28 matches found
TencentOS Server 2: openssl (TSSA-2023:0334)
The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0334 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...
Linux Distros Unpatched Vulnerability : CVE-2018-0735
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm...
edk2 security update
Mon Sep 09 2024 Aaron Young - Create new 20240909 release for OL9 which includes the following fixed CVEs: - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access Orabug: 36990130 CVE-2024-1298 - EDK...
edk2 security update
20230821 - Create new 20230821 release for OL9 which includes the following fixed CVEs: CVE-2019-14560 - Update to OpenSSL 1.1.1v which includes the following fixed CVEs: CVE-2023-3817 CVE-2023-3446 CVE-2023-2650 CVE-2023-0465 CVE-2023-0466 CVE-2023-0464 CVE-2023-0286 CVE-2023-0215 CVE-2022-4450...
edk2 security update
20230821 - Create new 20230821 release for OL7 which includes the following fixed CVEs: CVE-2019-14560 - Update to OpenSSL 1.1.1v which includes the following fixed CVEs: CVE-2023-3817 CVE-2023-3446 CVE-2023-2650 CVE-2023-0465 CVE-2023-0466 CVE-2023-0464 CVE-2023-0286 CVE-2023-0215 CVE-2022-4450...
Oracle Linux 8 : openssl (ELSA-2019-3700)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-3700 advisory. 1.1.1c-2 - do not try to use EC groups disallowed in FIPS mode in TLS - fix Valgrind regression with constant-time code 1.1.1c-1 - update to the 1.1.1c...
K43741620: OpenSSL vulnerabilities CVE-2018-0734 and CVE-2018-0735
Security Advisory Description CVE-2018-0734 The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a Affected 1.1.1. Fixed in OpenSSL 1.1.0j...
SUSE: Security Advisory (SUSE-SU-2018:3945-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2018:3863-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System
Summary Redhat provided OpenSSL package is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2018-0735 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing...
EulerOS 2.0 SP2 : openssl110f (EulerOS-SA-2020-1629)
According to the versions of the openssl110f packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Spectrum Protect Plus (CVE-2018-0735, CVE-2018-0734, CVE-2018-5407)
Summary OpenSSL vulnerabilities were discllossed by the OpenSSL Project in October and November of 2018. IBM Spectrum Protect Plus uses OpenSSL and has addressed the applicable CVEs. 20 February 2020 - Changed fixing level from 10.1.5 to 10.1.5 patch1. 21 February 2020 - Provided link to 10.1.5...
RHEL 8 : openssl (RHSA-2019:3700)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3700 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...
Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management V2018
Summary There are multiple vulnerabilities in Node.js used by IBM® Cloud App Management V2018. IBM® Cloud App Management has addressed the applicable CVEs in a later version. Vulnerability Details CVEID: CVE-2018-12122 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by improper...
Security Bulletin: IBM Event Streams is affected by OpenSSL vulnerabilities
Summary IBM Event Streams has addressed the following vulnerabilities in the OpenSSL versions shipped. Vulnerability Details CVEID: CVE-2018-0734 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing side channel attack in the DSA signature...
openSUSE Security Update : openssl-1_1 (openSUSE-2019-956)
This update for openssl-11 fixes the following issues : Security issues fixed : - CVE-2018-0734: timing vulnerability in DSA signature generation bsc1113652. - CVE-2018-0735: timing vulnerability in ECDSA signature generation bsc1113651. This update was imported from the SUSE:SLE-15:Update update...
Security Bulletin: Multiple vulnerabilities in Node.js affects IBM Rational Application Developer for WebSphere Software included in Rational Developer for i and Rational Developer for AIX and Linux
Summary Portions of IBM Rational Application Developer for WebSphere Software are shipped as a component of Rational Developer for i RPG and COBOL + Modernization Tools, Java and EGL editions, and Rational Developer for AIX and Linux. Multiple Node.js vulnerabilities have been discovered that...
Photon OS 1.0: Openssl PHSA-2018-1.0-0199
An update of the openssl package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2018-1.0-0199. The text itself is copyright C VMware, Inc. include"compat.inc"; if description...
OpenSSL 1.1.0 < 1.1.0j Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 1.1.0j. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.0j advisory. - The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use...
Fedora 29 : 1:openssl (2019-a8ffcff7ee)
Minor update to version 1.1.1a with bug fixes and low impact security fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...