NewStart CGSL MAIN 7.02 : tongsuo Vulnerability (NS-SA-2025-0197)

The remote NewStart CGSL host, running version MAIN 7.02, has tongsuo packages installed that are affected by a vulnerability: - Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platfo...

Oracle Linux 9 : edk2 (ELSA-2024-9088)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9088 advisory. - Resolves: RHEL-55336 CVE-2024-6119 edk2/openssl: Possible denial of service in X.509 name checks rhel-9.5 - Resolves: RHEL-21653 CVE-2023-6237 edk2:...

The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms

OpenSSL contains an issue in the POLY1305 MAC message authentication code implementation that might result in a corrupted internal application state. This flaw is only exploitable on PowerPC CPU based platforms if the CPU provides vector instructions PowerISA 2.07. The impact of the corrupted...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v4.8.6 is vulnerable to multiple Operator package issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v4.8.6 is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for...

CBL Mariner 2.0 Security Update: cloud-hypervisor-cvm / hvloader / nodejs / nodejs18 / openssl (CVE-2023-6129)

The version of cloud-hypervisor-cvm / hvloader / nodejs / nodejs18 / openssl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-6129 advisory. - Issue summary: The POLY1305 MAC message authentication...

CBL Mariner 2.0 Security Update: kata-containers-cc / hvloader / kata-containers / nodejs18 (CVE-2023-4807)

The version of kata-containers-cc / hvloader / kata-containers / nodejs18 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-4807 advisory. - Issue summary: The POLY1305 MAC message authentication co...

Security Bulletin: openssl-src-300.2.1+3.2.0.crate is vulnerable to CVE-2024-0727, CVE-2023-6129, and CVE-2023-6237 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses openssl-src-300.2.1+3.2.0.crate which is vulnerable to CVE-2024-0727, CVE-2023-6129, and CVE-2023-6237 Vulnerability Details CVEID:CVE-2024-0727 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper input...

OESA-2024-1561 mysql security update

The MySQLTM software delivers a very fast, multi-threaded, multi-user, and robust SQL Structured Query Language database server. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. MySQL is a trademark of Oracle and/or...

Oracle Linux 9 : openssl / and / openssl-fips-provider (ELSA-2024-2447)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2447 advisory. - POLY1305 MAC implementation corrupts vector registers on PowerPC CVE-2023-6129 Resolves: RHEL-21151 - Excessive time spent checking invalid RSA publi...

Low: openssl and openssl-fips-provider security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entri...

ROS-20240409-06

A vulnerability in SaltStack Salt's configuration management and remote operations execution system is related to receiving multiple bad packets to the server equal to the number of worker threads, Salt will stop responding back requests before restarting. Exploitation of the vulnerability could...

EulerOS Virtualization 2.11.0 : openssl (EulerOS-SA-2024-1445)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state ...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2024-1445)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2024-1417)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 Security Update : openssl-3 (SUSE-SU-2024:0518-1)

The remote SUSE Linux SLED15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0518-1 advisory. - Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the interna...

Updated quictls packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Excessive time spent in DH check / generation with large Q parameter value. CVE-2023-5678 POLY1305 MAC implementation corrupts vector registers on PowerPC. CVE-2023-6129 Excessive time spent checking invalid RSA public keys. CVE-2023-6237 PKCS12...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : OpenSSL vulnerabilities (USN-6622-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6622-1 advisory. David Benjamin discovered that OpenSSL incorrectly handled excessively long X9.42 DH keys. A remote attacker could possibly use this...

Mageia: Security Advisory (MGASA-2024-0020)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated openssl packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Excessive time spent in DH check / generation with large Q parameter value. CVE-2023-5678 POLY1305 MAC implementation corrupts vector registers on PowerPC. CVE-2023-6129 Excessive time spent checking invalid RSA public keys. CVE-2023-6237 PKCS12...

Security Bulletin: AIX is vulnerable to a denial of service (CVE-2023-5678, CVE-2023-6129, CVE-2023-6237) and an attacker may obtain sensitive information (CVE-2023-5363) due to OpenSSL

Summary Vulnerabilities in OpenSSL could allow a remote attacker to cause a denial of service CVE-2023-5678, CVE-2023-6129, CVE-2023-6237 or obtain sensitive information CVE-2023-5363. OpenSSL is used by AIX as part of AIX's secure network communications. Vulnerability Details CVEID:CVE-2023-5363...