UBUNTU-CVE-2022-3821

An off-by-one Error issue was discovered in Systemd in formattimespan function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in formattimespan, leading to a Denial of Service...

CVE-2022-43397

A vulnerability has been identified in Parasolid V34.0 All versions V34.0.252, Parasolid V34.1 All versions V34.1.242, Parasolid V35.0 All versions V35.0.170, Simcenter Femap All versions V2023.1. The affected application contains an out of bounds write past the end of an allocated buffer while...

CVE-2022-3821

An off-by-one Error issue was discovered in Systemd in formattimespan function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in formattimespan, leading to a Denial of Service...

CVE-2022-3821

The CVE-2022-3821 issue is an off-by-one buffer overrun in systemd’s format_timespan() within time-util.c that can cause a Denial of Service when specific time and accuracy values are supplied. Multiple connected sources confirm the vulnerability in systemd and reference a patched package update ...

CVE-2022-3821

An off-by-one Error issue was discovered in Systemd in formattimespan function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in formattimespan, leading to a Denial of Service...

CVE-2022-3821

An off-by-one Error issue was discovered in Systemd in formattimespan function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in formattimespan, leading to a Denial of Service...

Node.js 14.x < 14.21.1 / 16.x < 16.18.1 / 18.x < 18.12.1 / 19.x < 19.0.1 Multiple Vulnerabilities (Nov 3 2022 Security Releases).

The version of Node.js installed on the remote host is prior to 14.21.1, 16.18.1, 18.12.1, 19.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the Nov 3 2022 Security Releases advisory. - A buffer overrun can be triggered in X.509 certificate verification, specifically...

Tenable Nessus Agent 10.x < 10.2.1 Multiple Vulnerabilities (TNS-2022-22)

According to its self-reported version, the Tenable Nessus agent running on the remote host is 10.x prior to 10.2.1. It is, therefore, affected by multiple vulnerabilities: - A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking...

Tenable Nessus 10.x < 10.3.2 Multiple Vulnerabilities (TNS-2022-23)

According to its self-reported version, the Tenable Nessus application running on the remote host is 10.x prior to 10.3.2. It is, therefore, affected by multiple vulnerabilities, including: - A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint...

Tenable Nessus 10.4.x < 10.4.1 Multiple Vulnerabilities (TNS-2022-24)

According to its self-reported version, the Tenable Nessus application running on the remote host is 10.4.x prior to 10.4.1. It is, therefore, affected by multiple vulnerabilities, including: - A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint...

CVE-2022-3821

An off-by-one error flaw was found in systemd in the formattimespan function of time-util.c. This flaw allows an attacker to supply specific values for time and accuracy, leading to a buffer overrun in formattimespan, leading to a denial of service...

Patch available for pre-announced Critical Vulnerability in OpenSSL

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary OpenSSL has released the Patch for the pre-announced critical vulnerability. In the announcement the severity of the vulnerability was Critical based on the fact that it can lead to RCE but after...

OpenSSL: CVE-2022-3786 X.509 certificate verification buffer overrun

...

OpenSSL: CVE-2022-3602 X.509 certificate verification buffer overrun

...

Oracle Linux 9 : openssl (ELSA-2022-7288)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7288 advisory. - CVE-2022-3602: X.509 Email Address Buffer Overflow - running tests Resolves: CVE-2022-3602 Tenable has extracted the preceding description block...

AlmaLinux 9 : openssl (ALSA-2022:7288)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7288 advisory. - A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate...

Amazon Linux 2022 : openssl, openssl-devel, openssl-libs (ALAS2022-2022-157)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-157 advisory. Two issues were found in OpenSSL 3.0. The first being a stack based buffer overflow, which is possible by sending an X.509 certificate with a specially crafted email address field. In the...

ALPINE-CVE-2022-3786

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate...

CVE-2022-3786

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate...

CVE-2022-3786

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate...