42 matches found
Security Bulletin: Vulnerability in FOS firmware used by IBM b-type SAN directors and switches.
Summary The b-type products are vulnerable due to an OpenSSL issue in the FOS firmware. The vulnerability has been addressed and can be resolved by applying the FOS code level listed below. Vulnerability Details CVEID:CVE-2023-5363 DESCRIPTION: OpenSSL could allow a remote attacker to obtain...
Siemens SIMATIC and SCALANCE Incorrect Provision of Specified Functionality (CVE-2023-5363)
Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non- uniqueness, which could result i...
Photon OS 4.0: Openssl PHSA-2023-4.0-0496
An update of the openssl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-4.0-0496. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
CVE-2023-5363 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1
CVE-2023-5363 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1. An upgraded version of the package is available that resolves this issue...
Security Bulletin: IBM Storage Ceph is vulnerable to a Missing Cryptographic Step in the RHEL UBI (CVE-2023-5363)
Summary RHEL UBI is used by IBM Storage Ceph as the base operating system. This bulletin identifies the steps to take to address the vulnerability in the RHEL UBI. CVE-2023-5363. Vulnerability Details CVEID:CVE-2023-5363 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive...
CBL Mariner 2.0 Security Update: cloud-hypervisor-cvm / hvloader / nodejs18 (CVE-2023-5363)
The version of cloud-hypervisor-cvm / hvloader / nodejs18 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-5363 advisory. - Issue summary: A bug has been identified in the processing of key and...
CVE-2023-5363 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1
CVE-2023-5363 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1. An upgraded version of the package is available that resolves this issue...
openSUSE: Security Advisory for openssl (SUSE-SU-2023:4190-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for openssl (SUSE-SU-2023:4189-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Moderate: Red Hat Security Advisory: openssl security update
An update for openssl is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
Oracle Linux 9 : openssl (ELSA-2024-12093)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12093 advisory. - AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries CVE-2023-2975 Resolves: RHEL-5302 - Excessive time spent...
RHEL 9 : openssl (RHSA-2024:0500)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0500 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...
ALSA-2024:0310 Moderate: openssl security update
OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: Incorrect cipher key and IV length processing CVE-2023-5363 For more details about the security...
openssl security update
1:3.0.7-25.0.1 - Replace upstream references Orabug: 34340177 1:3.0.7-25 - Provide relevant diagnostics when FIPS checksum is corrupted Resolves: RHEL-5317 - Don't limit using SHA1 in KDFs in non-FIPS mode. Resolves: RHEL-5295 - Provide empty evpproperties section in main OpenSSL configuration fi...
Moderate: openssl security update
OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: Incorrect cipher key and IV length processing CVE-2023-5363 For more details about the security...
AlmaLinux 9 : openssl (ALSA-2024:0310)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:0310 advisory. - Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during...
RHEL 9 : openssl (RHSA-2024:0310)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0310 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...
Oracle MySQL Server 8.x < 8.3.0 (July 2024 CPU)
The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2024 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Packaging OpenSSL. Supported versions that are affected are 8.0.35 and pri...
Oracle MySQL Workbench < 8.0.36 (January 2024)
The versions of MySQL Workbench installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2024 CPU advisory. - Vulnerability in the MySQL Workbench product of Oracle MySQL component: MySQL Workbench libssh. Supported versions that are affected are 8.0.34 a...
Oracle MySQL Server 8.0.x < 8.0.36 (October 2024 CPU)
The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2024 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Packaging OpenSSL. Supported versions that are affected are 8.0.35 and...