116 matches found
Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates
Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.15 LTS and 12.15.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...
Advisory ROSA-SA-2025-2858
Software: openssl 1.1.1k OS: ROSA Virtualization 3.0 packageevrstring: openssl-1.1.1k-14.0.2.rv30 CVE-ID: CVE-2020-1971 BDU-ID: 2021-00872 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the GENERALNAMEcmp function of the OpenSSL library is related to pointer dereferencing errors. Exploitation of...
CVE-2023-0465 affecting package hvloader for versions less than 1.0.1-9
CVE-2023-0465 affecting package hvloader for versions less than 1.0.1-9. A patched version of the package is available...
Security Bulletin: Multiple Vulnerabilities in OpenSSL Affect IBM Sterling Connect:Direct for HP
Summary There are multiple vulnerabilities in the OpenSSL library used by IBM Sterling Connect:Direct for HP NonStop. IBM Sterling Connect:Direct for HP NonStop has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-0466 DESCRIPTION: The function X509VERIFYPARAMadd0policy is...
edk2 security update
Mon Sep 09 2024 Aaron Young - Create new 20240909 release for OL9 which includes the following fixed CVEs: - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access Orabug: 36990130 CVE-2024-1298 - EDK...
Security Bulletin: IBM Master Data Management vulnerable to remote attacker due to flaws found in OpenSSL (CVE-2023-0466, CVE-2023-0465)
Summary IBM Master Data Management v11.6, and v12.0 are vulnerable to remote attackers due to flaws found in OpenSSL. OpenSSL could allow a remote attacker to bypass security restrictions, caused by a flaw in the X509VERIFYPARAMadd0policy function. By using invalid certificate policies, an attack...
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2024-2287)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Photon OS 4.0: Nodejs PHSA-2023-4.0-0417
An update of the nodejs package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-4.0-0417. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Photon OS 5.0: Openssl PHSA-2023-5.0-0034
An update of the openssl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-5.0-0034. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Photon OS 4.0: Openssl PHSA-2023-4.0-0406
An update of the openssl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-4.0-0406. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
CBL Mariner 2.0 Security Update: edk2 / hvloader / openssl / nodejs18 (CVE-2023-0465)
The version of edk2 / hvloader / openssl / nodejs18 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-0465 advisory. - Applications that use a non-default option when verifying certificates May be...
Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1706)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2023-0465 affecting package edk2 for versions less than 20230301gitf80f052277c8-37
CVE-2023-0465 affecting package edk2 for versions less than 20230301gitf80f052277c8-37. A patched version of the package is available...
Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1299)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OESA-2024-1238 edk2 security update
EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy...
OESA-2024-1135 nodejs security update
Node.js is an open-source, cross-platform, JavaScript runtime environment, it executes JavaScript code outside of a browser. Security Fixes: A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include polic...
EulerOS Virtualization 3.0.6.6 : openssl (EulerOS-SA-2023-3408)
According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certifica...
EulerOS 2.0 SP11 : shim (EulerOS-SA-2023-2669)
According to the versions of the shim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain...
EulerOS Virtualization 2.11.0 : openssl (EulerOS-SA-2023-2767)
According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certifica...
EulerOS Virtualization 2.11.0 : shim (EulerOS-SA-2023-2774)
According to the versions of the shim package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to...