CBL Mariner 2.0 Security Update: cloud-hypervisor / edk2 / hvloader / openssl / rust (CVE-2023-0215)

The version of cloud-hypervisor / edk2 / hvloader / openssl / rust installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-0215 advisory. - The public API function BIOnewNDEF is a helper function used for...

RHEL 9 : ovmf (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openssl: AES OCB fails to encrypt some bytes CVE-2022-2097 - openssl: timing attack in RSA Decryption...

Siemens SIMATIC and SCALANCE Products Encryption Strength (CVE-2023-0215)

The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the...

Ubuntu 22.04 LTS : Node.js vulnerabilities (USN-6564-1)

The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6564-1 advisory. Hubert Kario discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted...

Oracle Linux 7 : edk2 (ELSA-2023-13027)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-13027 advisory. - Create new 20230821 release for OL7 which includes the following fixed CVEs: CVE-2019-14560 - Update to OpenSSL 1.1.1v which includes the following...

Oracle Linux 7 : edk2 (ELSA-2023-13026)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-13026 advisory. - Create new 20230821 release for OL8 which includes the following fixed CVEs: CVE-2019-14560 - Update to OpenSSL 1.1.1v which includes the following...

FreeBSD : FreeBSD -- Multiple vulnerabilities in OpenSSL (c8eb4c40-47bd-11ee-8e38-002590c1f29c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the c8eb4c40-47bd-11ee-8e38-002590c1f29c advisory. - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could ...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2023-2464)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.10.1 : openssl (EulerOS-SA-2023-2464)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext...

EulerOS Virtualization 3.0.6.6 : shim (EulerOS-SA-2023-2435)

According to the versions of the shim package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2023-2431)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 8 : edk2 (RHSA-2023:4128)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4128 advisory. EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware f...

EulerOS 2.0 SP11 : openssl (EulerOS-SA-2023-2275)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a netwo...

EulerOS 2.0 SP11 : openssl (EulerOS-SA-2023-2299)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a netwo...

EulerOS Virtualization 3.0.6.0 : openssl (EulerOS-SA-2023-2242)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the da...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2023-2242)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for shim-signed (EulerOS-SA-2023-2170)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : shim (EulerOS-SA-2023-2169)

According to the versions of the shim package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to...

EulerOS Virtualization 2.11.1 : openssl (EulerOS-SA-2023-2075)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext...

openssl: use-after-free following BIO_new_NDEF

A use-after-free vulnerability was found in OpenSSL's BIOnewNDEF function. The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally by OpenSSL to support the SMIME, CMS, and PKCS7 streaming capabilities, but it may also be...