24 matches found
Security Bulletin: Vulnerability in cryptography affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2023-2650, CVE-2023-4807, CVE-2023-3446 ]
Summary The cryptography package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2023-2650, CVE-2023-4807, CVE-2023-3446 Vulnerability Details CVEID:CVE-2023-2650 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caus...
Security Bulletin: Db2 Query Management Facility is vulnerable to IBM Semeru Runtime Quarterly CPU - Oct 2023 - Includes OpenJDK October 2023 CPU plus CVE-2023-4807
Summary Db2 Query Management Facility is vulnerable to IBM Semeru Runtime Quarterly CPU - Oct 2023 - Includes OpenJDK October 2023 CPU plus CVE-2023-4807. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could allow a...
Security Bulletin: IBM Sterling Control Center v6.2.1 and v6.3.1 is vulnerable with IBM Semeru Runtime Quarterly CPU - Oct 2023
Summary IBM Semeru Runtime Quarterly CPU - Apr 2023 - Includes OpenJDK October 2023 CPU plus CVE-2023-4807 and CVE-2023-5676 and affecting Sterling Control Center v6.2.1 and v6.3.1. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE...
Security Bulletin: IBM Maximo Application Suite - There is a vulnerability in Python used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2018-20225, CVE-2019-20916, CVE-2023-43804, CVE-2023-4807)
Summary There is a vulnerability in Python used by IBM Maximo Manage application in IBM Maximo Application Suite Vulnerability Details CVEID:CVE-2018-20225 DESCRIPTION: Pip could allow a local attacker to execute arbitrary code on the system, caused by a flaw in the --extra-index-url option. By...
Security Bulletin: IBM Storage Ceph is vulnerable to Uncontrolled Resource Consumption in the RHEL UBI (CVE-2023-2650, CVE-2023-3446, CVE-2023-4807)
Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-2650, CVE-2023-3446, CVE-2023-4807. Vulnerability Details CVEID:CVE-2023-2650 DESCRIPTION: OpenSSL is vulnerable to a denial...
Photon OS 4.0: Openssl PHSA-2023-4.0-0472
An update of the openssl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-4.0-0472. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Mitsubishi Electric MELSOFT MaiLab and MELSOFT VIXIO (Update A)
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.2 ATTENTION : Exploitable remotely Vendor : Mitsubishi Electric Corporation Equipment : MELSOFT MaiLab Vulnerability : Improper Verification of Cryptographic Signature 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote...
Tenable.ad < 3.59.5 Multiple Vulnerabilities (TNS-2024-11)
The version of Tenable.ad installed on the remote host is prior to 3.59.5. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2024-11 advisory. - The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of...
CBL Mariner 2.0 Security Update: kata-containers-cc / hvloader / kata-containers / nodejs18 (CVE-2023-4807)
The version of kata-containers-cc / hvloader / kata-containers / nodejs18 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-4807 advisory. - Issue summary: The POLY1305 MAC message authentication co...
Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products (Update E)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.0 ATTENTION : Exploitable remotely Vendor : ICONICS, Mitsubishi Electric Equipment : ICONICS Product Suite Vulnerabilities : Allocation of Resources Without Limits or Throttling, Improper Neutralization, Uncontrolled Search Path Element, Improper...
CVE-2023-4807 affecting package kata-containers for versions less than 3.2.0.azl1-1
CVE-2023-4807 affecting package kata-containers for versions less than 3.2.0.azl1-1. An upgraded version of the package is available that resolves this issue...
Security Bulletin: IBM DataPower Gateway potentially vulnerable to a denial of service (CVE-2023-4807)
Summary IBM has addressed the CVE Vulnerability Details CVEID:CVE-2023-4807 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a state corruption flaw in the POLY1305 MAC message authentication code implementation, when running on newer X8664 processors supporting the AVX512-IFM...
Security Bulletin: Multiple vulnerabilities affect IBM® Semeru Runtime
Summary This bulletin covers all applicable Java SE CVEs published by OpenJDK as part of their October 2023 Vulnerability Advisory, plus CVE-2023-4807 and CVE-2023-5676. For more information please refer to OpenJDK's October 2023 Vulnerability Advisory and the X-Force database entries referenced...
Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service due to OpenSSL and Node.js (CVE-2023-4807, CVE-2023-44487)
Summary IBM App Connect Enterprise is vulnerable to a denial of service due to OpenSSL and Node.js CVE-2023-4807, CVE-2023-44487 Vulnerability Details CVEID: CVE-2023-4807 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a state corruption flaw in the POLY1305 MAC message...
Tenable Nessus Agent 10.4.2 Multiple Vulnerabilities (TNS-2023-38)
Tenable Nessus Agent is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:tenable:nessusagent";...
Tenable Nessus < 10.6.2 Multiple Vulnerabilities (TNS-2023-37)
According to its self-reported version, the Tenable Nessus application running on the remote host is prior to 10.6.2. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2023-37 advisory. - Nessus leverages third-party software to help provide underlying functionality...
OpenSSL Recent Security Patches
OpenSSL Recent Security Patches Summary For the vulnerabilities disclosed in the OpenSSL Security Advisories of: OpenSSL 3.0.11 - Tuesday 19th September 2023 OpenSSL 3.0.12 - Tuesday 24th October 2023 Node.js Windows is affected by one vulnerability rated as LOW. Therefore, these patches will be...
OpenSSL 1.1.1 < 1.1.1w Vulnerability
The version of OpenSSL installed on the remote host is prior to 1.1.1w. It is, therefore, affected by a vulnerability as referenced in the 1.1.1w advisory. - Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of...
OpenSSL 3.1.0 < 3.1.3 Vulnerability
The version of OpenSSL installed on the remote host is prior to 3.1.3. It is, therefore, affected by a vulnerability as referenced in the 3.1.3 advisory. - Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applicatio...
OpenSSL 3.0.0 < 3.0.11 Vulnerability
The version of OpenSSL installed on the remote host is prior to 3.0.11. It is, therefore, affected by a vulnerability as referenced in the 3.0.11 advisory. - Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of...