Astra Linux - уязвимость в openssl, openssl1.0

ASN.1 strings are internally represented within OpenSSL as an ASN1STRING structure, which contains a buffer for storing the string data and a field for storing the buffer length. This is different from regular C strings, which are represented as a buffer for the string data, terminated with a NUL...

Siemens RUGGEDCOM, SCALANCE and SIMATIC Out-of-bounds Read (CVE-2021-3712)

ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL 0 byte...

EUVD-2022-4935

Malicious code in bioql PyPI...

Azure Linux 3.0 Security Update: edk2 / openssl (CVE-2021-3712)

The version of edk2 / openssl installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-3712 advisory. - ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a...

CBL Mariner 2.0 Security Update: cloud-hypervisor / edk2 / hvloader / openssl / rust (CVE-2023-0286)

The version of cloud-hypervisor / edk2 / hvloader / openssl / rust installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-0286 advisory. - There is a type confusion vulnerability relating to X.400 addres...

F5 Networks BIG-IP : OpenSSL vulnerability (K000132941)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10 / 16.1.4 / 17.1.1. It is, therefore, affected by a vulnerability as referenced in the K000132941 advisory. There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName...

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2023-2077)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.9.0 : shim (EulerOS-SA-2023-2025)

According to the versions of the shim package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parse...

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2023-2004)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2023-1984)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP10 : shim (EulerOS-SA-2023-1984)

According to the versions of the shim package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an...

Oracle Linux 6 : openssl (ELSA-2023-12326)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-12326 advisory. 1.0.1e-59.0.4 - Backport fixes for CVE-2023-0286 Orabug: 35212597 Tenable has extracted the preceding description block directly from the Oracle Linux security...

RHEL 9 : edk2 (RHSA-2023:2022)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:2022 advisory. EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU a...

Oracle Linux 6 : openssl (ELSA-2023-12297)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-12297 advisory. - Backport fixes for CVE-2023-0286 Orabug: 35212597 - Fix possible infinite loop in BNmodsqrt CVE-2022-0778Orabug: 33969800 - Backport fixes for CVE-2020-1971...

FreeBSD : py-cryptography -- includes a vulnerable copy of OpenSSL (c1a8ed1c-2814-4260-82aa-9e37c83aac93)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c1a8ed1c-2814-4260-82aa-9e37c83aac93 advisory. - There is a type confusion vulnerability relating to X.400 address processing inside an X.509...

RHEL 8 : openssl (RHSA-2023:1441)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1441 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

Oracle Linux 7 : openssl (ELSA-2023-12205)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-12205 advisory. - Fixes CVE-2023-0286 X.400 address type confusion in X.509 GeneralName Tenable has extracted the preceding description block directly from the Oracle Linux...

CentOS 7 : openssl (RHSA-2023:1335)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1335 advisory. - There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the...

Oracle Linux 7 : openssl (ELSA-2023-1335)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-1335 advisory. - Fixes CVE-2023-0286 X.400 address type confusion in X.509 GeneralName Tenable has extracted the preceding description block directly from the Oracle Linux...

Oracle Linux 9 : openssl (ELSA-2023-12152)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12152 advisory. - Fixed X.509 Name Constraints Read Buffer Overflow Resolves: CVE-2022-4203 - Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed...