Security Bulletin: IBM MQ is affected by multiple CVEs (CVE-2025-11187, CVE-2025-15467, CVE-2025-15468, CVE-2025-15469, CVE-2025-66199, CVE-2025-68160, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796)

Summary Multiple issues were identified with OpenSSL, which IBM MQ on the IBM i platform uses within the Advanced Message Security feature to provide cryptographic functionality. It is not used for transport layer security TLS functionality for IBM MQ channel connections, which is provided by the...

FreeBSD-SA-26:01.openssl

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:01.openssl Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in OpenSSL Category: contrib Module: openssl Announced: 2026-01-27 Credits:...

MiracleLinux 8 : nodejs:16 (AXSA:2023-5262:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5262:01 advisory. glob-parent: Regular Expression Denial of Service CVE-2021-35065 c-ares: buffer overflow in configsortlist due to missing string length check...

Fedora 41 : php (2025-da047483d8)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-da047483d8 advisory. PHP version 8.3.23 03 Jul 2025 Core: Fixed GH-18695 zendastexport - float number is not preserved. Oleg Efimov Do not delete main chunk in zendgc...

SUSE-SU-2025:02047-1 Security update for python310

This update for python310 fixes the following issues: python310 was updated from version 3.10.16 to 3.10.18: - Security issues fixed: CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS bsc1243273 CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4517:...

Oracle Database Server (April 2025 CPU)

The versions of Oracle Database Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2025 CPU advisory. - Security-in-Depth issue in the Oracle Database Grid Apache Tomcat component of Oracle Database Server. This vulnerability cannot be exploite...

RockyLinux 9 : mysql (RLSA-2025:1671)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:1671 advisory. openssl: SSLselectnextproto buffer overread CVE-2024-5535 krb5: GSS message token handling CVE-2024-37371 curl: libcurl: ASN.1 date parser overread...

Linux Distros Unpatched Vulnerability : CVE-2022-4304

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a...

Linux Distros Unpatched Vulnerability : CVE-2016-2182

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The BNbn2dec function in crypto/bn/bnprint.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denia...

Linux Distros Unpatched Vulnerability : CVE-2021-23841

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OpenSSL public API function X509issuerandserialhash attempts to create a unique hash value based on the issuer and serial number data contained within an X5...

Linux Distros Unpatched Vulnerability : CVE-2018-0735

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm...

Linux Distros Unpatched Vulnerability : CVE-2006-7250

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mimehdrcmp function in crypto/asn1/asnmime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service NULL pointer dereference and...

AIX is vulnerable to information disclosure (CVE-2024-13176) or arbitrary code execution or a denial of service (CVE-2024-9143) due to OpenSSL

IBM SECURITY ADVISORY First Issued: Mon Feb 24 15:15:11 CST 2025 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/openssladvisory44.asc Security Bulletin: AIX is vulnerable to information disclosure CVE-2024-13176 or arbitrary code...

Azure Linux 3.0 Security Update: iperf3 (CVE-2024-26306)

The version of iperf3 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-26306 advisory. - iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing...

SUSE-SU-2023:0738-1 Security update for nodejs18

This update for nodejs18 fixes the following issues: Update to NodeJS 18.14.2 LTS: - CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule bsc1208481. - CVE-2023-23919: Fixed OpenSSL error handling issues in nodejs crypto library bsc1208483. -...

SUSE-SU-2023:0609-1 Security update for nodejs16

This update for nodejs16 fixes the following issues: Update to LTS version 16.19.1: - CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule bsc1208481. - CVE-2023-23919: Fixed OpenSSL error handling issues in nodejs crypto library bsc1208483. -...

SUSE-SU-2022:1536-1 Security Beta update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Fix the regression caused by the patch removing strict requirement for OpenSSL 1.1.1 leading to read/write issues with ssl module for SLE 15, SLE 12, CentOS 7, Debian 9 bsc1198556 - Fixes for Python 3.10 - Fix salt-ssh opts poisoning...

SUSE-SU-2022:1514-1 Security Beta update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Fix the regression caused by the patch removing strict requirement for OpenSSL 1.1.1 leading to read/write issues with ssl module for SLE 15, SLE 12, CentOS 7, Debian 9 bsc1198556 - Fixes for Python 3.10 - Fix salt-ssh opts poisoning...

MGASA-2022-0109 Updated stunnel packages fix security vulnerability

Update to 5.62 including new features and bugfixes: Security bugfixes - The "redirect" option was fixed to properly handle unauthenticated requests bsc1182529. - Fixed a double free with OpenSSL older than 1.1.0. - Added hardening to systemd service bsc1181400. New features - Added new "protocol ...

USN-5088-1 edk2 vulnerabilities

It was discovered that EDK II incorrectly handled input validation in MdeModulePkg. A local user could possibly use this issue to cause EDK II to crash, resulting in a denial of service, obtain sensitive information or execute arbitrary code. CVE-2019-11098 Paul Kehrer discovered that OpenSSL use...