MiracleLinux 8 : openssl-1.1.1g-15.el8 (AXSA:2021-1621:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1621:02 advisory. openssl: NULL pointer dereference in signaturealgorithms processing CVE-2021-3449 openssl: CA certificate check bypass with X509VFLAGX509STRICT...

Alibaba Cloud Linux 3 : 0021: openssl (ALINUX3-SA-2021:0021)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0021 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-3449: An OpenSSL TLS server may...

edk2 security update

Mon Sep 09 2024 Aaron Young - Create new 20240909 release for OL9 which includes the following fixed CVEs: - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access Orabug: 36990130 CVE-2024-1298 - EDK...

edk2 security update

20230821 - Create new 20230821 release for OL7 which includes the following fixed CVEs: CVE-2019-14560 - Update to OpenSSL 1.1.1v which includes the following fixed CVEs: CVE-2023-3817 CVE-2023-3446 CVE-2023-2650 CVE-2023-0465 CVE-2023-0466 CVE-2023-0464 CVE-2023-0286 CVE-2023-0215 CVE-2022-4450...

edk2 security update

20230821 - Create new 20230821 release for OL9 which includes the following fixed CVEs: CVE-2019-14560 - Update to OpenSSL 1.1.1v which includes the following fixed CVEs: CVE-2023-3817 CVE-2023-3446 CVE-2023-2650 CVE-2023-0465 CVE-2023-0466 CVE-2023-0464 CVE-2023-0286 CVE-2023-0215 CVE-2022-4450...

Rocky Linux 8 : openssl (RLSA-2021:1024)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:1024 advisory. - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello...

Puppet Agent 6.x < 6.22.1 / 7.x < 7.6.1. Vulnerability

On March 25, 2021, OpenSSL published security updates addressing CVE-2021-3450 and CVE-2021-3449. Previous releases of Puppet Agent contain a vulnerable version of OpenSSL. For more information about this vulnerability, refer to the OpenSSL security announcement:...

BELL-CVE-2021-3450 CVE-2021-3450 does not affect BellSoft software

Bulletin has no description...

Security Bulletin: OpenSSL security vulnerability CVE-2021-3449 and CVE-2021-3450 in IBM Safer Payments versions of 6.1 and 6.2 below 6.1.0.08 and 6.2.1.03

Summary CVE-2021-3449: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signaturealgorithms processing. By sending a specially crafted renegotiation ClientHello message from a client, a remote attacker could exploit this vulnerability to cause the TLS server t...

SUSE CVE-2021-3450

The X509VFLAGX509STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an...

SA44845 - OpenSSL Security Advisory CVE-2021-3450

On March 25 2021, the OpenSSL project announced a new security advisory. These issues may affect Pulse Secure product. Refer to KB43892 - What releases will Pulse Secure apply fixes to resolve security vulnerabilities per our End of Engineering EOE and End of Life EOL policies. The OpenSSL adviso...

Security Bulletin: Multiple Vulnerabilities in Node.js affects IBM Netcool Agile Service Manager

Summary Multiple vulnerabilities in Node.js used by IBM Netcool Agile Service Manager have been identified. Netcool Agile Service Manager has addressed these CVEs. Vulnerability Details CVEID: CVE-2021-3450 DESCRIPTION: OpenSSL could allow a remote attacker to bypass security restrictions, caused...

Security Bulletin: IBM Security Verify Adapters are vulnerable to denial of service and bypass security restrictions due to OpenSSL (CVE-2021-3449, CVE-2021-3450)

Summary OpenSSL is used by the IBM Security Verify Adapters as part of its SSL communication. IBM Security Verify Adapters are vulnerable to denial of service CVE-2021-3449 and could allow a remote attacker to bypass security restrictions CVE-2021-3450 The fix includes OpenSSL version 1.1.1k...

Vulnerabilities fixed in Oracle Enterprise Manager

Oracle has remedied vulnerabilities in the following Enterprise Manager products: Enterprise Manager Base Platform Enterprise Manager for Peoplesoft Application Testing Suite Enterprise Manager Ops Center Enterprise Manager for Storage Management The vulnerabilities allow a malicious person to...

Siemens SINEC INS

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEC INS Vulnerability: Using Components with Known Vulnerabilities 2. RISK EVALUATION Successful exploitation of this vulnerability in third-party components could allow an attacker...

AlmaLinux 8 : openssl (ALSA-2021:1024)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:1024 advisory. - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello...

Security Bulletin: This Power System update is being released to address CVE 2021-3450 and CVE 2021-3449

Summary POWER9: In response to security issues with BMC's HTTPS server, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue numbers CVE 2021-3450 and CVE 2021-3449. Vulnerability Details CVEID: CVE-2021-3450 DESCRIPTION: OpenSSL could allow a...

Security Updates for Microsoft Visual Studio Products (October 2021)

The Microsoft Visual Studio Products are missing a security update. They are, therefore, affected by multiple vulnerabilities: - Multiple denial of service DoS vulnerabilities exist in Visual Studio. An unauthenticated, remote attacker can exploit these issues to impose a DoS condition on the...

OpenSSL: CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT

...

KLA12311 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: 1. An information disclosure vulnerability in .NET Cor...