86 matches found
SUSE CVE-2020-1968
The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman DH based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted...
EulerOS Virtualization 3.0.2.6 : openssl (EulerOS-SA-2023-1052)
According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime...
EulerOS 2.0 SP10 : shim (EulerOS-SA-2022-2831)
According to the versions of the shim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally th...
EulerOS Virtualization 3.0.6.6 : openssl098e (EulerOS-SA-2022-2526)
According to the versions of the openssl098e package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime...
Oracle Linux 9 : compat-openssl11 (ELSA-2022-4899)
The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2022-4899 advisory. - Fixes CVE-2022-0778 openssl: Infinite loop in BNmodsqrt reachable when parsing certificates Resolves: rhbz2063147 Tenable has extracted the preceding...
Oracle Linux 8 : compat-openssl10 (ELSA-2022-5326)
The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2022-5326 advisory. 1:1.0.2o-4 - Fix CVE-2022-0778: Infinite loop in BNmodsqrt reachable when parsing certificates Resolves: rhbz2077417 Tenable has extracted the preceding...
EulerOS 2.0 SP3 : openssl098e (EulerOS-SA-2022-1754)
According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli...
EulerOS 2.0 SP5 : openssl098e (EulerOS-SA-2022-1546)
According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli...
EulerOS 2.0 SP9 : openssl (EulerOS-SA-2022-1455)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3...
Oracle Linux 6 : openssl (ELSA-2022-9272)
The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9272 advisory. - Fix possible infinite loop in BNmodsqrt CVE-2022-0778Orabug: 33969800 - Backport fixes for CVE-2020-1971 Orabug: 32654738 - Oracle bug 28730228: backport...
Oracle Linux 7 : openssl (ELSA-2022-1066)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-1066 advisory. - Fixes CVE-2022-2078 Infinite loop in BNmodsqrt reachable when parsing certificates Tenable has extracted the preceding description block directly from the...
SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2022:0935-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:0935-1 advisory. - The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli...
SUSE SLES12: libopenssl-1_0_0-devel / libopenssl-1_0_0-devel-32bit / etc (SUSE-SU-2022:0857-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:0857-1 advisory. - CVE-2022-0778: Infinite loop in BNmodsqrt reachable when parsing certificates bsc1196877. - Allow CRYPTOTHREADIDsetcallback to be called...
SUSE SLES11: libopenssl-devel / libopenssl0_9_8 / libopenssl0_9_8-32bit / etc (SUSE-SU-2022:14915-1)
The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2022:14915-1 advisory. - CVE-2022-0778: Infinite loop in BNmodsqrt reachable when parsing certificates bsc1196877. Tenable has extracted the preceding description block...
openssl-src's infinite loop in `BN_mod_sqrt()` reachable when parsing certificates
The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a...
SUSE SLES15: libopenssl-1_1-devel / libopenssl-1_1-devel-32bit / libopenssl1_1 / etc (SUSE-SU-2022:0853-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:0853-1 advisory. - CVE-2022-0778: Infinite loop in BNmodsqrt reachable when parsing certificates bsc1196877. Tenable has extracted the preceding description...
SUSE SLES15 Security Update : openssl-1_0_0 (SUSE-SU-2022:0856-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:0856-1 advisory. - The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli...
Ubuntu 18.04 LTS / 20.04 LTS : OpenSSL vulnerability (USN-5328-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5328-1 advisory. Tavis Ormandy discovered that OpenSSL incorrectly parsed certain certificates. A remote attacker could possibly use this issue to cause OpenSSH to sto...
SUSE SLES11 Security Update : openssl1 (SUSE-SU-2020:14511-1)
The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2020:14511-1 advisory. - The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections...
SUSE SLES11 Security Update : openssl1 (SUSE-SU-2020:14560-1)
The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2020:14560-1 advisory. - The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL...