MiracleLinux 8 : edk2-20220126gitbb1bba3d77-6.el8_9.3 (AXSA:2024-7542:02)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-7542:02 advisory. openssl: Excessive time spent checking DH keys and parameters CVE-2023-3446 Tenable has extracted the preceding description block directly from the...

MiracleLinux 7 : openssl-1.0.2k-26.0.5.el7.AXS7 (AXSA:2025-10928:04)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10928:04 advisory. CVE-2023-3446: fix DHcheck excessive time with over sized modulus CVEs: CVE-2023-3446 Issue summary: Checking excessively long DH keys or parameters may be...

CLSA-2025-1758635382 openssl: Fix of CVE-2023-3446

CVE-2023-3446: fix DHcheck excessive time with over sized modulus...

Security Bulletin: Vulnerability in cryptography affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2023-2650, CVE-2023-4807, CVE-2023-3446 ]

Summary The cryptography package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2023-2650, CVE-2023-4807, CVE-2023-3446 Vulnerability Details CVEID:CVE-2023-2650 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caus...

TencentOS Server 3: openssl (TSSA-2023:0325)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0325 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Alibaba Cloud Linux 3 : 0047: openssl (ALINUX3-SA-2024:0047)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0047 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-3446: Issue summary: Checking...

Linux Distros Unpatched Vulnerability : CVE-2023-3446

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHcheck, DHcheckex or...

Siemens SIMATIC and SCALANCE Devices Inefficient Regular Expression Complexity (CVE-2023-3446)

Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHcheck, DHcheckex or EVPPKEYparamcheck to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been...

Security Bulletin: IBM Storage Scale System may be affected by vulnerabilities in OpenSSL

Summary Security vulnerabilities have been discovered in OpenSSL that are now fixed. Vulnerability Details CVEID:CVE-2023-3446 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DHcheck, DHcheckex or EVPPKEYparamcheck functions to check a DH key or DH...

CVE-2023-3446 affecting package hvloader for versions less than 1.0.1-6

CVE-2023-3446 affecting package hvloader for versions less than 1.0.1-6. An upgraded version of the package is available that resolves this issue...

edk2 security update

Mon Sep 09 2024 Aaron Young - Create new 20240909 release for OL9 which includes the following fixed CVEs: - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access Orabug: 36990130 CVE-2024-1298 - EDK...

Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System [ CVE-2023-3446]

Summary Redhat provided OpenSSL is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2023-3446 Vulnerability Details CVEID:CVE-2023-3446 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DHcheck,...

Ubuntu: Security Advisory (USN-7018-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Vulnerabilities in openssl library (CVE-2023-3446, CVE-2023-3817, CVE-2023-5678) affect Power HMC.

Summary The openssl library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-3446 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DHcheck, DHcheckex or EVPPKEYparamcheck functio...

Security Bulletin: IBM Storage Ceph is vulnerable to Uncontrolled Resource Consumption in the RHEL UBI (CVE-2023-2650, CVE-2023-3446, CVE-2023-4807)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-2650, CVE-2023-3446, CVE-2023-4807. Vulnerability Details CVEID:CVE-2023-2650 DESCRIPTION: OpenSSL is vulnerable to a denial...

Photon OS 4.0: Openssl PHSA-2023-4.0-0436

An update of the openssl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-4.0-0436. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CBL Mariner 2.0 Security Update: hvloader / openssl (CVE-2023-3446)

The version of hvloader / openssl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-3446 advisory. - Issue summary: Checking excessively long DH keys or parameters May be very slow. Impact summary:...

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1862)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1876)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.18 LTS and 11.6.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...