Oracle Linux 8 : edk2 (ELSA-2023-32791)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-32791 advisory. - Create new 20230821 release for OL8 which includes the following fixed CVEs: CVE-2019-14560 - Update to OpenSSL 1.1.1v which includes the following...

Oracle Linux 7 : edk2 (ELSA-2023-13027)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-13027 advisory. - Create new 20230821 release for OL7 which includes the following fixed CVEs: CVE-2019-14560 - Update to OpenSSL 1.1.1v which includes the following...

Oracle Linux 7 : edk2 (ELSA-2023-13026)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-13026 advisory. - Create new 20230821 release for OL8 which includes the following fixed CVEs: CVE-2019-14560 - Update to OpenSSL 1.1.1v which includes the following...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2023-2299)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP11 : openssl (EulerOS-SA-2023-2299)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a netwo...

EulerOS Virtualization 3.0.6.0 : openssl (EulerOS-SA-2023-2242)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the da...

Huawei EulerOS: Security Advisory for openssl111d (EulerOS-SA-2023-2162)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openssl: double free after calling PEM_read_bio_ex

A double-free vulnerability was found in OpenSSL's PEMreadbioex function. The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" for example, "CERTIFICATE", any header data, and the payload data. If the function succeeds, then the "nameout," "header," and "data"...

Moderate: Red Hat Security Advisory: openssl security update

An update for openssl is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RHEL 8 : openssl (RHSA-2023:3408)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3408 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

Oracle Linux 8 : edk2 (ELSA-2023-2932)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2932 advisory. - Resolves: bz2164531 CVE-2023-0286 edk2: openssl: X.400 address type confusion in X.509 GeneralName rhel-8 - Resolves: bz2164543 CVE-2022-4304 edk2:...

EulerOS 2.0 SP10 : openssl (EulerOS-SA-2023-1982)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a netwo...

Oracle Linux 9 : edk2 (ELSA-2023-2165)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-2165 advisory. - Resolves: bz2164534 CVE-2023-0286 edk2: openssl: X.400 address type confusion in X.509 GeneralName rhel-9 - Resolves: bz2164550 CVE-2022-4304 edk2:...

AlmaLinux 9 : edk2 (ALSA-2023:2165)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2165 advisory. - Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize. CVE-2021-38578 - A timing based side channel exists in t...

EulerOS 2.0 SP9 : openssl (EulerOS-SA-2023-1850)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a netwo...

openssl: double free after calling PEM_read_bio_ex

A double-free vulnerability was found in OpenSSL's PEMreadbioex function. The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" for example, "CERTIFICATE", any header data, and the payload data. If the function succeeds, then the "nameout," "header," and "data"...

EulerOS 2.0 SP8 : openssl (EulerOS-SA-2023-1602)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a netwo...

QNAP QTS / QuTS hero Multiple Vulnerabilities in OpenSSL (QSA-23-15)

The version of QNAP QTS / QuTS hero installed on the remote host is affected by multiple vulnerabilities as referenced in the QSA-23-15 advisory. - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in ...

Tenable Sensor Proxy < 1.0.7 Multiple Vulnerabilities (TNS-2023-15)

According to its self-reported version, the Tenable Sensor Proxy application running on the remote host is version 1.0.6. It is, therefore, affected by multiple vulnerabilities in OpenSSL prior to version 1.1.1t: - An attacker that had observed a genuine connection between a client and a server...

Amazon Linux 2023 : openssl, openssl-devel, openssl-libs (ALAS2023-2023-101)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-101 advisory. A flaw was found in Open SSL. A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain...