AntiFLipper: A Secure and Efficient Defense against Label-Flipping Attacks in Federated Learning

Federated learning FL enables privacy-preserving model training by keeping data decentralized. However, it remains vulnerable to label-flipping attacks, where malicious clients manipulate labels to poison the global model. Despite their simplicity, these attacks can severely degrade model...

Security Bulletin: IBM Master Data Management is vulnerable to specially crafted certificate chains in OpenSSL leading to a denial of service (CVE-2023-0464)

Summary IBM Master Data Management v11.6, and v12.0 are vulnerable to denial of service from specially crafted certificate chains in OpenSSL leading to a denial of service. OpenSSL is vulnerable to a denial of service, caused by an error related to the verification of X.509 certificate chains tha...

Siemens SIMATIC and SCALANCE Products Inadequate Encryption Strength (CVE-2023-0464)

A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of...

EulerOS 2.0 SP11 : shim (EulerOS-SA-2024-1793)

According to the versions of the shim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that inclu...

EulerOS Virtualization 2.11.0 : shim (EulerOS-SA-2024-1731)

According to the versions of the shim package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate...

Security Bulletin: Vulnerability in FOS firmware used by IBM b-type SAN directors and switches.

Summary The b-type products are vulnerable due to an OpenSSL issue in the FOS firmware. The vulnerability has been addressed and can be resolved by applying the FOS code level listed below. Vulnerability Details CVEID:CVE-2023-0464 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused...

EulerOS Virtualization 2.9.1 : shim (EulerOS-SA-2023-3095)

According to the versions of the shim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate...

EulerOS Virtualization 2.9.0 : shim (EulerOS-SA-2023-3109)

According to the versions of the shim package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate...

EulerOS Virtualization 3.0.6.6 : openssl098e (EulerOS-SA-2023-3409)

According to the versions of the openssl098e package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509...

EulerOS Virtualization 3.0.6.6 : shim-signed (EulerOS-SA-2023-3416)

According to the versions of the shim-signed package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509...

EulerOS Virtualization 3.0.6.6 : openssl (EulerOS-SA-2023-3408)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certifica...

RHEL 7 / 8 / 9 : Red Hat JBoss Web Server 5.7.7 (RHSA-2023:7622)

The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7622 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of...

RHEL 7 / 8 : Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP2 (RHSA-2023:7625)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7625 advisory. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP...

Security Bulletin: IBM Spectrum Symphony openssl 1.1.1 End of Life

Summary IBM Spectrum Symphony openssl 1.1.1 End of Life Vulnerability Details CVEID:CVE-2023-0464 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error related to the verification of X.509 certificate chains that include policy constraints. By creating a specially crafted...

Oracle Linux 9 : openssl (ELSA-2023-12768)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12768 advisory. 3.0.7-16.0.1 - Replace upstream references Orabug: 34340177 Tenable has extracted the preceding description block directly from the Oracle Linux...

EulerOS Virtualization 3.0.6.0 : openssl (EulerOS-SA-2023-2505)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certifica...

AlmaLinux 9 : openssl (ALSA-2023:3722)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:3722 advisory. - A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include...

Oracle Linux 9 : openssl (ELSA-2023-3722)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-3722 advisory. - Fix possible DoS translating ASN.1 object identifiers Resolves: CVE-2023-2650 Tenable has extracted the preceding description block directly from the...

Amazon Linux AMI : openssl (ALAS-2023-1762)

The version of openssl installed on the remote host is prior to 1.0.2k-16.163. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1762 advisory. A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.50...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2023-2195)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...