60 matches found
TencentOS Server 3: openssl (TSSA-2025:0334)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0334 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
Security Bulletin: Astronomer with IBM is vulnerable to buffer overflow due to the OpenSSL package (CVE-2021-3711).
Summary OpenSSL is used by Astronomer with IBM as part of secure communications. Vulnerability Details CVEID:CVE-2021-3711 DESCRIPTION: OpenSSL is vulnerable to a buffer overflow, caused by improper bounds checking by the EVPPKEYdecrypt function within implementation of the SM2 decryption. By...
edk2 security update
Mon Sep 09 2024 Aaron Young - Create new 20240909 release for OL9 which includes the following fixed CVEs: - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access Orabug: 36990130 CVE-2024-1298 - EDK...
CVE-2021-3711 affecting package edk2 for versions less than 20240223gitedc6681206c1-1
CVE-2021-3711 affecting package edk2 for versions less than 20240223gitedc6681206c1-1. A patched version of the package is available...
edk2 security update
20230821 - Create new 20230821 release for OL9 which includes the following fixed CVEs: CVE-2019-14560 - Update to OpenSSL 1.1.1v which includes the following fixed CVEs: CVE-2023-3817 CVE-2023-3446 CVE-2023-2650 CVE-2023-0465 CVE-2023-0466 CVE-2023-0464 CVE-2023-0286 CVE-2023-0215 CVE-2022-4450...
edk2 security update
20230821 - Create new 20230821 release for OL7 which includes the following fixed CVEs: CVE-2019-14560 - Update to OpenSSL 1.1.1v which includes the following fixed CVEs: CVE-2023-3817 CVE-2023-3446 CVE-2023-2650 CVE-2023-0465 CVE-2023-0466 CVE-2023-0464 CVE-2023-0286 CVE-2023-0215 CVE-2022-4450...
Tenable Nessus Network Monitor < 6.0.0 Multiple Vulnerabilities (TNS-2022-02)
Tenable Nessus Network Monitor is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
SUSE: Security Advisory (SUSE-SU-2022:4428-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : grafana (SUSE-SU-2022:4428-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4428-1 advisory. Version update from 8.3.10 to 8.5.13 jscPED-2145: - Security fixes: CVE-2022-36062: bsc1203596...
Synology DiskStation Manager (DSM) 6.2.x, 7.x < 7.0.1-42218 OpenSSL Vulnerabilities (Synology-SA-21:24)
Synology DiskStation Manager DSM is prone to multiple vulnerabilities in OpenSSL. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
IBM Cognos Analytics Multiple Vulnerabilities (6828527)
The version of IBM Cognos Analytics installed on the remote host is affected by multiple vulnerabilities, including the following: - OpenSSL is vulnerable to a buffer overflow, caused by improper bounds checking by the EVPPKEYdecrypt function within implementation of the SM2 decryption. By sendin...
CVE-2021-3711: ASN1_STRING structure contains a buffer holding the string data
In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...
CVE-2021-3711: ASN1_STRING structure contains a buffer holding the string data
Security Advisory ID : BSA-2022-1586 Component : OpenSSL Revision : 2.0 In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and,...
GLSA-202209-02 : IBM Spectrum Protect: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202209-02 IBM Spectrum Protect: Multiple Vulnerabilities - IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when processing the current locale...
SUSE: Security Advisory (SUSE-SU-2022:2134-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Nessus Network Monitor < 6.0.1 Multiple Vulnerabilities (TNS-2022-10)
The version of Nessus Network Monitor NNM installed on the remote host is prior to 6.0.1. It is, therefore, affected by multiple vulnerabilities in third-party software. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C...
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2022-1391)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2022-1417)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2021-3711 affecting package openssl for versions less than 1.1.1k-11
CVE-2021-3711 affecting package openssl for versions less than 1.1.1k-11. A patched version of the package is available...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Integration Bus and IBM App Connect Enterprise v11 & v12 (CVE-2021-3711)
Summary Vulnerabilities in OpenSSL affect IBM Integration Bus and IBM App Connect Enterprsie. The DataDirect ODBC Drivers & Nodejs used by IBM App Connect Enterprise and IBM Integration Bus have addressed the applicable CVEs Vulnerability Details CVEID: CVE-2021-3711 DESCRIPTION: OpenSSL is...