CVE-2026-5549 Tenda AC10 RSA 2048-bit Private Key privkeySrv.pem hard-coded key

A vulnerability was determined in Tenda AC10 16.03.10.10multiTDE01. Affected by this issue is some unknown functionality of the file /webrootro/pem/privkeySrv.pem of the component RSA 2048-bit Private Key Handler. Executing a manipulation can lead to use of hard-coded cryptographic key . The atta...

Alibaba Cloud Linux 3 : 0044: edk2 (ALINUX3-SA-2023:0044)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2023:0044 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-4304: A timing based side channel...

OESA-2024-2313 openresty-openssl111 security update

Security Fixes: The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" e.g. "CERTIFICATE", any header data and the payload data. If the function succeeds then the "nameout", "header" and "data" arguments are populated with pointers to buffers containing the releva...

EulerOS 2.0 SP11 : linux-sgx (EulerOS-SA-2023-3047)

According to the versions of the linux-sgx packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a...

Oracle Linux 8 : edk2 (ELSA-2023-13025)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-13025 advisory. - Create new 20230821 release for OL8 which includes the following fixed CVEs: CVE-2019-14560 - Update to OpenSSL 1.1.1v which includes the following...

FreeBSD : FreeBSD -- Multiple vulnerabilities in OpenSSL (c8eb4c40-47bd-11ee-8e38-002590c1f29c)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the c8eb4c40-47bd-11ee-8e38-002590c1f29c advisory. - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could ...

EulerOS Virtualization 2.10.1 : openssl (EulerOS-SA-2023-2464)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext...

EulerOS Virtualization 2.10.0 : openssl (EulerOS-SA-2023-2489)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext...

EulerOS Virtualization 2.11.0 : openssl (EulerOS-SA-2023-2127)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext...

openssl: double free after calling PEM_read_bio_ex

A double-free vulnerability was found in OpenSSL's PEMreadbioex function. The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" for example, "CERTIFICATE", any header data, and the payload data. If the function succeeds, then the "nameout," "header," and "data"...

The vulnerability of the PEMReadBioEx() function in the OpenSSL cryptographic library, which allows a hacker to trigger a denial-of-service attack

The vulnerability of the PEMReadbioex function in the OpenSSL cryptographic library is related to the repeated memory release during the processing of PEM files. Exploiting this vulnerability could allow a malicious actor to cause service interruptions using a specially created PEM file...

Updated openssl packages fix security vulnerability

A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...

Rocky Linux 9 : openssl (RLSA-2023:0946)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0946 advisory. - A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after...

AlmaLinux 8 : openssl (ALSA-2023:1405)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:1405 advisory. - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a...

Oracle Linux 8 : openssl (ELSA-2023-1405)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-1405 advisory. - Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed Double free after calling PEMreadbioex Resolves: CVE-2022-4450 - Fixed...

RHEL 9 : openssl (RHSA-2023:1199)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1199 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

Tenable SecurityCenter <= 5.23.1 Multiple Vulnerabilities (TNS-2023-08)

According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is running a version between 5.21.0 and 5.23.1 and is therefore affected by multiple vulnerabilities in OpenSSL prior to version 1.1.1t: - A timing based side channel exists in the OpenSSL...

Fedora 36 : edk2 (2023-e821b64a4c)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-e821b64a4c advisory. add sub-package with xen build resolves: rhbz2170730 ---- update openssl CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304. ---- cherry-pic...

RHEL 9 : openssl (RHSA-2023:0946)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0946 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

Debian dla-3325 : libssl-dev - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3325 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3325-1 [email protected]...