Fedora 36 : openssl (2023-a5564c0a3f)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-a5564c0a3f advisory. Rebase to upstream version 3.0.8 Resolves: CVE-2022-4203 Resolves: CVE-2022-4304 Resolves: CVE-2022-4450 Resolves: CVE-2023-0215 Resolves:...

K3082: Multiple vulnerabilities in OpenSSL - CAN-2004-0081, CAN-2004-0079, CAN-2004-0112

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K6734: Local OpenSSL vulnerabilities VU#547300 and VU#386964, CAN-2006-3738, CAN-2006-2940, CAN-2006-2937, CAN-2006-4343

Security Advisory Description Note : For information about signing up to receive security notice updates from F5, refer to K9970: Subscribe to email notifications regarding F5 products and security announcements. Note : Versions that are not listed in this article have not been evaluated for...

K16301: Multiple OpenSSL vulnerabilities CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, and CVE-2015-0293

Security Advisory Description Description The following vulnerabilities were originally grouped for documentation in this article. However, each CVE is now published and updated in a separate Security Advisory article. You can use this temporary index to find the specific article for each CVE...

Security Bulletin: Vulnerabilities in OpenSSL affect IBM FlashSystem 840 and IBM FlashSystem V840, -AE1 models, (CVE-2015-0205, CVE-2014-8275, CVE-2014-3569, CVE-2014-3570, and CVE-2014-3572)

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. OpenSSL is used by FlashSystem 840. FlashSystem 840 has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2014-3569 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the...

JSA10544 - 2012-11 Security Bulletin: Steel-Belted Radius: Multiple OpenSSL Vulnerabilities

Problem OpenSSL software distributed with Steel-Belted Radius is vulnerable to CVE-2011-4619, and CVE-2011-4576. These may allow decrypting encrypted information or cause a denial of service condition for the Steel-Belted Radius server. CVE-2011-4576 The SSL 3.0 implementation in OpenSSL before...

JSA10591 - 2013-09 Security Bulletin: Pulse Connect Secure and Pulse Policy Secure: Multiple OpenSSL vulnerabilities

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Multiple OpenSSL vulnerabilities have been found in the PCS and PPS devices. CVE| Issue| CVE Description| CVSS Score ---|---|---|--- CVE-2012-2131| OpenSSL buffer overflow issue| Multip...

JSA10497 - 2012-09: Security, Access, and Acceleration: Security Advisories Released

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A new Security, Access, and Acceleration product security advisory bundle has been released. This message contains the links to the new JSA advisories that have been released. In the...

SA40384 - November 11, 2016 OpenSSL Security Advisory

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. On November 11, 2016 the OpenSSL project announced a group of new security vulnerabilities. Pulse Secure evaluates all current supported versions of Pulse Secure products. For a list of...

Impact of OpenSSL Vulnerabilities Advisory Released On February 7, 2023

OpenSSL has released a security advisory to address multiple vulnerabilities affecting OpenSSL versions 3.0, 1.1.1, and 1.0.2.CVE-2023-0286 - X.400 address type confusion in X.509 GeneralNameCVE-2022-4304 - Timing Oracle in RSA DecryptionCVE-2022-4203 - X.509 Name Constraints Read Buffer...

USN-5844-1 openssl vulnerabilities

David Benjamin discovered that OpenSSL incorrectly handled X.400 address processing. A remote attacker could possibly use this issue to read arbitrary memory contents or cause OpenSSL to crash, resulting in a denial of service. CVE-2023-0286 Corey Bonnell discovered that OpenSSL incorrectly handl...

SUSE-SU-2023:0312-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: Security fixes: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERALNAMEcmp for x400Address bsc1207533. - CVE-2023-0401: Fixed NULL pointer dereference during PKCS7 data verification bsc1207541. - CVE-2023-0217: Fixed NULL...

SUSE-SU-2023:0311-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERALNAMEcmp for x400Address bsc1207533. - CVE-2023-0215: Fixed use-after-free following BIOnewNDEF bsc1207536. - CVE-2022-4450: Fixed double free after calling PEMreadbioex...

SUSE-SU-2023:0310-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERALNAMEcmp for x400Address bsc1207533. - CVE-2023-0215: Fixed use-after-free following BIOnewNDEF bsc1207536. - CVE-2022-4450: Fixed double free after calling PEMreadbioex...

SUSE-SU-2023:0309-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERALNAMEcmp for x400Address bsc1207533. - CVE-2023-0215: Fixed use-after-free following BIOnewNDEF bsc1207536. - CVE-2022-4450: Fixed double free after calling PEMreadbioex...

Ubuntu 16.04 ESM : OpenSSL vulnerabilities (USN-5845-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5845-2 advisory. USN-5845-1 fixed several vulnerabilities in OpenSSL. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Tenable has...

Slackware Linux 15.0 / current openssl Multiple Vulnerabilities (SSA:2023-038-01)

The version of openssl installed on the remote host is prior to 1.1.1t. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-038-01 advisory. - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a...

Ubuntu 18.04 LTS : OpenSSL vulnerabilities (USN-5845-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5845-1 advisory. David Benjamin discovered that OpenSSL incorrectly handled X.400 address processing. A remote attacker could possibly use this issue to read arbitrary...

Intel® Software Products Advisory for OpenSSL Vulnerabilities (CVE-2022-3786 & CVE-2022-3602) Advisory

Summary: Security vulnerabilities in OpenSSL for some Intel® software products may allow denial of service. Intel is releasing software product updates to mitigate these vulnerabilities. Vulnerability Details: CVEID: CVE-2022-3602 Non-Intel issued and CVE-2022-3786 Non-Intel issued Description:...

Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos Express.

Summary There is a vulnerability in IBM® Runtime Environment Java™ Technology Edition Version 7 that is used by IBM Cognos Express. This issue was disclosed as part of the IBM Java SDK updates in July 2016. OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Cogn...