23 matches found
edk2 security update
Mon Sep 09 2024 Aaron Young - Create new 20240909 release for OL9 which includes the following fixed CVEs: - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access Orabug: 36990130 CVE-2024-1298 - EDK...
Security Bulletin: IBM Storage Ceph is vulnerable to the Improper Restriction of Operations within Memory Buffer in the RHEL UBI (CVE-2023-1255, CVE-2023-2650)
Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-1255, CVE-2023-2650. Vulnerability Details CVEID:CVE-2023-1255 DESCRIPTION: OpenSSL is vulnerable to a denial of service,...
Photon OS 4.0: Nodejs PHSA-2023-4.0-0417
An update of the nodejs package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-4.0-0417. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Tenable Nessus Agent < 10.4.1 Multiple Vulnerabilities (TNS-2023-24)
Tenable Nessus Agent is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tenable:nessusagent";...
Oracle MySQL Server <= 5.7.42, 8.x <= 8.0.33 Security Update (cpuoct2023) - Windows
Oracle MySQL Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:mysql"; if...
Oracle MySQL Server <= 5.7.42, 8.x <= 8.0.33 Security Update (cpuoct2023) - Linux
Oracle MySQL Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:mysql"; if...
Tenable Security Center 6.0.0 / 6.1.0 / 6.1.1 Multiple Vulnerabilities (TNS-2023-26)
According to its self-reported version, the Tenable Security Center running on the remote host is either 6.0.0, 6.1.0 or 6.1.1. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2023-26 advisory. - Tenable Security Center leverages third-party software to help provid...
Security Bulletin: IBM App Connect Enterprise Certified Container Dashboard operands are vulnerable to denial of service and loss of confidentiality due to multiple vulnerabilities
Summary OpenSSL is present in the IBM App Connect Enterprise Certified Container Dashboard operand image. OpenSSL is vulnerable to denial of service and loss of confidentiality. This bulletin provides patch information to address the reported vulnerability in OpenSSL. CVE-2023-0217, CVE-2023-1255...
Tenable Nessus Agent < 10.4.1 Multiple Vulnerabilities (TNS-2023-24)
According to its self-reported version, the Tenable Nessus Agent running on the remote host is prior to 10.4.1. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2023-24 advisory. - Nessus Agent leverages third-party software to help provide underlying functionality...
Tenable Nessus < 10.5.3 Multiple Vulnerabilities (TNS-2023-22)
According to its self-reported version, the Tenable Nessus application running on the remote host is prior to 10.5.3. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2023-22 advisory. - Nessus leverages third-party software to help provide underlying functionality...
USN-6119-1: OpenSSL vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Matt Caswell discovered that OpenSSL incorrectly handled certain ASN.1 object identifiers. A remote attacker could possibly use this issue to cause OpenSSL to consume resources,...
Node.js 16.x < 16.20.1, 18.x < 18.16.1, 20.x < 20.3.1 Multiple Vulnerabilities - Mac OS X
Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...
Node.js 16.x < 16.20.1, 18.x < 18.16.1, 20.x < 20.3.1 Multiple Vulnerabilities - Windows
Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 : OpenSSL vulnerabilities (USN-6119-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6119-1 advisory. Matt Caswell discovered that OpenSSL incorrectly handled certain ASN.1 object identifiers. A remote attacker could possib...
CVE-2023-1255 - Possible denial of service on Arm 64 (aarch64) using AES XTS mode
The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The AES-XTS algorithm ...
SUSE CVE-2023-1255
Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The...
CVE-2023-1255 vulnerabilities
Vulnerabilities for packages: openssl-provider-fips, openssl...
CVE-2023-1255 vulnerabilities
Vulnerabilities for packages: openssl...
CVE-2023-1255 Input buffer over-read in AES-XTS implementation on 64 bit ARM
Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The...
CVE-2023-1255
The CVE-2023-1255 vulnerability affects OpenSSL’s AES-XTS decryption on 64-bit ARM, where the implementation may read beyond the ciphertext buffer (for ciphertext sizes that are 4 mod 5 in 16-byte blocks), causing a crash and potential denial of service. Affected OpenSSL deployments may crash if ...