23343 matches found
[R1] Stand-alone Security Patch Available for Tenable Security Center versions 6.3.0, 6.4.0, 6.4.5 and 6.5.1: SC-202504.2
R1 Stand-alone Security Patch Available for Tenable Security Center versions 6.3.0, 6.4.0, 6.4.5 and 6.5.1: SC-202504.2 Arnie Cabral Wed, 04/16/2025 - 11:36 Security Center leverages third-party software to help provide underlying functionality. Several of the third-party components OpenSSL,...
Important: Red Hat Security Advisory: ACS 4.5 enhancement and security update
Updated images are now available for Red Hat Advanced Cluster Security RHACS. This release of RHACS includes the following bug fix: Fixed a bug to match the aggregation field of the compliance tables to the widgets for consistency. This release also addresses the following security vulnerabilitie...
Security Bulletin: Vulnerabilities in OpenSSH and OpenSSL affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
Summary Vulnerabilities in OpenSSH and OpenSSL affect IBM Storage Virtualize products and could allow arbitrary code execution, authentication bypass and denial of service. CVE-2024-6387 CVE-2024-6409 CVE-2023-2975 CVE-2023-3446 CVE-2023-3817 CVE-2023-5678. Vulnerability Details CVEID:CVE-2024-63...
Security Bulletin: AIX is vulnerable to information disclosure (CVE-2024-13176) or arbitrary code execution or a denial of service (CVE-2024-9143) due to OpenSSL
Summary Vulnerabilities in OpenSSL could allow an attacker to recover a private key CVE-2024-13176 or execute arbitrary code or cause a denial of service CVE-2024-9143. OpenSSL is used by AIX as part of AIX's secure network communications. Vulnerability Details CVEID:CVE-2024-13176 DESCRIPTION:...
Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates
Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.8 LTS and 12.8.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...
Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.7.0 Vulnerability Details CVEID:CVE-2024-43380 DESCRIPTION: floraison fugit is vulnerable to a denial of service, caused by improper input validation by the natural parser. By sending a specially crafted request,...
Security Bulletin: IBM QRadar Network Packet Capture includes components with multiple known vulnerabilities
Summary The product includes multiple vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. IBM has addressed the relevant CVEs. Vulnerability Details CVEID:CVE-2024-0553 DESCRIPTION: GnuTLS could allow a remote attacker to obtain sensitive...
Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser may affect IBM Storage Protect for Virtual Environments: Data Protection for VMware
Summary IBM Storage Protect for Virtual Environments: Data Protection for VMware can be affected by security flaws in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and Apache Xerces C++ XML parser, and Data Protection for VMware. The flaws can lead to server-side request forgery,...
Security Bulletin: IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities
Summary IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities. IBM has addressed the relevant vulnerabilities with updates. Vulnerability Details CVEID:CVE-2020-19909 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by an integer overflow in...
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-42503 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of...
Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and IBM Java may affect IBM Storage Protect for Virtual Environments: Data Protection for Microsoft Hyper-V
Summary IBM Storage Protect for Virtual Environments: Data Protection for Microsoft Hyper-V can be affected by security flaws in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, and IBM Java. The flaws can lead to denial of service, sensitive information exposure, memory resource...
RHEL 9 : openssl (RHSA-2025:3666)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3666 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...
Advisory ROSA-SA-2025-2816
Software: openssl 1.1.1k OS: ROSA Virtualization 3.0 packageevrstring: openssl-1.1.1k-14.0.2.rv30 CVE-ID: CVE-2024-5535 BDU-ID: 2024-06988 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the SSLselectnextproto function of the SSL toolkit for the TLS and SSL OpenSSL protocols is related to informatio...
CLSA-2024-1729546540 openssl: Fix of CVE-2024-6119
CVE-2024-6119: avoid type errors in EAI-related name check logic...
CLSA-2024-1709548308 openssl: Fix of CVE-2023-5363
CVE-2023-5363: process key length and iv length early if present...
[SECURITY] Fedora 40 Update: openvpn-2.6.14-1.fc40
OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...
Linux Distros Unpatched Vulnerability : CVE-2024-3296
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style...
ABB Cylon FLXeon 9.3.4 - System Logs Information Disclosure
Exploit Tiltle: ABB Cylon FLXeon 9.3.4 - System Logs Information Disclosure Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FBXi Series, FBTi Series, FBVi Series CBX Series FLX Series CBT Series CBV Series Firmware: =9.3.4 Summary: BACnet® Smart Building...
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2025-1369)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP11 : openssl (EulerOS-SA-2025-1370)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact...