Lucene search
K

90 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2022-2097

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. Thi...

5.3CVSS6.7AI score0.04425EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/02/10 12:0 a.m.10 views

Azure Linux 3.0 Security Update: hvloader / openssl (CVE-2022-2097)

The version of hvloader / openssl installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-2097 advisory. - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not...

5.3CVSS6.9AI score0.04425EPSS
Exploits0References2
Oracle linux
Oracle linux
added 2024/11/22 12:0 a.m.51 views

edk2 security update

Mon Sep 09 2024 Aaron Young - Create new 20240909 release for OL9 which includes the following fixed CVEs: - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access Orabug: 36990130 CVE-2024-1298 - EDK...

7.5CVSS7.4AI score0.95764EPSS
Exploits28
CBLMariner
CBLMariner
added 2024/06/21 9:32 a.m.18 views

CVE-2022-2097 affecting package hvloader for versions less than 1.0.1-2

CVE-2022-2097 affecting package hvloader for versions less than 1.0.1-2. An upgraded version of the package is available that resolves this issue...

5.3CVSS7.2AI score0.04425EPSS
Exploits0
CBLMariner
CBLMariner
added 2024/06/21 9:32 a.m.19 views

CVE-2022-2097 affecting package edk2 for versions less than 20240223gitedc6681206c1-1

CVE-2022-2097 affecting package edk2 for versions less than 20240223gitedc6681206c1-1. A patched version of the package is available...

5.3CVSS8.1AI score0.04425EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.33 views

RHEL 9 : ovmf (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openssl: AES OCB fails to encrypt some bytes CVE-2022-2097 - openssl: timing attack in RSA Decryption...

7.5CVSS8.4AI score0.16195EPSS
Exploits0References8
Oracle linux
Oracle linux
added 2023/12/07 12:0 a.m.61 views

edk2 security update

20230821 - Create new 20230821 release for OL7 which includes the following fixed CVEs: CVE-2019-14560 - Update to OpenSSL 1.1.1v which includes the following fixed CVEs: CVE-2023-3817 CVE-2023-3446 CVE-2023-2650 CVE-2023-0465 CVE-2023-0466 CVE-2023-0464 CVE-2023-0286 CVE-2023-0215 CVE-2022-4450...

10CVSS7.9AI score0.95764EPSS
Exploits18
Oracle linux
Oracle linux
added 2023/12/07 12:0 a.m.60 views

edk2 security update

20230821 - Create new 20230821 release for OL9 which includes the following fixed CVEs: CVE-2019-14560 - Update to OpenSSL 1.1.1v which includes the following fixed CVEs: CVE-2023-3817 CVE-2023-3446 CVE-2023-2650 CVE-2023-0465 CVE-2023-0466 CVE-2023-0464 CVE-2023-0286 CVE-2023-0215 CVE-2022-4450...

10CVSS7.9AI score0.95764EPSS
Exploits18
Tenable Nessus
Tenable Nessus
added 2023/11/06 12:0 a.m.55 views

Rocky Linux 8 : openssl (RLSA-2022:5818)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5818 advisory. - The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems ...

10CVSS7.4AI score0.95764EPSS
Exploits6References8
OpenVAS
OpenVAS
added 2023/10/31 12:0 a.m.31 views

Ubuntu: Security Advisory (USN-6457-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.8AI score0.95764EPSS
Exploits8References2
Ubuntu
Ubuntu
added 2023/10/30 10:6 a.m.102 views

USN-6457-1: Node.js vulnerabilities

Tavis Ormandy discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. CVE-2022-0778 Elison Niven discovered that Node.js...

10CVSS7AI score0.95764EPSS
Exploits8
OSV
OSV
added 2023/08/31 12:14 p.m.2 views

BELL-CVE-2022-2097 CVE-2022-2097 does not affect BellSoft software

Bulletin has no description...

5.3CVSS7.3AI score0.04425EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/07/20 12:0 a.m.27 views

Oracle Solaris Critical Patch Update : jul2023_SRU11_4_57_144_3

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Oracle Solaris product of Oracle Systems component: Device Driver Interface. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker...

9.1CVSS5.8AI score0.5346EPSS
Exploits16References37
Tenable Nessus
Tenable Nessus
added 2023/06/09 12:0 a.m.34 views

EulerOS 2.0 SP5 : openssl111d (EulerOS-SA-2023-2162)

According to the versions of the openssl111d packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operati...

10CVSS7.7AI score0.95764EPSS
Exploits6References6
Amazon
Amazon
added 2023/03/22 12:0 a.m.7 views

Medium: openssl

Issue Overview: AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in...

7.5CVSS6.9AI score0.04425EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/03/20 12:0 a.m.43 views

CBL Mariner 2.0 Security Update: hvloader / openssl (CVE-2022-2097)

The version of hvloader / openssl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-2097 advisory. - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not...

5.3CVSS6.9AI score0.04425EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/03/08 12:0 a.m.71 views

Tenable Nessus 8.15.x >= 8.15.4 and < 8.15.9 Multiple Vulnerabilities (TNS-2023-10)

According to its self-reported version, the Tenable Nessus application running on the remote host is between 8.15.4 and 8.15.8. It is, therefore, affected by multiple vulnerabilities in OpenSSL prior to version 1.1.1t: - An attacker that had observed a genuine connection between a client and a...

7.5CVSS7.2AI score0.20444EPSS
Exploits0References6
F5 Networks
F5 Networks
added 2023/02/21 6:47 p.m.90 views

K23605974: OpenSSL vulnerability CVE-2022-2097

Security Advisory Description AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special...

5.3CVSS6.4AI score0.04425EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/02/20 12:0 a.m.77 views

Debian dla-3325 : libssl-dev - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3325 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3325-1 [email protected]...

7.5CVSS7.2AI score0.59501EPSS
Exploits0References12
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/01 4:5 p.m.38 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to information exposure in OpenSSL (CVE-2022-2097)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to information exposure in OpenSSL, caused by improper encryption of data by the AES OCB mode for 32-bit x86 platform. CVE-2022-2097. The Open SSL component is included as part of the Base OS image that is used ...

5.3CVSS7.2AI score0.04425EPSS
Exploits0Affected Software1
Rows per page
Query Builder