Alibaba Cloud Linux 3 : 0021: openssl (ALINUX3-SA-2021:0021)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0021 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-3449: An OpenSSL TLS server may...

Advisory ROSA-SA-2025-2858

Software: openssl 1.1.1k OS: ROSA Virtualization 3.0 packageevrstring: openssl-1.1.1k-14.0.2.rv30 CVE-ID: CVE-2020-1971 BDU-ID: 2021-00872 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the GENERALNAMEcmp function of the OpenSSL library is related to pointer dereferencing errors. Exploitation of...

Advisory ROSA-SA-2025-2857

Software: openssl 1.1.1k OS: ROSA Virtualization 2.1 packageevrstring: openssl-1.1.1.1k-14.0.1.rv3 CVE-ID: CVE-2020-1971 BDU-ID: 2021-00872 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the GENERALNAMEcmp function of the OpenSSL library is related to pointer dereferencing errors. Exploitation of...

Important: Red Hat Security Advisory: ACS 4.5 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security RHACS. This release of RHACS includes the following bug fix: Fixed a bug to match the aggregation field of the compliance tables to the widgets for consistency. This release also addresses the following security vulnerabilitie...

Security Bulletin: Vulnerabilities in OpenSSH and OpenSSL affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in OpenSSH and OpenSSL affect IBM Storage Virtualize products and could allow arbitrary code execution, authentication bypass and denial of service. CVE-2024-6387 CVE-2024-6409 CVE-2023-2975 CVE-2023-3446 CVE-2023-3817 CVE-2023-5678. Vulnerability Details CVEID:CVE-2024-63...

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.8 LTS and 12.8.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...

Security Bulletin: Multiple Vulnerabilities in OpenSSL Affect IBM Sterling Connect:Direct for HP

Summary There are multiple vulnerabilities in the OpenSSL library used by IBM Sterling Connect:Direct for HP NonStop. IBM Sterling Connect:Direct for HP NonStop has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-0466 DESCRIPTION: The function X509VERIFYPARAMadd0policy is...

Security Bulletin: Mulltiple Vulnerabilities in OpenSSL Affect IBM Sterling Connect:Direct for HP NonStop

Summary There are multiple vulnerabilities in the OpenSSL library used by IBM Sterling Connect:Direct for HP NonStop. IBM Sterling Connect:Direct for HP NonStop has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: A timing based side channel exists in the...

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors

Summary OpenSSL is used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors for Network Transport. CVE-2024-9143 is identified as a potential risk for products using older versions of OpenSLL. These potential risks are resolved by updating IBM Tivoli Netcool System Service...

RLSA-2024:9088 Moderate: edk2 security update

EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: mysql: openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC CVE-2023-6129 openssl: Excessive time spent...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest [CVE-2024-4741, CVE-2024-2511, CVE-2024-5535, CVE-2024-4603, CVE-2024-6119]

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed mutiple CVEs. Vulnerability Details CVEID:CVE-2024-6119 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when...

Security Bulletin: Multiple vulnerabilities in OpenSSL affects IBM DevOps Code ClearCase

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM DevOps Code ClearCase. CVE-2024-4741, CVE-2024-2511, CVE-2024-5535, CVE-2024-4603, CVE-2024-6119 Vulnerability Details CVEID:CVE-2024-4741 DESCRIPTION: OpenSSL could allow a remote attacker to execute...

Advisory ROSA-SA-2025-2753

Software: openssl 1.1.1k OS: ROSA Virtualization 2.1 packageevrstring: openssl-1.1.1.1k-12.0.1.rv3 CVE-ID: CVE-2020-25659 BDU-ID: 2022-05647 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the python-cryptography package of the Python programming language interpreter is related to RSA key management...

GHSA-R9FV-H47R-823F vulnerabilities

Vulnerabilities for packages: openssl...

Hitachi Energy PCU400

SUMMARY Hitachi Energy is aware of the multiple vulnerabilities related to various versions of OpenSSL library components used in PCU400 versions listed in this document below for IEC62351-3 secure for IEC104/DNP3 or PCULogger tool. These vulnerabilities if exploited, can cause confidentiality...

GHSA-Q764-R57M-9WP9 vulnerabilities

Vulnerabilities for packages: libcrypto3-2.34, openssl-provider-fips, openssl...

GHSA-7M4M-PWHV-49C5 vulnerabilities

Vulnerabilities for packages: openssl...

GHSA-85XR-GHJ6-6M46 vulnerabilities

Vulnerabilities for packages: openssl-provider-fips-3.1.2, openssl-provider-fips, openssl...

GHSA-R9FV-H47R-823F vulnerabilities

Vulnerabilities for packages: openssl-provider-fips-3.1.2, openssl-provider-fips, openssl...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : OpenSSL vulnerabilities (USN-7278-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7278-1 advisory. George Pantelakis and Alicja Kario discovered that OpenSSL had a timing side-channel when performing ECDSA signature computations...