Lucene search
K

23 matches found

Oracle linux
Oracle linux
added 2024/11/22 12:0 a.m.54 views

edk2 security update

Mon Sep 09 2024 Aaron Young - Create new 20240909 release for OL9 which includes the following fixed CVEs: - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access Orabug: 36990130 CVE-2024-1298 - EDK...

7.5CVSS7.4AI score0.95764EPSS
Exploits28
IBM Security Bulletins
IBM Security Bulletins
added 2024/09/28 3:16 p.m.28 views

Security Bulletin: Vulnerability in OpenSSL affects IBM Integrated Analytics System [CVE-2022-4450, CVE-2023-0216, CVE-2023-0401, CVE-2022-4203, CVE-2023-0217]

Summary Redhat provided OpenSSL is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable CVE CVE-2022-4450, CVE-2023-0216, CVE-2023-0401, CVE-2022-4203, CVE-2023-0217 Vulnerability Details CVEID:CVE-2022-4450 DESCRIPTION: OpenSSL is vulnerable to a...

7.5CVSS6.6AI score0.20444EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2024/03/04 12:0 a.m.43 views

openSUSE: Security Advisory for openssl (SUSE-SU-2023:0312-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.4AI score0.59501EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/01/11 12:0 a.m.46 views

Siemens SCALANCE OpenSSL NULL Pointer Dereference (CVE-2023-0401)

A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail...

7.5CVSS7.3AI score0.01846EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2024/01/04 12:0 a.m.32 views

Ubuntu: Security Advisory (USN-6564-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.59501EPSS
Exploits0References2
OSV
OSV
added 2024/01/03 9:31 a.m.9 views

USN-6564-1 nodejs vulnerabilities

Hubert Kario discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. CVE-2022-4304 CarpetFuzz, Dawei Wang discovered that...

7.5CVSS6.8AI score0.59501EPSS
Exploits0References6
Ubuntu
Ubuntu
added 2024/01/03 9:31 a.m.78 views

USN-6564-1: Node.js vulnerabilities

Hubert Kario discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. CVE-2022-4304 CarpetFuzz, Dawei Wang discovered that...

7.5CVSS7.3AI score0.59501EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/25 1:36 p.m.68 views

Security Bulletin: IBM App Connect Enterprise Certified Container Dashboard operands are vulnerable to denial of service and loss of confidentiality due to multiple vulnerabilities

Summary OpenSSL is present in the IBM App Connect Enterprise Certified Container Dashboard operand image. OpenSSL is vulnerable to denial of service and loss of confidentiality. This bulletin provides patch information to address the reported vulnerability in OpenSSL. CVE-2023-0217, CVE-2023-1255...

7.5CVSS7.2AI score0.02846EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/30 12:33 p.m.50 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors (CVE-2022-4304, CVE-2023-0215, CVE-2023-0286,CVE-2022-4450, CVE-2023-0216, CVE-2023-0401, CVE-2022-4203, CVE-2023-0217)

Summary There is a security advisory for openSSL1.0.2r which is used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors 4.0.1 Vulnerability Details CVEID:CVE-2022-4450 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error related to the...

7.5CVSS7AI score0.59501EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/22 5:20 p.m.94 views

Security Bulletin: IBM MQ Advanced Message Security on IBM i platform is affected by multiple issues in OpenSSL (CVE-2022-4203, CVE-2022-4304, CVE-2022-4450, CVE-2023-0216, CVE-2023-0217, CVE-2023-0401)

Summary Multiple issues were identified with OpenSSL, which IBM MQ on the IBM i platform uses within the Advanced Message Security feature to provide cryptographic functionality. It is not used for transport layer security TLS functionality for IBM MQ channel connections, which is provided by the...

7.5CVSS7.6AI score0.20444EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/05/12 12:0 a.m.52 views

Nessus Network Monitor < 6.2.1 Multiple Vulnerabilities (TNS-2023-19)

According to its self-reported version, the Nessus Network Monitor running on the remote host is prior to 6.2.1. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2023-19 advisory. - Nessus Network Monitor leverages third-party software to help provide underlying...

9.8CVSS8AI score0.34174EPSS
Exploits3References24
OpenVAS
OpenVAS
added 2023/04/12 12:0 a.m.27 views

Mageia: Security Advisory (MGASA-2023-0130)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.59501EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2023/03/17 12:0 a.m.57 views

Tenable Nessus Agent 10.x >= 10.2.1 and < 10.3.2 Multiple Vulnerabilities (TNS-2023-12)

According to its self-reported version, the Tenable Nessus Agent running on the remote host is between 10.2.1 and 10.3.2. It is, therefore, affected by multiple vulnerabilities in OpenSSL prior to version 3.0.8: - An attacker that had observed a genuine connection between a client and a server...

7.5CVSS7AI score0.20444EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/15 5:50 p.m.52 views

Security Bulletin: Multiple vulnerabilities within OpenSSL and Node.js affect IBM App Connect Enterprise and IBM Integration Bus

Summary IBM App Connect Enterprise and IBM Integration Bus are vulnerable to denial of service and remote attack due to OpenSSL and Node.js. CVE-2022-4450, CVE-2023-0216 & CVE-2023-0401, CVE-2022-4203, CVE-2023-0217, CVE-2022-4304, CVE-2023-0215, CVE-2023-0286 & CVE-2022-25881. The fix includes...

7.5CVSS7.5AI score0.59501EPSS
Exploits1Affected Software2
Tenable Nessus
Tenable Nessus
added 2023/03/08 12:0 a.m.94 views

Tenable Nessus 10.x >= 10.2.1 and < 10.4.3 Multiple Vulnerabilities (TNS-2023-11)

According to its self-reported version, the Tenable Nessus application running on the remote host is between 10.2.1 and 10.4.2. It is, therefore, affected by multiple vulnerabilities in OpenSSL prior to version 3.0.8: - An attacker that had observed a genuine connection between a client and a...

7.5CVSS7.4AI score0.20444EPSS
Exploits0References9
Chainguard
Chainguard
added 2023/02/08 8:15 p.m.169 views

CVE-2023-0401 vulnerabilities

Vulnerabilities for packages: openssl-provider-fips, openssl...

7.5CVSS7.1AI score0.01846EPSS
Exploits0
Wolfi
Wolfi
added 2023/02/08 8:15 p.m.24 views

CVE-2023-0401 vulnerabilities

Vulnerabilities for packages: openssl...

7.5CVSS7.7AI score0.01846EPSS
Exploits0
Cvelist
Cvelist
added 2023/02/08 7:0 p.m.30 views

CVE-2023-0401 NULL dereference during PKCS7 data verification

A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail...

7.7AI score0.01846EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/02/08 7:0 p.m.3 views

CVE-2023-0401 NULL dereference during PKCS7 data verification

A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail...

7.1AI score0.01846EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2023/02/08 12:0 a.m.47 views

SUSE: Security Advisory (SUSE-SU-2023:0312-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.4AI score0.59501EPSS
Exploits0References2
Rows per page
Query Builder