SUSE SLED15 / SLES15 Security Update : openssl-1_1 (SUSE-SU-2024:2933-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2933-1 advisory. - CVE-2024-5535: Fixed a buffer overread in function SSLselectnextproto with an empty supported client protocols buffer...

SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2024:2927-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2927-1 advisory. - CVE-2024-5535: Fixed a buffer overread in function SSLselectnextproto with an empty supported client protocols buffer bsc1227138 Other...

SUSE-SU-2024:2933-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSLselectnextproto with an empty supported client protocols buffer bsc1227138 Other fixes: - Build with no-afalgeng. bsc1226463 - Fixed C99 violations to allow the package to build with GCC...

SUSE-SU-2024:2931-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSLselectnextproto with an empty supported client protocols buffer bsc1227138 Other fixes: - Build with no-afalgeng bsc1226463...

SUSE-SU-2024:2927-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSLselectnextproto with an empty supported client protocols buffer bsc1227138 Other fixes: - Build with no-afalgeng bsc1226463...

SUSE: Security Advisory (SUSE-SU-2024:2909-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Medium: openssl

Issue Overview: Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that ar...

Nginx 1.5.13 - 1.27.0 Buffer Overread Vulnerability

Nginx is prone to a buffer overread in the ngxhttpmp4module. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nginx:nginx";...

SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2024:2909-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2909-1 advisory. - CVE-2024-5535: Fixed a buffer overread in function SSLselectnextproto with an empty supported client protocols buffer bsc1227138 Tenable h...

Internet Bug Bounty: CVE-2024-7347: Buffer overread in the ngx_http_mp4_module

CVE-2024-7347 was a vulnerability in the ngxhttpmp4module of NGINX Open Source and NGINX Plus. The vulnerability could have allowed an attacker to over-read NGINX worker memory, resulting in its termination, using a specially crafted MP4 file. The issue only affected NGINX if it was built with th...

Buffer overread in the ngx_http_mp4_module

Buffer overread in the ngxhttpmp4module Severity: low CVE-2024-7347 Not vulnerable: 1.27.1+, 1.26.2+ Vulnerable: 1.5.13-1.27.0...

SUSE-SU-2024:2909-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSLselectnextproto with an empty supported client protocols buffer bsc1227138...

PT-2024-5858

Name of the Vulnerable Software and Affected Versions NGINX Open Source and NGINX Plus versions prior to 1.26.2 NGINX Open Source and NGINX Plus versions prior to 1.27.1 Description The issue is related to a buffer overread vulnerability in the ngx http mp4 module, which might allow an attacker t...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : openssl-1_1 (SUSE-SU-2024:2891-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2891-1 advisory. - CVE-2024-5535: Fixed a buffer overread in function SSLselectnextproto with an empty supported client...

nginx -- Vulnerability in the ngx_http_mp4_module

The nginx development team reports: This update fixes the buffer overread vulnerability in the ngxhttpmp4module...

SUSE-SU-2024:2891-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSLselectnextproto with an empty supported client protocols buffer bsc1227138 Other fixes: - Build with no-afalgeng bsc1226463...

SUSE SLES15 Security Update : openssl-3-livepatches (SUSE-SU-2024:2761-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2024:2761-1 advisory. - CVE-2024-5535: Fixed SSLselectnextproto buffer overread bsc1227147. Tenable has extracted the preceding description block directly from the SUSE...

SUSE-SU-2024:2761-1 Security update for openssl-3-livepatches

This update for openssl-3-livepatches fixes the following issues: - CVE-2024-5535: Fixed SSLselectnextproto buffer overread bsc1227147...

Medium: openssl

Issue Overview: Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected applicati...

Amazon Linux 2023 : openssl, openssl-devel, openssl-libs (ALAS2023-2024-677)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-677 advisory. Issue summary: Checking excessively long DSA keys or parameters may be veryslow. Impact summary: Applications that use the functions EVPPKEYparamcheckor EVPPKEYpubliccheck to check a DSA public...