MiracleLinux 9 : openssl-3.0.1-43.el9 (AXSA:2022-3967:08)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3967:08 advisory. OpenSSL: X.509 Email Address Buffer Overflow CVE-2022-3602 OpenSSL: X.509 Email Address Variable Length Buffer Overflow CVE-2022-3786 Tenable has...

python311-cryptography-vectors-44.0.0-1.1 on GA media (moderate)

python311-cryptography-vectors-44.0.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:14740-1 Rating: moderate Cross-References: CVE-2022-3602 CVE-2022-3786 CVSS scores: CVE-2022-3602 SUSE : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3786 SUSE : 5.9...

edk2 security update

Mon Sep 09 2024 Aaron Young - Create new 20240909 release for OL9 which includes the following fixed CVEs: - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access Orabug: 36990130 CVE-2024-1298 - EDK...

Fedora 37 : openssl (2022-0f1d2e0537)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-0f1d2e0537 advisory. Security fix for CVE-2022-3602 and CVE-2022-3786 Tenable has extracted the preceding description block directly from the Fedora security advisory...

Oracle Essbase Multiple Vulnerabilities (January 2024 CPU)

The version of Oracle Essbase installed on the remote host is missing a security patch from the January 2024 Critical Patch Update CPU. It is, therefore, affected by: - Vulnerability in Oracle Essbase component: Essbase Web Platform OpenSSL. Easily exploitable vulnerability allows unauthenticated...

Juniper Junos OS Multiple Vulnerabilities (JSA69999)

The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA69999 advisory. - A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain...

Security Bulletin: IBM Observability with Instana (OnPrem) affected by OpenSSL vulnerabilities.

Summary IBM Observability with Instana OnPrem has addressed the following OpenSSL vulnerabilities in it's self-hosted Docker-based installer: CVE-2022-3602 and CVE-2022-3786. Vulnerability Details CVEID:CVE-2022-3602 DESCRIPTION: OpenSSL is vulnerable to a stack-based buffer overflow, caused by...

Security Bulletin: IBM Aspera faspio Gateway affected by OpenSSL vulnerabilities (CVE-2022-3602, CVE-2022-3786)

Summary IBM Aspera faspio Gateway 1.3.1 has addressed the following vulnerabilities. Vulnerability Details CVEID:CVE-2022-3602 DESCRIPTION: OpenSSL is vulnerable to a stack-based buffer overflow, caused by improper bounds checking during X.509 certificate verification. By using a specially-crafte...

Intel® Software Products Advisory for OpenSSL Vulnerabilities (CVE-2022-3786 & CVE-2022-3602) Advisory

Summary: Security vulnerabilities in OpenSSL for some Intel® software products may allow denial of service. Intel is releasing software product updates to mitigate these vulnerabilities. Vulnerability Details: CVEID: CVE-2022-3602 Non-Intel issued and CVE-2022-3786 Non-Intel issued Description:...

Hitachi Energy PCU400

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: PCU400 Vulnerabilities: Reliance on Uncontrolled Component 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in a denial-of-service condition on...

Security Bulletin: OpenSSL vulnerabilities might impact IBM Cloud Application Business Insights - CVE-2022-3602 & CVE-2022-3786

Summary OpenSSL vulnerabilities might impact IBM Cloud Application Business Insights - CVE-2022-3602 & CVE-2022-3786. Vulnerability Details CVEID:CVE-2022-3602 DESCRIPTION: OpenSSL is vulnerable to a stack-based buffer overflow, caused by improper bounds checking during X.509 certificate...

Siemens Products affected by OpenSSL 3.0

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

Rapid7’s Impact from OpenSSL Buffer Overflow Vulnerabilities (CVE-2022-3786 & CVE-2022-3602)

As stated in our OpenSSL Buffer Overflow blog post, the CVE-2022-3786 & CVE-2022-3602 vulnerabilities affecting OpenSSL’s 3.0.x versions both rely on a maliciously crafted email address in a certificate. CVE-2022-3786 can overflow an arbitrary number of bytes on the stack with the “.” character a...

Tenable Nessus Agent < 10.2.1 Multiple Vulnerabilities (TNS-2022-22)

Tenable Nessus Agent is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tenable:nessusagent";...

November 2022 Patch Tuesday | Microsoft Releases 65 New Vulnerabilities with 10 Critical; Adobe Releases Zero Advisories (for the first time in six years).

Microsoft Patch Tuesday Summary Microsoft has fixed 65 new vulnerabilities aka flaws in the November 2022 update, including ten 10 vulnerabilities classified as Critical as they allow Denial of Service DoS, Elevation of Privilege EoP, and Remote Code Execution RCE. This months Patch Tuesday...

Vulnerabilities fixed in Microsoft Azure

Vulnerabilities have been fixed in Microsoft Azure. The vulnerabilities allow a malicious party to obtain elevated privileges obtain or to execute arbitrary code under the privileges of the user. The vulnerabilities marked CVE-2022-3602 and CVE-2022-3786 are located in OpenSSL and were previously...

An update on the impact of OpenSSL CVE-2022-3602 and CVE-2022-3786 on Akamai's systems

In this post, we share the impact of the OpenSSL vulnerabilities CVE-2022-3602 and CVE-2022-3786 on Akamai and our customers...

Node.js 14.x < 14.21.1 / 16.x < 16.18.1 / 18.x < 18.12.1 / 19.x < 19.0.1 Multiple Vulnerabilities (Nov 3 2022 Security Releases).

The version of Node.js installed on the remote host is prior to 14.21.1, 16.18.1, 18.12.1, 19.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the Nov 3 2022 Security Releases advisory. - A buffer overrun can be triggered in X.509 certificate verification, specifically...

Exploit for Out-of-bounds Write in Openssl

Detection for CVE-2022-3602 - OpenSSL RCE/DOC v3.0.0 - v3.0.6...

OpenSSL 3.0.7 security fix: Should Opera users be worried?

Security OpenSSL 3.0.7 security fix: Should Opera users be worried? Share November 3rd, 2022 Hi everyone! The OpenSSL 3.0.7 security-fix release fixes high-priority vulnerabilities in the OpenSSL open-source cryptography library, specifically CVE-2022-3602 and CVE-2022-3786. The vulnerabilities...