23 matches found
edk2 security update
Mon Sep 09 2024 Aaron Young - Create new 20240909 release for OL9 which includes the following fixed CVEs: - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access Orabug: 36990130 CVE-2024-1298 - EDK...
Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System [CVE-2022-4450, CVE-2023-0216, CVE-2023-0401, CVE-2022-4203, CVE-2023-0217]
Summary Redhat provided OpenSSL is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2022-4450, CVE-2023-0216, CVE-2023-0401, CVE-2022-4203, CVE-2023-0217 Vulnerability Details CVEID:CVE-2022-4450 DESCRIPTION: OpenSSL is vulnerable to a...
openSUSE: Security Advisory for openssl (SUSE-SU-2023:0312-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Siemens SINEC NMS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Observability with Instana (Agent container image)
Summary OpenSSL is used by IBM Observability with Instana Self-hosted on Docker as part of it's container images. CVE-2023-0286, CVE-2022-4304, CVE-2023-0215, CVE-2022-4450, CVE-2022-4203, CVE-2023-0216, CVE-2023-0217, CVE-2023-0401 Vulnerability Details CVEID:CVE-2023-0286 DESCRIPTION: OpenSSL i...
Security Bulletin: IBM App Connect Enterprise Certified Container Dashboard operands are vulnerable to denial of service and loss of confidentiality due to multiple vulnerabilities
Summary OpenSSL is present in the IBM App Connect Enterprise Certified Container Dashboard operand image. OpenSSL is vulnerable to denial of service and loss of confidentiality. This bulletin provides patch information to address the reported vulnerability in OpenSSL. CVE-2023-0217, CVE-2023-1255...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2022-4304, CVE-2023-0215, CVE-2023-0286,CVE-2022-4450, CVE-2023-0216, CVE-2023-0401, CVE-2022-4203, CVE-2023-0217)
Summary There is a security advisory for openSSL1.0.2r which is used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors 4.0.1 Vulnerability Details CVEID:CVE-2022-4450 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error related to the...
Security Bulletin: IBM MQ Advanced Message Security on IBM i platform is affected by multiple issues in OpenSSL (CVE-2022-4203, CVE-2022-4304, CVE-2022-4450, CVE-2023-0216, CVE-2023-0217, CVE-2023-0401)
Summary Multiple issues were identified with OpenSSL, which IBM MQ on the IBM i platform uses within the Advanced Message Security feature to provide cryptographic functionality. It is not used for transport layer security TLS functionality for IBM MQ channel connections, which is provided by the...
Nessus Network Monitor < 6.2.1 Multiple Vulnerabilities (TNS-2023-19)
According to its self-reported version, the Nessus Network Monitor running on the remote host is prior to 6.2.1. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2023-19 advisory. - Nessus Network Monitor leverages third-party software to help provide underlying...
Mageia: Security Advisory (MGASA-2023-0130)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Tenable Nessus Agent 10.x >= 10.2.1 and < 10.3.2 Multiple Vulnerabilities (TNS-2023-12)
According to its self-reported version, the Tenable Nessus Agent running on the remote host is between 10.2.1 and 10.3.2. It is, therefore, affected by multiple vulnerabilities in OpenSSL prior to version 3.0.8: - An attacker that had observed a genuine connection between a client and a server...
Security Bulletin: Multiple vulnerabilities within OpenSSL and Node.js affect IBM App Connect Enterprise and IBM Integration Bus
Summary IBM App Connect Enterprise and IBM Integration Bus are vulnerable to denial of service and remote attack due to OpenSSL and Node.js. CVE-2022-4450, CVE-2023-0216 & CVE-2023-0401, CVE-2022-4203, CVE-2023-0217, CVE-2022-4304, CVE-2023-0215, CVE-2023-0286 & CVE-2022-25881. The fix includes...
Tenable Nessus 10.x >= 10.2.1 and < 10.4.3 Multiple Vulnerabilities (TNS-2023-11)
According to its self-reported version, the Tenable Nessus application running on the remote host is between 10.2.1 and 10.4.2. It is, therefore, affected by multiple vulnerabilities in OpenSSL prior to version 3.0.8: - An attacker that had observed a genuine connection between a client and a...
RHEL 9 : openssl (RHSA-2023:0946)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0946 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...
CVE-2022-4203 vulnerabilities
Vulnerabilities for packages: openssl...
CVE-2022-4203 vulnerabilities
Vulnerabilities for packages: openssl-provider-fips, openssl...
CVE-2022-4203 X.509 Name Constraints Read Buffer Overflow
A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...
CVE-2022-4203
OpenSSL CVE-2022-4203 is a read buffer overrun in X.509 name-constraint checking that can be triggered after certificate chain verification, potentially crashing the TLS agent and causing a denial of service (memory disclosure was only theoretical in early advisories). It affects TLS clients and ...
CVE-2022-4203
creationtimestamp| type| source ---|---|--- 2023-02-10 14:55:06+00:00| seen| https://t.me/truesecator/4053 2023-02-24 18:19:19+00:00| seen| https://t.me/cibsecurity/58875 2025-03-06 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-25-065-01 2026-02-15 08:58:43+00:00| see...
roaring-landmask (=0.4.0) potentially affected by CVE-2022-4203 via openssl-src (=300.0.0+3.0.0)
openssl-src CARGO version =300.0.0+3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on openssl-src and may be impacted: - roaring-landmask =0.4.0 Source cves: CVE-2022-4203 Source advisory: OSV:GHSA-W67W-MW4J-8QRV...