142 matches found
MiracleLinux 8 : openssl-1.1.1k-4.el8 (AXSA:2021-2623:05)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2623:05 advisory. openssl: integer overflow in CipherUpdate CVE-2021-23840 openssl: NULL pointer dereference in X509issuerandserialhash CVE-2021-23841 Tenable has...
TencentOS Server 2: openssl (TSSA-2023:0336)
The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0336 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...
CVE-2021-23840 affecting package shim-unsigned-x64 for versions less than 1.1.1-1
CVE-2021-23840 affecting package shim-unsigned-x64 for versions less than 1.1.1-1. A patched version of the package is available...
Linux Distros Unpatched Vulnerability : CVE-2021-23840
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the...
edk2 security update
Mon Sep 09 2024 Aaron Young - Create new 20240909 release for OL9 which includes the following fixed CVEs: - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access Orabug: 36990130 CVE-2024-1298 - EDK...
Ubuntu: Security Advisory (USN-7018-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Photon OS 3.0: Nxtgn PHSA-2021-3.0-0200
An update of the nxtgn package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-3.0-0200. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
edk2 security update
20230821 - Create new 20230821 release for OL9 which includes the following fixed CVEs: CVE-2019-14560 - Update to OpenSSL 1.1.1v which includes the following fixed CVEs: CVE-2023-3817 CVE-2023-3446 CVE-2023-2650 CVE-2023-0465 CVE-2023-0466 CVE-2023-0464 CVE-2023-0286 CVE-2023-0215 CVE-2022-4450...
edk2 security update
20230821 - Create new 20230821 release for OL7 which includes the following fixed CVEs: CVE-2019-14560 - Update to OpenSSL 1.1.1v which includes the following fixed CVEs: CVE-2023-3817 CVE-2023-3446 CVE-2023-2650 CVE-2023-0465 CVE-2023-0466 CVE-2023-0464 CVE-2023-0286 CVE-2023-0215 CVE-2022-4450...
Puppet Agent 6.x < 6.22.1 / 7.x < 7.6.1 Vulnerability
On February 16, 2021, OpenSSL published security updates addressing CVE-2021-23841, CVE-2021-23839, and CVE-2021-23840. Previous releases of Puppet Agent contain a vulnerable version of OpenSSL. For more information about this vulnerability, refer to the OpenSSL security announcement. Note that...
Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2021-23839, CVE-2021-23840, CVE-2021-23841
Summary There are vulnerabilities CVE-2021-23839, CVE-2021-23840, CVE-2021-23841 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2021-23839 DESCRIPTION: OpenSSL could provide weaker than expected security, caused by incorrect SSLv2 rollback protection that...
Huawei EulerOS: Security Advisory for shim-signed (EulerOS-SA-2023-1748)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM Safer Payments is vulnerable to multiple OpenSSL vulnerabilities (CVE-2021-23839, CVE-2021-23840, CVE-2021-23841)
Summary IBM Safer Payments uses OpenSSL. These OpenSSL vulnerabilities are addressed in IBM Safer Payments. Vulnerability Details CVEID:CVE-2021-23839 DESCRIPTION: OpenSSL could provide weaker than expected security, caused by incorrect SSLv2 rollback protection that allows for the inversion of t...
SUSE CVE-2021-23840
Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...
Security Bulletin: IBM Aspera Orchestrator affected by OpenSSL vulnerabilities (CVE-2021-23839, CVE-2021-23840, CVE-2021-23841)
Summary The following vulnerabilities have been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2021-23839 DESCRIPTION: OpenSSL could provide weaker than expected security, caused by incorrect SSLv2 rollback protection that allows for the inversion of the logic during ...
Security Bulletin: IBM Security Guardium is affected by OpenSSL denial of service vulnerabilities (CVE-2021-23840, CVE-2021-23841)
Summary IBM Security Guardium has fixed these vulnerabilities. Vulnerability Details CVEID: CVE-2021-23840 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an integer overflow in CipherUpdate. By sending an overly long argument, an attacker could exploit this vulnerability to...
Mitsubishi Electric MELSOFT GT OPC UA
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSOFT GT OPC UA Client Vulnerabilities: Out-of-bounds Read, Integer Overflow or Wraparound 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...
NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Multiple Vulnerabilities (NS-SA-2022-0017)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssl packages installed that are affected by multiple vulnerabilities: - Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is clo...
Security Bulletin: IBM InfoSphere Master Data Management Server vulnerability in OpenSSL
Summary The vulnerability in CVE-2021-23839, CVE-2021-23840, CVE-2021-23841 have been addressed in the latest interim Fix iFix available on Fix Central for all 3 affected versions. Vulnerability Details CVEID: CVE-2021-23839 DESCRIPTION: OpenSSL could provide weaker than expected security, caused...
Security Bulletin: IBM QRadar Network Security is affected by denial of service vulnerabilities in OpenSSL (CVE-2021-23840, CVE-2021-23841)
Summary IBM QRadar Network Security has addressed vulnerabilities in OpenSSL. The issues could lead to a denial of service. Vulnerability Details CVEID: CVE-2021-23840 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an integer overflow in CipherUpdate. By sending an overly lo...