUNIA", "id": "58337", "trust": 1.1 }, { "db": "SECUNIA", "id": "59655", "trust": 1.1 }, { "db": "SECUNIA", "id": "58713", "trust": 1.1 }, { "db": "SECUNIA", "id": "59669", "trust": 1.1 }, { "db": "SECUNIA", "id": "59162", "trust": 1.1 }, { "db": "SECUNIA", "id": "58939", "trust": 1.1 }, { "db": "SECUNIA", "id": "59300", "trust": 1.1 }, { "db": "SECUNIA", "id": "59438", "trust": 1.1 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2014/04/13/1", "trust": 1.1 }, { "db": "ICS CERT", "id": "ICSA-14-198-03G", "trust": 0.4 }, { "db": "DLINK", "id": "SAP10045", "trust": 0.3 }, { "db": "JUNIPER", "id": "JSA10643", "trust": 0.3 }, { "db": "ICS CERT", "id": "ICSA-17-094-04", "trust": 0.3 }, { "db": "ICS CERT", "id": "ICSA-14-198-03F", "trust": 0.3 }, { "db": "ICS CERT", "id": "ICSA-14-198-03B", "trust": 0.3 }, { "db": "ICS CERT", "id": "ICSA-14-198-03C", "trust": 0.3 }, { "db": "ICS CERT", "id": "ICSA-14-198-03", "trust": 0.3 }, { "db": "ICS CERT", "id": "ICSA-14-198-03D", "trust": 0.3 }, { "db": "MCAFEE", "id": "SB10071", "trust": 0.3 }, { "db": "VULMON", "id": "CVE-2010-5298", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127362", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127923", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127807", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "126927", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "130188", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "131044", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "140720", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127326", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127045", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "126961", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "128001", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "126481", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "126930", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2010-5298" }, { "db": "BID", "id": "66801" }, { "db": "PACKETSTORM", "id": "127362" }, { "db": "PACKETSTORM", "id": "127923" }, { "db": "PACKETSTORM", "id": "127807" }, { "db": "PACKETSTORM", "id": "126927" }, { "db": "PACKETSTORM", "id": "130188" }, { "db": "PACKETSTORM", "id": "131044" }, { "db": "PACKETSTORM", "id": "140720" }, { "db": "PACKETSTORM", "id": "127326" }, { "db": "PACKETSTORM", "id": "127045" }, { "db": "PACKETSTORM", "id": "126961" }, { "db": "PACKETSTORM", "id": "128001" }, { "db": "PACKETSTORM", "id": "126481" }, { "db": "PACKETSTORM", "id": "126930" }, { "db": "NVD", "id": "CVE-2010-5298" } ] }, "id": "VAR-201404-0008", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.416493127826087 }, "last_update_date": "2024-07-23T20:53:19.246000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "The Register", "trust": 0.2, "url": "https://www.theregister.co.uk/2014/07/10/fireeye_patches_os_torpedo_exploitdb_disclosure/" }, { "title": "Ubuntu Security Notice: openssl vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-2192-1" }, { "title": "Debian Security Advisories: DSA-2908-1 openssl -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=438bf64e25a46a5ac11098b5720d1bb6" }, { "title": "Debian CVElist Bug Report Logs: openssl: CVE-2014-0198 Null pointer dereference bug in OpenSSL 1.0.1g and earlier", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=94b6140bb563b66b3bcd98992e854bf3" }, { "title": "Debian CVElist Bug Report Logs: openssl: CVE-2014-0076", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=1fc1fc75c3cab4aa04eb437a09a1da4f" }, { "title": "Debian CVElist Bug Report Logs: openssl: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=07d14df4883f21063a053cea8d2239c6" }, { "title": "Amazon Linux AMI: ALAS-2014-349", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2014-349" }, { "title": "Citrix Security Bulletins: Citrix Security Advisory for OpenSSL Vulnerabilities (June 2014)", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins\u0026qid=afbd3a710e98424e558b1b21482abad6" }, { "title": "Debian CVElist Bug Report Logs: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=eee4d8c3e2b11de5b15ee65d96af6c60" }, { "title": "Symantec Security Advisories: SA80 : OpenSSL Security Advisory 05-Jun-2014", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=dd4667746d163d08265dfdd4c98e4201" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - January 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51" }, { "title": "", "trust": 0.1, "url": "https://github.com/hrbrmstr/internetdb " } ], "sources": [ { "db": "VULMON", "id": "CVE-2010-5298" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-362", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2010-5298" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "http://www.openssl.org/news/secadv_20140605.txt" }, { "trust": 1.4, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140605-openssl" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676035" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677695" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676655" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677828" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676062" }, { "trust": 1.4, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10075" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676419" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678167" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673137" }, { "trust": 1.4, "url": "http://www.fortiguard.com/advisory/fg-ir-14-018/" }, { "trust": 1.4, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095757" }, { "trust": 1.4, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095756" }, { "trust": 1.4, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095755" }, { "trust": 1.4, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095754" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21683332" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677836" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676879" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676529" }, { "trust": 1.4, "url": "http://support.citrix.com/article/ctx140876" }, { "trust": 1.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5298" }, { "trust": 1.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0198" }, { "trust": 1.1, "url": "http://openwall.com/lists/oss-security/2014/04/13/1" }, { "trust": 1.1, "url": "http://svnweb.freebsd.org/ports/head/security/openssl/files/patch-ssl-s3_pkt.c?revision=351191\u0026view=markup" }, { "trust": 1.1, "url": "http://ftp.openbsd.org/pub/openbsd/patches/5.5/common/004_openssl.patch.sig" }, { "trust": 1.1, "url": "http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse" }, { "trust": 1.1, "url": "https://rt.openssl.org/ticket/display.html?id=3265\u0026user=guest\u0026pass=guest" }, { "trust": 1.1, "url": "http://www.openbsd.org/errata55.html#004_openssl" }, { "trust": 1.1, "url": "https://rt.openssl.org/ticket/display.html?id=2167\u0026user=guest\u0026pass=guest" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/66801" }, { "trust": 1.1, "url": "https://kb.bluecoat.com/index?page=content\u0026id=sa80" }, { "trust": 1.1, "url": "http://www.blackberry.com/btsc/kb36051" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59438" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59301" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59450" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59721" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59655" }, { "trust": 1.1, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59162" }, { "trust": 1.1, "url": "http://secunia.com/advisories/58939" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59666" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59490" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677527" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59669" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59413" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59300" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59342" }, { "trust": 1.1, "url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html" }, { "trust": 1.1, "url": "http://seclists.org/fulldisclosure/2014/dec/23" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140431828824371\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=141658880509699\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140448122410568\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140621259019789\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140544599631400\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140389274407904\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140904544427729\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140389355508263\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=140752315422991\u0026w=2" }, { "trust": 1.1, "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05301946" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html" }, { "trust": 1.1, "url": "https://www.novell.com/support/kb/doc.php?id=7015271" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676889" }, { "trust": 1.1, "url": "http://www.vmware.com/security/advisories/vmsa-2014-0006.html" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2014:090" }, { "trust": 1.1, "url": "http://www.ibm.com/support/docview.wss?uid=swg24037783" }, { "trust": 1.1, "url": "http://www.ibm.com/support/docview.wss?uid=swg21676356" }, { "trust": 1.1, "url": "http://security.gentoo.org/glsa/glsa-201407-05.xml" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59440" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59437" }, { "trust": 1.1, "url": "http://secunia.com/advisories/59287" }, { "trust": 1.1, "url": "http://secunia.com/advisories/58977" }, { "trust": 1.1, "url": "http://secunia.com/advisories/58713" }, { "trust": 1.1, "url": "http://secunia.com/advisories/58337" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136470.html" }, { "trust": 1.1, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=kb29195" }, { "trust": 1.1, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629" }, { "trust": 1.1, "url": "http://advisories.mageia.org/mgasa-2014-0187.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html" }, { "trust": 1.1, "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded" }, { "trust": 1.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0224" }, { "trust": 1.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0221" }, { "trust": 1.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3470" }, { "trust": 1.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0195" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0076" }, { "trust": 0.4, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03g" }, { "trust": 0.4, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05301946" }, { "trust": 0.4, "url": "https://rhn.redhat.com/errata/rhsa-2014-0625.html" }, { "trust": 0.4, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.4, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.4, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.3, "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10045" }, { "trust": 0.3, "url": "http://seclists.org/oss-sec/2014/q2/102" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629\u0026cat=sirt_1\u0026actp=list\u0026showdraft=false" }, { "trust": 0.3, "url": "http://blogs.citrix.com/2014/06/06/citrix-security-advisory-for-openssl-vulnerabilities-june-2014/" }, { "trust": 0.3, "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2010_5298_race_conditions" }, { "trust": 0.3, "url": "http://seclists.org/bugtraq/2014/aug/att-93/esa-2014-079.txt" }, { "trust": 0.3, "url": "http://www.freebsd.org/security/advisories/freebsd-sa-14:09.openssl.asc" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10643\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.3, "url": "http://www.openssl.org" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100181245" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21686583" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15328.html" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100181099" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100180978" }, { "trust": 0.3, "url": "http://ics-cert.us-cert.gov/advisories/icsa-14-198-03" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03d" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-094-04" }, { "trust": 0.3, "url": "http://btsc.webapps.blackberry.com/btsc/viewdocument.do;jsessionid=98ec479ee69ccb916d2ea4b09943faf5?nocount=true\u0026externalid=kb36051\u0026sliceid=1\u0026cmd=\u0026forward=nonthreadedkc\u0026command=show\u0026kcid=kb36051\u0026viewe" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04355095" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04368264" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04347622" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04345210" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349175" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349789" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349897" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04378799" }, { "trust": 0.3, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04379485" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678356" }, { "trust": 0.3, "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095940" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004830" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676889" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676041" }, { "trust": 0.3, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10071" }, { "trust": 0.3, "url": "https://www.xerox.com/download/security/security-bulletin/29a7e-50e49f9c009f9/cert_security_mini_bulletin_xrx14g_for_77xx_v1.1.pdf" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020200" }, { "trust": 0.3, "url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory8.asc" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676356" }, { "trust": 0.3, "url": "http://forums.alienvault.com/discussion/3054/security-advisory-alienvault-v4-10-0-addresses-several-vulnerabilities" }, { "trust": 0.3, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-345106.htm" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021009" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678104" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682025" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21690128" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004695" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03b" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03c" }, { "trust": 0.3, "url": "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03f" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020976" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020952" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1007987" }, { "trust": 0.3, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10629\u0026cat=sirt_1\u0026actp=list" }, { "trust": 0.2, "url": "http://www.hp.com/swpublishing/mtx-bd9a1cf60e344c549c4888db93" }, { "trust": 0.2, "url": "http://www.hp.com/swpublishing/mtx-3395d737d98f42149125b9bb05" }, { "trust": 0.2, "url": "http://www.hp.com/swpublishing/mtx-e8076c2a35804685ad65b2b1ba" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-0224.html" }, { "trust": 0.2, "url": "https://access.redhat.com/site/articles/11258" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-0198.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.2, "url": "https://access.redhat.com/site/articles/904433" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2010-5298.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-3470.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-0221.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2014-0195.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-5298" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0224" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3470" }, { "trust": 0.2, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0198" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3566" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/362.html" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2010-5298" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=33860" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/2192-1/" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-511c3e0b2f6f4f6bbc796fc619" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-3a7aa5e233904ebe847a5e1555" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-d775367b0a28449ca05660778b" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4618" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2520" }, { "trust": 0.1, "url": "https://support.emc.com/downloads/2732_documentum-server" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2521" }, { "trust": 0.1, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_n" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-f6c141a7feeb4a358bbb28300f" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-c0d32bac154a4d93839d8cd1f2" }, { "trust": 0.1, "url": "http://www.hp.com/swpublishing/mtx-8aefeaf490284a7691eca97d13" }, { "trust": 0.1, "url": "https://access.redhat.com/site/solutions/905793" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1796" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-6549" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0064" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1774" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1899" }, { "trust": 0.1, "url": "http://web.nvd.nist.gov/view/vuln/search" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1798" }, { "trust": 0.1, "url": "https://support.emc.com/products/28224_unisphere-central" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0160" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-2137" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0311" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1792" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0914" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0349" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0020" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1848" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0268" }, { "trust": 0.1, "url": "http://nvd.nist.gov)" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0216" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1767" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3389" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1860" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-6085" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0231" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-5885" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0913" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1797" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-5107" }, { "trust": 0.1, "url": "http://nvd.nist.gov/home.cfm." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-6548" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1772" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0289" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0288" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0287" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0209" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0195" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3571" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3566" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0287" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0160" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0286" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3513" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8275" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3567" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3572" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0209" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0289" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3513" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0204" }, { "trust": 0.1, "url": "http://openssl.org/news/secadv_20150319.txt" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3570" }, { "trust": 0.1, "url": "http://openssl.org/news/secadv_20150108.txt" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0204" }, { "trust": 0.1, "url": "http://www.mandriva.com/en/support/security/advisories/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3571" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0221" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0076" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0288" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0206" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0205" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0293" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3567" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3570" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0205" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8275" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3572" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3569" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0286" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3569" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0293" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2015-0206" }, { "trust": 0.1, "url": "http://www.hpe.com/support/security_bulletin_archive" }, { "trust": 0.1, "url": "https://www.hpe.com/info/report-security-vulnerability" }, { "trust": 0.1, "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2016-0705" }, { "trust": 0.1, "url": "http://www.hpe.com/support/subscriber_choice" }, { "trust": 0.1, "url": "http://h17007.www1.hp.com/us/en/enterprise/servers/products/service_pack/hpsu" }, { "trust": 0.1, "url": "https://twitter.com/vmwaresrc" }, { "trust": 0.1, "url": "http://www.vmware.com/security/advisories" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1055" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/2077359" }, { "trust": 0.1, "url": "https://www.vmware.com/support/policies/lifecycle.html" }, { "trust": 0.1, "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce" }, { "trust": 0.1, "url": "https://www.vmware.com/support/policies/security_response.html" }, { "trust": 0.1, "url": "https://www.vmware.com/patchmgr/download.portal" }, { "trust": 0.1, "url": "http://h18013.www1.hp.com/products/servers/management/hpsim/download.html" }, { "trust": 0.1, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_n" }, { "trust": 0.1, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_" }, { "trust": 0.1, "url": "http://h17007.www1.hp.com/us/en/enterprise/servers/solutions/info-library/ind" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.13" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.3" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openssl/1.0.1c-3ubuntu2.8" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-2192-1" }, { "trust": 0.1, "url": "https://access.redhat.com/site/solutions/906703" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2014-0628.html" } ], "sources": [ { "db": "VULMON", "id": "CVE-2010-5298" }, { "db": "BID", "id": "66801" }, { "db": "PACKETSTORM", "id": "127362" }, { "db": "PACKETSTORM", "id": "127923" }, { "db": "PACKETSTORM", "id": "127807" }, { "db": "PACKETSTORM", "id": "126927" }, { "db": "PACKETSTORM", "id": "130188" }, { "db": "PACKETSTORM", "id": "131044" }, { "db": "PACKETSTORM", "id": "140720" }, { "db": "PACKETSTORM", "id": "127326" }, { "db": "PACKETSTORM", "id": "127045" }, { "db": "PACKETSTORM", "id": "126961" }, { "db": "PACKETSTORM", "id": "128001" }, { "db": "PACKETSTORM", "id": "126481" }, { "db": "PACKETSTORM", "id": "126930" }, { "db": "NVD", "id": "CVE-2010-5298" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2010-5298" }, { "db": "BID", "id": "66801" }, { "db": "PACKETSTORM", "id": "127362" }, { "db": "PACKETSTORM", "id": "127923" }, { "db": "PACKETSTORM", "id": "127807" }, { "db": "PACKETSTORM", "id": "126927" }, { "db": "PACKETSTORM", "id": "130188" }, { "db": "PACKETSTORM", "id": "131044" }, { "db": "PACKETSTORM", "id": "140720" }, { "db": "PACKETSTORM", "id": "127326" }, { "db": "PACKETSTORM", "id": "127045" }, { "db": "PACKETSTORM", "id": "126961" }, { "db": "PACKETSTORM", "id": "128001" }, { "db": "PACKETSTORM", "id": "126481" }, { "db": "PACKETSTORM", "id": "126930" }, { "db": "NVD", "id": "CVE-2010-5298" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-04-14T00:00:00", "db": "VULMON", "id": "CVE-2010-5298" }, { "date": "2014-04-13T00:00:00", "db": "BID", "id": "66801" }, { "date": "2014-07-06T18:53:39", "db": "PACKETSTORM", "id": "127362" }, { "date": "2014-08-19T16:52:04", "db": "PACKETSTORM", "id": "127923" }, { "date": "2014-08-08T21:53:16", "db": "PACKETSTORM", "id": "127807" }, { "date": "2014-06-05T15:17:27", "db": "PACKETSTORM", "id": "126927" }, { "date": "2015-01-30T22:43:20", "db": "PACKETSTORM", "id": "130188" }, { "date": "2015-03-27T20:42:44", "db": "PACKETSTORM", "id": "131044" }, { "date": "2017-01-25T21:54:44", "db": "PACKETSTORM", "id": "140720" }, { "date": "2014-07-02T21:43:37", "db": "PACKETSTORM", "id": "127326" }, { "date": "2014-06-11T23:18:46", "db": "PACKETSTORM", "id": "127045" }, { "date": "2014-06-05T21:13:52", "db": "PACKETSTORM", "id": "126961" }, { "date": "2014-08-26T11:11:00", "db": "PACKETSTORM", "id": "128001" }, { "date": "2014-05-05T17:16:01", "db": "PACKETSTORM", "id": "126481" }, { "date": "2014-06-05T15:19:35", "db": "PACKETSTORM", "id": "126930" }, { "date": "2014-04-14T22:38:08.590000", "db": "NVD", "id": "CVE-2010-5298" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-08-29T00:00:00", "db": "VULMON", "id": "CVE-2010-5298" }, { "date": "2017-05-23T16:24:00", "db": "BID", "id": "66801" }, { "date": "2022-08-29T20:53:02.917000", "db": "NVD", "id": "CVE-2010-5298" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "66801" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL \u0027ssl3_release_read_buffer()\u0027 Use-After-Free Memory Corruption Vulnerability", "sources": [ { "db": "BID", "id": "66801" } ], "trust": 0.3 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Design Error", "sources": [ { "db": "BID", "id": "66801" } ], "trust": 0.3 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.