Moderate: Red Hat Security Advisory: openssl security update

An update for openssl is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

A flaw was found in the OpenSSL CMS implementation RFC 3211 KEK Unwrap. This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption PWRI...

RHSA-2026:0794 Red Hat Security Advisory: openssl and openssl-fips-provider security update

Bulletin has no description...

MiracleLinux 8 : compat-openssl10-1.0.2o-4.el8 (AXSA:2022-3803:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2022-3803:01 advisory. compat-openssl10: Infinite loop in BNmodsqrt reachable when parsing certificates CVE-2022-0778 CVEs: CVE-2022-0778 Tenable has extracted the preceding...

MiracleLinux 8 : openssl-1.1.1g-11.el8 (AXSA:2021-1089:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1089:01 advisory. openssl: Integer overflow in RSAZ modular exponentiation on x8664 CVE-2019-1551 Tenable has extracted the preceding description block directly from the...

MiracleLinux 9 : grafana-9.2.10-16.el9.ML.1 (AXSA:2024-7906:07)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7906:07 advisory. grafana: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 grafana: vulnerable to authorization bypass...

MiracleLinux 9 : nodejs:18 (AXSA:2023-6072:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6072:01 advisory. glob-parent: Regular Expression Denial of Service CVE-2021-35065 c-ares: buffer overflow in configsortlist due to missing string length check...

MiracleLinux 9 : edk2-20230524-4.el9 (AXSA:2023-6904:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6904:04 advisory. edk2: Function GetEfiGlobalVariable2 return value not checked in DxeImageVerificationHandler CVE-2019-14560 openssl: Possible DoS translating ASN.1...

MiracleLinux 8 : edk2-20220126gitbb1bba3d77-6.el8_9.3 (AXSA:2024-7542:02)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-7542:02 advisory. openssl: Excessive time spent checking DH keys and parameters CVE-2023-3446 Tenable has extracted the preceding description block directly from the...

MiracleLinux 8 : openssl-1.1.1k-9.el8 (AXSA:2023-5236:03)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5236:03 advisory. openssl: X.400 address type confusion in X.509 GeneralName CVE-2023-0286 openssl: timing attack in RSA Decryption implementation CVE-2022-4304...

MiracleLinux 8 : grafana-9.2.10-16.el8 (AXSA:2024-8438:09)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8438:09 advisory. golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 grafana: vulnerable to authorization bypass...

MiracleLinux 8 : edk2-20220126gitbb1bba3d77-4.el8 (AXSA:2023-5950:03)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5950:03 advisory. openssl: X.400 address type confusion in X.509 GeneralName CVE-2023-0286 openssl: timing attack in RSA Decryption implementation CVE-2022-4304...

MiracleLinux 4 : openssl-1.0.1e-58.AXS4 (AXSA:2019-3985:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-3985:01 advisory. openssl: 0-byte record padding oracle CVE-2019-1559 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

MiracleLinux 8 : openssl-1.1.1k-5.el8 (AXSA:2021-2837:06)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2837:06 advisory. openssl: Read buffer overruns processing ASN.1 strings CVE-2021-3712 Tenable has extracted the preceding description block directly from the MiracleLinux...

MiracleLinux 9 : edk2-20221207gitfff6d81270b5-9.el9 (AXSA:2023-5456:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5456:02 advisory. openssl: X.400 address type confusion in X.509 GeneralName CVE-2023-0286 edk2: integer underflow in SmmEntryPoint function leads to potential SMM...

MiracleLinux 7 : openssl-1.0.2k-21.el7 (AXSA:2020-994:04)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-994:04 advisory. openssl: EDIPARTYNAME NULL pointer de-reference CVE-2020-1971 Tenable has extracted the preceding description block directly from the MiracleLinux security...

MiracleLinux 8 : edk2-20210527gite1999b264f1f-3.el8 (AXSA:2021-2801:05)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-2801:05 advisory. openssl: integer overflow in CipherUpdate CVE-2021-23840 openssl: NULL pointer dereference in X509issuerandserialhash CVE-2021-23841 Tenable has...

MiracleLinux 8 : openssl-1.1.1k-12.el8_9 (AXSA:2024-7354:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7354:01 advisory. openssl: Excessive time spent checking DH keys and parameters CVE-2023-3446 OpenSSL: Excessive time spent checking DH q parameter value CVE-2023-381...

MiracleLinux 7 : openssl-1.0.2k-22.el7 (AXSA:2021-2463:03)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2463:03 advisory. openssl: integer overflow in CipherUpdate CVE-2021-23840 openssl: NULL pointer dereference in X509issuerandserialhash CVE-2021-23841 Tenable has...

MiracleLinux 9 : golang-1.20.12-2.el9_3 (AXSA:2024-7630:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7630:02 advisory. golang: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 CVE-2024-1394 A memory leak flaw was found in Golang i...