MiracleLinux 9 : openssl-3.0.1-41.el9 (AXSA:2022-3964:07)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3964:07 advisory. openssl: crehash script allows command injection CVE-2022-1292 openssl: Signer certificate verification returns inaccurate response when using...

MiracleLinux 7 : openssl-1.0.2k-26.0.1.el7.AXS7 (AXSA:2024-8619:05)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8619:05 advisory. CVE-2023-0215: biondef: fix a UAF resulting from a bug in BIOnewNDEF CVE-2023-0464: x509v3: Limit X.509 certificate tree size to avoid exponential u...

MiracleLinux 9 : mysql-8.0.41-2.el9_5.ML.1 (AXSA:2025-9701:03)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9701:03 advisory. openssl: SSLselectnextproto buffer overread CVE-2024-5535 krb5: GSS message token handling CVE-2024-37371 curl: libcurl: ASN.1 date parser overread...

MiracleLinux 8 : openssl-1.1.1k-4.el8 (AXSA:2021-2623:05)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2623:05 advisory. openssl: integer overflow in CipherUpdate CVE-2021-23840 openssl: NULL pointer dereference in X509issuerandserialhash CVE-2021-23841 Tenable has...

MiracleLinux 9 : edk2-20231122-6.el9_4.4 (AXSA:2024-8977:11)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8977:11 advisory. openssl: Possible denial of service in X.509 name checks CVE-2024-6119 Tenable has extracted the preceding description block directly from the MiracleLinux...

MiracleLinux 8 : nodejs:16 (AXSA:2023-5262:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5262:01 advisory. glob-parent: Regular Expression Denial of Service CVE-2021-35065 c-ares: buffer overflow in configsortlist due to missing string length check...

MiracleLinux 7 : openssl-1.0.2k-23.el7 (AXSA:2022-2926:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-2926:01 advisory. openssl: Read buffer overruns processing ASN.1 strings CVE-2021-3712 Tenable has extracted the preceding description block directly from the MiracleLinux...

MiracleLinux 8 : go-toolset:rhel8 (AXSA:2024-7631:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7631:01 advisory. golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 Tenable has extracted the preceding description block directly...

MiracleLinux 9 : openssl-3.0.7-16.el9 (AXSA:2023-6111:06)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6111:06 advisory. openssl: Possible DoS translating ASN.1 object identifiers CVE-2023-2650 openssl: Denial of service by excessive resource usage in verifying X509...

MiracleLinux 8 : container-tools:rhel8 (AXSA:2024-8686:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8686:01 advisory. golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 golang: net/http: memory exhaustion in...

MiracleLinux 7 : openssl-1.0.2k-26.el7 (AXSA:2023-5232:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5232:02 advisory. openssl: X.400 address type confusion in X.509 GeneralName CVE-2023-0286 Tenable has extracted the preceding description block directly from the MiracleLinux...

MiracleLinux 9 : openssl-3.0.1-43.el9 (AXSA:2022-3967:08)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3967:08 advisory. OpenSSL: X.509 Email Address Buffer Overflow CVE-2022-3602 OpenSSL: X.509 Email Address Variable Length Buffer Overflow CVE-2022-3786 Tenable has...

MiracleLinux 9 : edk2-20231122-6.el9 (AXSA:2024-8102:05)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8102:05 advisory. edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message CVE-2023-45235 EDK2: heap buffer overflow in...

curl: SSL options ISSUERCERT, EC_CURVES and CRLFILE silently ignored by non-OpenSSL backends

Summary: The SSL options ISSUERCERT, ECCURVES and CRLFILE are silently ignored for e.g. the mbedTLS backend, which allows MITM attacks for the ISSUERCERT and CRLFILE bug, and can reduce the security and compliance by ignoring the specified curve for the ECCURVES bug. Affected version Tested with...

Moderate: Red Hat Security Advisory: openssl and openssl-fips-provider security update

An update for multiple packages is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

A flaw was found in the OpenSSL CMS implementation RFC 3211 KEK Unwrap. This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption PWRI...

MiracleLinux 3 : openssl-0.9.8e-26.AXS3.1 (AXSA:2013-126:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-126:01 advisory. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries...

MiracleLinux 3 : curl-7.15.5-2.1AXS3.5 (AXSA:2009-376:02)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2009-376:02 advisory. cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user...

MiracleLinux 3 : openssl-0.9.8e-12.AXS3.1 (AXSA:2010-70:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2010-70:01 advisory. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries...

AlmaLinux 8 : openssl (ALSA-2026:0337)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:0337 advisory. openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap CVE-2025-9230 Tenable has extracted the preceding description block directly from the AlmaLinux security...