Lucene search
K

23 matches found

Oracle linux
Oracle linux
added 2024/11/22 12:0 a.m.55 views

edk2 security update

Mon Sep 09 2024 Aaron Young - Create new 20240909 release for OL9 which includes the following fixed CVEs: - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access Orabug: 36990130 CVE-2024-1298 - EDK...

7.5CVSS7.4AI score0.96275EPSS
Exploits28
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/31 2:16 p.m.31 views

Security Bulletin: IBM Storage Ceph is vulnerable to the Improper Restriction of Operations within Memory Buffer in the RHEL UBI (CVE-2023-1255, CVE-2023-2650)

Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-1255, CVE-2023-2650. Vulnerability Details CVEID:CVE-2023-1255 DESCRIPTION: OpenSSL is vulnerable to a denial of service,...

6.5CVSS6.7AI score0.75116EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/07/24 12:0 a.m.27 views

Photon OS 4.0: Nodejs PHSA-2023-4.0-0417

An update of the nodejs package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-4.0-0417. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

7.5CVSS7.8AI score0.75116EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2023/11/02 12:0 a.m.33 views

Tenable Nessus Agent < 10.4.1 Multiple Vulnerabilities (TNS-2023-24)

Tenable Nessus Agent is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tenable:nessusagent";...

6.5CVSS8.5AI score0.75116EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2023/10/18 12:0 a.m.28 views

Oracle MySQL Server <= 5.7.42, 8.x <= 8.0.33 Security Update (cpuoct2023) - Windows

Oracle MySQL Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:mysql"; if...

7.5CVSS6.8AI score0.75116EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/10/18 12:0 a.m.35 views

Oracle MySQL Server <= 5.7.42, 8.x <= 8.0.33 Security Update (cpuoct2023) - Linux

Oracle MySQL Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oracle:mysql"; if...

7.5CVSS6.8AI score0.75116EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/07/27 12:0 a.m.94 views

Tenable Security Center 6.0.0 / 6.1.0 / 6.1.1 Multiple Vulnerabilities (TNS-2023-26)

According to its self-reported version, the Tenable Security Center running on the remote host is either 6.0.0, 6.1.0 or 6.1.1. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2023-26 advisory. - Tenable Security Center leverages third-party software to help provid...

6.5CVSS6.8AI score0.75116EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/25 1:36 p.m.68 views

Security Bulletin: IBM App Connect Enterprise Certified Container Dashboard operands are vulnerable to denial of service and loss of confidentiality due to multiple vulnerabilities

Summary OpenSSL is present in the IBM App Connect Enterprise Certified Container Dashboard operand image. OpenSSL is vulnerable to denial of service and loss of confidentiality. This bulletin provides patch information to address the reported vulnerability in OpenSSL. CVE-2023-0217, CVE-2023-1255...

7.5CVSS7.2AI score0.02846EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/07/07 12:0 a.m.69 views

Tenable Nessus Agent < 10.4.1 Multiple Vulnerabilities (TNS-2023-24)

According to its self-reported version, the Tenable Nessus Agent running on the remote host is prior to 10.4.1. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2023-24 advisory. - Nessus Agent leverages third-party software to help provide underlying functionality...

6.5CVSS6.7AI score0.75116EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/07/04 12:0 a.m.98 views

Tenable Nessus < 10.5.3 Multiple Vulnerabilities (TNS-2023-22)

According to its self-reported version, the Tenable Nessus application running on the remote host is prior to 10.5.3. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2023-22 advisory. - Nessus leverages third-party software to help provide underlying functionality...

6.5CVSS6.7AI score0.75116EPSS
Exploits0References6
Cloud Foundry
Cloud Foundry
added 2023/06/30 12:0 a.m.1431 views

USN-6119-1: OpenSSL vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Matt Caswell discovered that OpenSSL incorrectly handled certain ASN.1 object identifiers. A remote attacker could possibly use this issue to cause OpenSSL to consume resources,...

6.5CVSS7AI score0.75116EPSS
Exploits0Affected Software5
OpenVAS
OpenVAS
added 2023/06/21 12:0 a.m.29 views

Node.js 16.x < 16.20.1, 18.x < 18.16.1, 20.x < 20.3.1 Multiple Vulnerabilities - Mac OS X

Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...

7.7CVSS7.1AI score0.75116EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2023/06/21 12:0 a.m.26 views

Node.js 16.x < 16.20.1, 18.x < 18.16.1, 20.x < 20.3.1 Multiple Vulnerabilities - Windows

Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...

7.7CVSS7.6AI score0.75116EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2023/05/30 12:0 a.m.74 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 : OpenSSL vulnerabilities (USN-6119-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6119-1 advisory. Matt Caswell discovered that OpenSSL incorrectly handled certain ASN.1 object identifiers. A remote attacker could possib...

6.5CVSS7.1AI score0.75116EPSS
Exploits0References3
Broadcom
Broadcom
added 2023/05/18 12:0 a.m.45 views

CVE-2023-1255 - Possible denial of service on Arm 64 (aarch64) using AES XTS mode

The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The AES-XTS algorithm ...

5.9CVSS6.3AI score0.00953EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/04/22 1:53 a.m.3 views

SUSE CVE-2023-1255

Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The...

5.5CVSS6.9AI score0.00953EPSS
Exploits0References17
Chainguard
Chainguard
added 2023/04/20 5:15 p.m.162 views

CVE-2023-1255 vulnerabilities

Vulnerabilities for packages: openssl-provider-fips, openssl...

5.9CVSS6.7AI score0.00953EPSS
Exploits0
Wolfi
Wolfi
added 2023/04/20 5:15 p.m.64 views

CVE-2023-1255 vulnerabilities

Vulnerabilities for packages: openssl...

5.9CVSS7.7AI score0.00953EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/04/20 4:14 p.m.16 views

CVE-2023-1255 Input buffer over-read in AES-XTS implementation on 64 bit ARM

Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The...

5.9AI score0.00953EPSS
Exploits0References4
CVE
CVE
added 2023/04/20 4:14 p.m.573 views

CVE-2023-1255

The CVE-2023-1255 vulnerability affects OpenSSL’s AES-XTS decryption on 64-bit ARM, where the implementation may read beyond the ciphertext buffer (for ciphertext sizes that are 4 mod 5 in 16-byte blocks), causing a crash and potential denial of service. Affected OpenSSL deployments may crash if ...

5.9CVSS6.5AI score0.00953EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder