MiracleLinux 9 : edk2-20240524-6.el9 (AXSA:2024-9428:12)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9428:12 advisory. mysql: openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC CVE-2023-6129 openssl: Excessive time spent checking invalid RSA...

MiracleLinux 9 : edk2-20221207gitfff6d81270b5-9.el9 (AXSA:2023-5456:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5456:02 advisory. openssl: X.400 address type confusion in X.509 GeneralName CVE-2023-0286 edk2: integer underflow in SmmEntryPoint function leads to potential SMM...

USN-7894-1 edk2 vulnerabilities

It was discovered that EDK II was susceptible to a predictable TCP Initial Sequence Number. An attacker could possibly use this issue to gain unauthorized access. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. CVE-2023-45236, CVE-2023-45237 It was discovered that EDK II...

NewStart CGSL MAIN 6.06 : openssl Multiple Vulnerabilities (NS-SA-2025-0211)

The remote NewStart CGSL host, running version MAIN 6.06, has openssl packages installed that are affected by multiple vulnerabilities: - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell...

Multiple vulnerabilities in SICK MEAC300

SICK has identified vulnerabilities in MEAC300. These vulnerabilities, related to the OpenSSL library and specific device functionalities, could potentially allow remote, unauthenticated attackers to: 1 Cause a denial of service: Triggering an infinite loop that consumes CPU resources, rendering...

Vulnerabilities fixed in NetApp Clustered Data ONTAP

NetApp has released updates to fix vulnerabilities in several third-party components for Clustered Data ONTAP. The vulnerabilities are in OpenSSL, PHP, OpenSSH and Apache and enable a malicious party to cause a denial-of-service cause, gain access to sensitive data and potentially manipulate data...

QNAP Working on Patches for OpenSSL Flaws Affecting its NAS Devices

Network-attached storage NAS appliance maker QNAP said it's currently investigating two recently patched security flaws in OpenSSL to determine their potential impact, adding it will release security updates should its products turn out to be vulnerable. Tracked as CVE-2021-3711 CVSS score: 7.5 a...

Vulnerabilities fixed in Python

Vulnerabilities have been fixed in Python. The vulnerabilities allow a malicious person to obtain sensitive data. This security advisory addresses two OpenSSL vulnerabilities that also appear in security advisory NCSC-2021-0259. For this reason, they are not included in the probability damage...

openssl: Possible integer overflow vulnerabilities in codebase

Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash...