Lucene search
+L

165 matches found

cbl_mariner
cbl_mariner
added 2024/04/30 1:31 a.m.20 views

CVE-2021-3602 affecting package cri-o for versions less than 1.21.7-2

CVE-2021-3602 affecting package cri-o for versions less than 1.21.7-2. A patched version of the package is available...

5.5CVSS6AI score0.00327EPSS
Exploits0
ossf
ossf
added 2024/01/24 8:23 p.m.5 views

Malicious code in wlwz-2312-3602 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware da808703d524fdcc6aa062b469243740cb1f96ddce506044463df68479f1bd70 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
nessus
nessus
added 2024/01/17 12:0 a.m.25 views

Oracle Essbase Multiple Vulnerabilities (January 2024 CPU)

The version of Oracle Essbase installed on the remote host is missing a security patch from the January 2024 Critical Patch Update CPU. It is, therefore, affected by: - Vulnerability in Oracle Essbase component: Essbase Web Platform OpenSSL. Easily exploitable vulnerability allows unauthenticated...

9.8CVSS7.4AI score0.9077EPSS
Exploits12References5
citrix
citrix
added 2023/11/22 12:0 a.m.13 views

Citrix Delivery Controllers generates Event ID 505 and Event ID 3602 continuously

Upgrading CVAD version to 2308 generates“Citrix ConfigSync Service” with "Event ID “505 ” and "Citrix High Availability Service" with "Event ID 3602" The Citrix Config Sync Service failed an import. Error details: Error importing configuration data into secondary Broker...

7.2AI score
Exploits0
nessus
nessus
added 2023/11/07 12:0 a.m.21 views

Rocky Linux 8 : container-tools:3.0 (RLSA-2021:4222)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:4222 advisory. - An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds e.g. Dockerfile RUN...

5.5CVSS6AI score0.00327EPSS
Exploits0References4
nessus
nessus
added 2023/11/07 12:0 a.m.42 views

Rocky Linux 8 : container-tools:2.0 (RLSA-2021:4221)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:4221 advisory. - An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds e.g. Dockerfile RUN...

5.5CVSS6AI score0.00327EPSS
Exploits0References3
cve
cve
added 2023/07/28 9:27 a.m.9842 views

CVE-2202-3602

CVE-2022-3602 is an OpenSSL OpenSSL 3.x risk (X.509 certificate verification buffer overrun). It was addressed by fixes in OpenSSL 3.0.7 and is discussed alongside CVE-2022-3786. Microsoft guidance notes that OpenSSL 3.0.x remains affected until patched; affected products include OpenSSL consumer...

7.5AI score
Exploits0References1
openvas
openvas
added 2023/07/10 12:0 a.m.28 views

Mageia: Security Advisory (MGASA-2023-0213)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.9AI score0.06975EPSS
Exploits7References47
mageia
mageia
added 2023/07/07 5:54 a.m.63 views

Updated skopeo/buildah/podman packages fix security vulnerability

Information disclosure flaw was found in Buildah CVE-2021-3602 podman allows forwarding hosts ports to vm from within vm CVE-2021-4024 Allows use "../" separators in containernetworking/cni to reference binaries such as 'reboot' in network configuration CVE-2021-20206 github.com/containers/storag...

8.8CVSS7.1AI score0.06975EPSS
Exploits7References45
nessus
nessus
added 2023/04/04 12:0 a.m.25 views

Juniper Junos OS Multiple Vulnerabilities (JSA69999)

The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA69999 advisory. - A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain...

7.5CVSS8.8AI score0.92488EPSS
Exploits6References6
ibm
ibm
added 2023/03/07 9:44 a.m.65 views

Security Bulletin: IBM Observability with Instana (OnPrem) affected by OpenSSL vulnerabilities.

Summary IBM Observability with Instana OnPrem has addressed the following OpenSSL vulnerabilities in it's self-hosted Docker-based installer: CVE-2022-3602 and CVE-2022-3786. Vulnerability Details CVEID:CVE-2022-3602 DESCRIPTION: OpenSSL is vulnerable to a stack-based buffer overflow, caused by...

7.5CVSS8.5AI score0.92488EPSS
Exploits6Affected Software1
ibm
ibm
added 2023/02/02 4:40 p.m.45 views

Security Bulletin: IBM Aspera faspio Gateway affected by OpenSSL vulnerabilities (CVE-2022-3602, CVE-2022-3786)

Summary IBM Aspera faspio Gateway 1.3.1 has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2022-3602 DESCRIPTION: OpenSSL is vulnerable to a stack-based buffer overflow, caused by improper bounds checking during X.509 certificate verification. By using a specially-crafte...

7.5CVSS8.3AI score0.92488EPSS
Exploits6Affected Software1
intel
intel
added 2023/02/02 12:0 a.m.155 views

Intel® Software Products Advisory for OpenSSL Vulnerabilities (CVE-2022-3786 & CVE-2022-3602) Advisory

Summary: Security vulnerabilities in OpenSSL for some Intel® software products may allow denial of service. Intel is releasing software product updates to mitigate these vulnerabilities. Vulnerability Details: CVEID: CVE-2022-3602 Non-Intel issued and CVE-2022-3786 Non-Intel issued Description:...

7.5CVSS8.1AI score0.92488EPSS
Exploits6
ics
ics
added 2023/01/19 12:0 a.m.85 views

Hitachi Energy PCU400

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: PCU400 Vulnerabilities: Reliance on Uncontrolled Component 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in a denial-of-service condition on...

7.5CVSS8.5AI score0.92488EPSS
Exploits6References3
ibm
ibm
added 2022/12/30 3:9 p.m.80 views

Security Bulletin: OpenSSL vulnerabilities might impact IBM Cloud Application Business Insights - CVE-2022-3602 & CVE-2022-3786

Summary OpenSSL vulnerabilities might impact IBM Cloud Application Business Insights - CVE-2022-3602 & CVE-2022-3786. Vulnerability Details CVEID:CVE-2022-3602 DESCRIPTION: OpenSSL is vulnerable to a stack-based buffer overflow, caused by improper bounds checking during X.509 certificate...

7.5CVSS8.5AI score0.92488EPSS
Exploits6Affected Software1
ics
ics
added 2022/12/13 12:0 a.m.69 views

Siemens Products affected by OpenSSL 3.0

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

7.5CVSS7.7AI score0.92488EPSS
Exploits6References10
oraclelinux
oraclelinux
added 2022/11/15 12:0 a.m.46 views

container-tools:3.0 security update

buildah 1.19.9-6 - update to the latest content of https://github.com/containers/buildah/tree/release-1.19 https://github.com/containers/buildah/commit/6d7f496 - Related: 2061390 1.19.9-5 - update to the latest content of https://github.com/containers/buildah/tree/release-1.19...

8.5CVSS8.6AI score0.06604EPSS
Exploits4
rapid7blog
rapid7blog
added 2022/11/11 1:41 p.m.52 views

Rapid7’s Impact from OpenSSL Buffer Overflow Vulnerabilities (CVE-2022-3786 & CVE-2022-3602)

As stated in our OpenSSL Buffer Overflow blog post, the CVE-2022-3786 & CVE-2022-3602 vulnerabilities affecting OpenSSL’s 3.0.x versions both rely on a maliciously crafted email address in a certificate. CVE-2022-3786 can overflow an arbitrary number of bytes on the stack with the “.” character a...

3.7AI score0.92488EPSS
Exploits6
openvas
openvas
added 2022/11/10 12:0 a.m.30 views

Tenable Nessus Agent < 10.2.1 Multiple Vulnerabilities (TNS-2022-22)

Tenable Nessus Agent is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tenable:nessusagent";...

7.5CVSS8.7AI score0.92488EPSS
Exploits6References1
qualysblog
qualysblog
added 2022/11/08 9:0 p.m.93 views

November 2022 Patch Tuesday | Microsoft Releases 65 New Vulnerabilities with 10 Critical; Adobe Releases Zero Advisories (for the first time in six years).

Microsoft Patch Tuesday Summary Microsoft has fixed 65 new vulnerabilities aka flaws in the November 2022 update, including ten 10 vulnerabilities classified as Critical as they allow Denial of Service DoS, Elevation of Privilege EoP, and Remote Code Execution RCE. This months Patch Tuesday...

0.2AI score0.9997EPSS
Exploits69
Rows per page
Query Builder