117 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-2068
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell...
Advisory ROSA-SA-2025-2715
Software: openssl 1.1.1k OS: ROSA Virtualization 3.0 packageevrstring: openssl-1.1.1.1k-12.0.1 CVE-ID: CVE-2022-1292 BDU-ID: 2022-03181 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the OpenSSL library's crehash script implementation is related to failure to take measures to neutralize shell...
Security Bulletin: A Security Vulnerability discovered in IBM Security Verify Directory (CVE-2022-2068) has been addressed.
Summary A Security Vulnerability discovered in IBM Security Verify Directory Server containers has been addressed Vulnerability Details CVEID:CVE-2022-2068 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplie...
Security Bulletin: IBM Aspera Shares is vulnerable to multiple high severity vulnerabilities (CVE-2022-1586, CVE-2022-4304, CVE-2023-0215, CVE-2023-0286, CVE-2019-20838, CVE-2022-2068, CVE-2022-1587)
Summary This Security Bulletin addresses multiple high severity OpenSSL security vulnerabilities that have been remediated in IBM Aspera Shares 1.10.0 PL4. Vulnerability Details CVEID:CVE-2022-1586 DESCRIPTION: PCRE2 could allow a remote attacker to execute arbitrary code on the system, caused by...
Security Bulletin: Multiple Security Vulnerabilities were discovered in IBM Security Directory Integrator (CVE-2023-32328, CVE-2023-43017, CVE-2022-2068)
Summary Multiple Security Vulnerabilities have been addressed in the IBM Security Directory Integrator Container affecting other products. Vulnerability Details CVEID:CVE-2023-32328 DESCRIPTION: IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that...
edk2 security update
Mon Sep 09 2024 Aaron Young - Create new 20240909 release for OL9 which includes the following fixed CVEs: - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access Orabug: 36990130 CVE-2024-1298 - EDK...
Fedora 37 : openssl1.1 (2022-eaec96bb34)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-eaec96bb34 advisory. Automatic update for openssl1.1-1.1.1p-1.fc37. Changelog Thu Jun 30 2022 Clemens Lang - 1:1.1.1p-1 - Upgrade to 1.1.1p Resolves: CVE-2022-2068 Related:...
Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System [CVE-2022-2068]
Summary Redhat provided OpenSSL is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2022-2068 Vulnerability Details CVEID:CVE-2022-2068 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary commands on the system, caus...
Ubuntu: Security Advisory (USN-7018-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Photon OS 3.0: Nxtgn PHSA-2022-3.0-0408
An update of the nxtgn package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2022-3.0-0408. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
RHEL 9 : openssl (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openssl: the crehash script allows command injection CVE-2022-2068 - The crehash script does not properly...
RHEL 8 : Satellite 6.14 (RHSA-2023:6818)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6818 advisory. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring...
RHEL 7 / 8 : Satellite 6.11.5.6 async (RHSA-2023:5980)
The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5980 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessit...
RHEL 6 / 7 / 8 / 9 : Red Hat Satellite Client (RHSA-2023:5982)
The remote Redhat Enterprise Linux 6 / 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5982 advisory. Security Fixes: golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-44487 CVE-2023-39325 HTTP/2...
openSUSE: Security Advisory for openssl (SUSE-SU-2022:2251-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Operator package issues. IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data has migrated to a new base image for the Operators used by our Speech Services. The following vulnerabilities...
NewStart CGSL MAIN 5.04 : openssl Vulnerability (NS-SA-2023-0069)
The remote NewStart CGSL host, running version MAIN 5.04, has openssl packages installed that are affected by a vulnerability: - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell...
edk2 security update
20230821 - Create new 20230821 release for OL7 which includes the following fixed CVEs: CVE-2019-14560 - Update to OpenSSL 1.1.1v which includes the following fixed CVEs: CVE-2023-3817 CVE-2023-3446 CVE-2023-2650 CVE-2023-0465 CVE-2023-0466 CVE-2023-0464 CVE-2023-0286 CVE-2023-0215 CVE-2022-4450...
edk2 security update
20230821 - Create new 20230821 release for OL9 which includes the following fixed CVEs: CVE-2019-14560 - Update to OpenSSL 1.1.1v which includes the following fixed CVEs: CVE-2023-3817 CVE-2023-3446 CVE-2023-2650 CVE-2023-0465 CVE-2023-0466 CVE-2023-0464 CVE-2023-0286 CVE-2023-0215 CVE-2022-4450...
Rocky Linux 8 : openssl (RLSA-2022:5818)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5818 advisory. - The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems ...