56 matches found
RockyLinux 9 : openssl (RLSA-2026:25239)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:25239 advisory. openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing CVE-2026-7383 openssl: OpenSSL: Denial of Service due to...
ALPINE-CVE-2026-45445
Issue summary: When an application drives an AES-OCB context through the public EVPCipher one-shot interface, the application-supplied initialisation vector IV is silently discarded. Impact summary: Every message encrypted under the same key uses the same effective nonce regardless of the IV...
CVE-2026-45445 AES-OCB IV Ignored on EVP_Cipher() Path
Issue summary: When an application drives an AES-OCB context through the public EVPCipher one-shot interface, the application-supplied initialisation vector IV is silently discarded. Impact summary: Every message encrypted under the same key uses the same effective nonce regardless of the IV...
EUVD-2022-6221
Malicious code in bioql PyPI...
NewStart CGSL MAIN 6.02 : openssl Multiple Vulnerabilities (NS-SA-2023-0074)
The remote NewStart CGSL host, running version MAIN 6.02, has openssl packages installed that are affected by multiple vulnerabilities: - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell...
Ubuntu 22.04 LTS : Node.js vulnerabilities (USN-6457-1)
The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6457-1 advisory. Tavis Ormandy discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted...
EulerOS Virtualization 3.0.6.0 : openssl (EulerOS-SA-2023-2242)
According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the da...
Tenable Sensor Proxy < 1.0.7 Multiple Vulnerabilities (TNS-2023-15)
According to its self-reported version, the Tenable Sensor Proxy application running on the remote host is version 1.0.6. It is, therefore, affected by multiple vulnerabilities in OpenSSL prior to version 1.1.1t: - An attacker that had observed a genuine connection between a client and a server...
Medium: openssl
Issue Overview: AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in...
Amazon Linux 2023 : openssl, openssl-devel, openssl-libs (ALAS2023-2023-054)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-054 advisory. AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of...
CBL Mariner 2.0 Security Update: hvloader / openssl (CVE-2022-2097)
The version of hvloader / openssl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-2097 advisory. - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not...
Tenable Nessus Agent 8.3.3 / 8.3.4 Multiple Vulnerabilities (TNS-2023-13)
According to its self-reported version, the Tenable Nessus Agent running on the remote host is either 8.3.3 or 8.3.4. It is, therefore, affected by multiple vulnerabilities in OpenSSL prior to version 1.1.1t: - An attacker that had observed a genuine connection between a client and a server could...
Amazon Linux 2 : openssl11 (ALAS-2023-1974)
The version of openssl11 installed on the remote host is prior to 1.1.1g-12. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1974 advisory. AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation will not encrypt the entirety of the...
Debian dla-3325 : libssl-dev - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3325 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3325-1 [email protected]...
SUSE CVE-2022-2097
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors
Summary OpenSSL is used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors for Network Transport. CVE-2022-2068 and CVE-2022-2097 are identified as potential risks for products using older versions of OpenSLL. These potential risks are resolved by updating IBM Tivoli Netco...
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2022-2895)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 2.10.0 : openssl (EulerOS-SA-2022-2877)
According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script...
EulerOS Virtualization 2.10.1 : openssl (EulerOS-SA-2022-2895)
According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script...
Amazon Linux 2022 : openssl, openssl-devel, openssl-libs (ALAS2022-2022-195)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-195 advisory. A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the crehash script where it possibly passed the file names of certificates being hashed to a command execute...