MiracleLinux 8 : edk2-20220126gitbb1bba3d77-4.el8 (AXSA:2023-5950:03)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5950:03 advisory. openssl: X.400 address type confusion in X.509 GeneralName CVE-2023-0286 openssl: timing attack in RSA Decryption implementation CVE-2022-4304...

Hitachi ABB AFS Double Free (CVE-2022-4450)

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public structure definition for GENERALNAME incorrectly specified the type of the x400Address field as ASN1TYPE. This plugin only works wi...

TencentOS Server 3: openssl (TSSA-2023:0040)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0040 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Alibaba Cloud Linux 3 : 0033: openssl (ALINUX3-SA-2023:0033)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2023:0033 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-4304: A timing based side channel...

Linux Distros Unpatched Vulnerability : CVE-2022-4450

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the name e.g. CERTIFICATE, any header data and the payload data. If the function...

Azure Linux 3.0 Security Update: cloud-hypervisor / edk2 / hvloader / openssl / rust (CVE-2022-4450)

The version of cloud-hypervisor / edk2 / hvloader / openssl / rust installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-4450 advisory. - The function PEMreadbioex reads a PEM file from a BIO and parses...

CVE-2022-4450 affecting package rust 1.59.0-1

CVE-2022-4450 affecting package rust 1.59.0-1. This CVE either no longer is or was never applicable...

edk2 security update

Mon Sep 09 2024 Aaron Young - Create new 20240909 release for OL9 which includes the following fixed CVEs: - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access Orabug: 36990130 CVE-2024-1298 - EDK...

Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System [CVE-2022-4450, CVE-2023-0216, CVE-2023-0401, CVE-2022-4203, CVE-2023-0217]

Summary Redhat provided OpenSSL is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2022-4450, CVE-2023-0216, CVE-2023-0401, CVE-2022-4203, CVE-2023-0217 Vulnerability Details CVEID:CVE-2022-4450 DESCRIPTION: OpenSSL is vulnerable to a...

CVE-2022-4450 affecting package hvloader for versions less than 1.0.1-4

CVE-2022-4450 affecting package hvloader for versions less than 1.0.1-4. An upgraded version of the package is available that resolves this issue...

Hitachi Energy AFS/AFR Series Products

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Hitachi Energy Equipment : AFS650, AFS660, AFS665, AFS670, AFS675, AFS677, AFR677 Vulnerabilities : Type Confusion, Use After Free, Double Free, Observable Discrepancy 2. RISK EVALUATION...

CBL Mariner 2.0 Security Update: cloud-hypervisor / edk2 / hvloader / openssl / rust (CVE-2022-4450)

The version of cloud-hypervisor / edk2 / hvloader / openssl / rust installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-4450 advisory. - The function PEMreadbioex reads a PEM file from a BIO and parses...

RHEL 9 : openssl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openssl: double free after calling PEMreadbioex CVE-2022-4450 - Issue summary: Checking excessively long ...

CVE-2022-4450 affecting package hvloader for versions less than 1.0.1-2

CVE-2022-4450 affecting package hvloader for versions less than 1.0.1-2. A patched version of the package is available...

openSUSE: Security Advisory for openssl (SUSE-SU-2023:0311-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for openssl (SUSE-SU-2023:0312-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: This Power System update is being released to address CVE-2022-4304 CVE-2022-4450 CVE-2023-0215, and CVE-2023-0286

Summary The OpenSSL library is used by the Virtualization Management Interface in PowerVM to support network communication with the Hardware Management Console. This bulletin provides a remediation for the impacted vulnerabilities, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, and CVE-2023-0286, b...

Ubuntu: Security Advisory (USN-6564-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6564-1 nodejs vulnerabilities

Hubert Kario discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. CVE-2022-4304 CarpetFuzz, Dawei Wang discovered that...

USN-6564-1: Node.js vulnerabilities

Hubert Kario discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. CVE-2022-4304 CarpetFuzz, Dawei Wang discovered that...