165 matches found
CVE-2021-3602 affecting package cri-o for versions less than 1.21.7-2
CVE-2021-3602 affecting package cri-o for versions less than 1.21.7-2. A patched version of the package is available...
Malicious code in wlwz-2312-3602 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware da808703d524fdcc6aa062b469243740cb1f96ddce506044463df68479f1bd70 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Oracle Essbase Multiple Vulnerabilities (January 2024 CPU)
The version of Oracle Essbase installed on the remote host is missing a security patch from the January 2024 Critical Patch Update CPU. It is, therefore, affected by: - Vulnerability in Oracle Essbase component: Essbase Web Platform OpenSSL. Easily exploitable vulnerability allows unauthenticated...
Citrix Delivery Controllers generates Event ID 505 and Event ID 3602 continuously
Upgrading CVAD version to 2308 generates“Citrix ConfigSync Service” with "Event ID “505 ” and "Citrix High Availability Service" with "Event ID 3602" The Citrix Config Sync Service failed an import. Error details: Error importing configuration data into secondary Broker...
Rocky Linux 8 : container-tools:3.0 (RLSA-2021:4222)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:4222 advisory. - An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds e.g. Dockerfile RUN...
Rocky Linux 8 : container-tools:2.0 (RLSA-2021:4221)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:4221 advisory. - An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds e.g. Dockerfile RUN...
CVE-2202-3602
CVE-2022-3602 is an OpenSSL OpenSSL 3.x risk (X.509 certificate verification buffer overrun). It was addressed by fixes in OpenSSL 3.0.7 and is discussed alongside CVE-2022-3786. Microsoft guidance notes that OpenSSL 3.0.x remains affected until patched; affected products include OpenSSL consumer...
Mageia: Security Advisory (MGASA-2023-0213)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated skopeo/buildah/podman packages fix security vulnerability
Information disclosure flaw was found in Buildah CVE-2021-3602 podman allows forwarding hosts ports to vm from within vm CVE-2021-4024 Allows use "../" separators in containernetworking/cni to reference binaries such as 'reboot' in network configuration CVE-2021-20206 github.com/containers/storag...
Juniper Junos OS Multiple Vulnerabilities (JSA69999)
The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA69999 advisory. - A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain...
Security Bulletin: IBM Observability with Instana (OnPrem) affected by OpenSSL vulnerabilities.
Summary IBM Observability with Instana OnPrem has addressed the following OpenSSL vulnerabilities in it's self-hosted Docker-based installer: CVE-2022-3602 and CVE-2022-3786. Vulnerability Details CVEID:CVE-2022-3602 DESCRIPTION: OpenSSL is vulnerable to a stack-based buffer overflow, caused by...
Security Bulletin: IBM Aspera faspio Gateway affected by OpenSSL vulnerabilities (CVE-2022-3602, CVE-2022-3786)
Summary IBM Aspera faspio Gateway 1.3.1 has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2022-3602 DESCRIPTION: OpenSSL is vulnerable to a stack-based buffer overflow, caused by improper bounds checking during X.509 certificate verification. By using a specially-crafte...
Intel® Software Products Advisory for OpenSSL Vulnerabilities (CVE-2022-3786 & CVE-2022-3602) Advisory
Summary: Security vulnerabilities in OpenSSL for some Intel® software products may allow denial of service. Intel is releasing software product updates to mitigate these vulnerabilities. Vulnerability Details: CVEID: CVE-2022-3602 Non-Intel issued and CVE-2022-3786 Non-Intel issued Description:...
Hitachi Energy PCU400
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: PCU400 Vulnerabilities: Reliance on Uncontrolled Component 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in a denial-of-service condition on...
Security Bulletin: OpenSSL vulnerabilities might impact IBM Cloud Application Business Insights - CVE-2022-3602 & CVE-2022-3786
Summary OpenSSL vulnerabilities might impact IBM Cloud Application Business Insights - CVE-2022-3602 & CVE-2022-3786. Vulnerability Details CVEID:CVE-2022-3602 DESCRIPTION: OpenSSL is vulnerable to a stack-based buffer overflow, caused by improper bounds checking during X.509 certificate...
Siemens Products affected by OpenSSL 3.0
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...
container-tools:3.0 security update
buildah 1.19.9-6 - update to the latest content of https://github.com/containers/buildah/tree/release-1.19 https://github.com/containers/buildah/commit/6d7f496 - Related: 2061390 1.19.9-5 - update to the latest content of https://github.com/containers/buildah/tree/release-1.19...
Rapid7’s Impact from OpenSSL Buffer Overflow Vulnerabilities (CVE-2022-3786 & CVE-2022-3602)
As stated in our OpenSSL Buffer Overflow blog post, the CVE-2022-3786 & CVE-2022-3602 vulnerabilities affecting OpenSSL’s 3.0.x versions both rely on a maliciously crafted email address in a certificate. CVE-2022-3786 can overflow an arbitrary number of bytes on the stack with the “.” character a...
Tenable Nessus Agent < 10.2.1 Multiple Vulnerabilities (TNS-2022-22)
Tenable Nessus Agent is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tenable:nessusagent";...
November 2022 Patch Tuesday | Microsoft Releases 65 New Vulnerabilities with 10 Critical; Adobe Releases Zero Advisories (for the first time in six years).
Microsoft Patch Tuesday Summary Microsoft has fixed 65 new vulnerabilities aka flaws in the November 2022 update, including ten 10 vulnerabilities classified as Critical as they allow Denial of Service DoS, Elevation of Privilege EoP, and Remote Code Execution RCE. This months Patch Tuesday...