Security Bulletin: Multiple Vulnerabilities in IBM Event Streams

Summary Multiple vulnerabilities were addressed in IBM Event Streams version 11.5.1. Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v4.8.6 is vulnerable to multiple Operator package issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v4.8.6 is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for...

Huawei EulerOS: Security Advisory for openssl098e (EulerOS-SA-2024-1661)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 9 : edk2 (ELSA-2024-2264)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2264 advisory. - edk2-NetworkPkg-Dhcp6Dxe-SECURITY-PATCH-CVE-2023-45230-Pa.patch RHEL-21841 RHEL-21843 RHEL-21845 RHEL-21847 RHEL-21849 RHEL-21851 RHEL-21853 -...

EulerOS 2.0 SP9 : openssl (EulerOS-SA-2023-2902)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHcheck,...

EulerOS Virtualization 2.9.1 : openssl (EulerOS-SA-2023-3089)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the...

EulerOS Virtualization 2.9.0 : shim (EulerOS-SA-2023-3109)

According to the versions of the shim package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate...

EulerOS Virtualization 2.10.0 : shim (EulerOS-SA-2023-3485)

According to the versions of the shim package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions...

EulerOS Virtualization 2.9.0 : openssl (EulerOS-SA-2023-3103)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the...

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2023-3513)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 8 : openssl (ELSA-2023-7877)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-7877 advisory. - Backport implicit rejection mechanism for RSA PKCS1 v1.5 to RHEL-8 series a proper fix for CVE-2020-25659 Resolves: RHEL-17696 - Fix CVE-2023-5678:...

Huawei EulerOS: Security Advisory for compat-openssl10 (EulerOS-SA-2023-3423)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related to OpenSSL

Summary Vulnerabilities in OpenSSL such as remote attacker bypass security restrictions, denial of service may affect IBM Spectrum Control. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2023-0466 DESCRIPTION: OpenSSL could allow a remote attacker to bypass security...

CLSA-2023-1700593692 Fix CVE(s): CVE-2023-3446

SECURITY UPDATE: Denial of service could be encountered if a DH key or DH parameters check experience long delays. - debian/patches/CVE-2023-3446.patch: Adds check to prevent the testing of an excessively large modulus in DHcheck. - CVE-2023-3446...

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2023-3095)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2023:4190-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2023-5363: Incorrect cipher key and IV length processing. bsc1216163 - CVE-2023-3817: Add test of DHcheck with q = p + 1. bsc1213853...

SUSE-SU-2023:4189-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2023-5363: Incorrect cipher key and IV length processing. bsc1216163 - CVE-2023-3817: Add test of DHcheck with q = p + 1. bsc1213853...

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2023-2890)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

K000136903: OpenSSL Diffie-Hellman vulnerability CVE-2023-3446

Security Advisory Description Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHcheck, DHcheckex or EVPPKEYparamcheck to check a DH key or DH parameters may experience long delays. Where the key or parameters tha...

Amazon Linux 2 : openssl (ALAS-2023-2246)

The version of openssl installed on the remote host is prior to 1.0.2k-24. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2246 advisory. Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use t...