8 matches found
Ubuntu 22.04 LTS : Node.js vulnerabilities (USN-6564-1)
The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6564-1 advisory. Hubert Kario discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted...
EulerOS 2.0 SP11 : openssl (EulerOS-SA-2023-2275)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a netwo...
EulerOS Virtualization 2.9.1 : openssl (EulerOS-SA-2023-2001)
According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext...
EulerOS 2.0 SP10 : openssl (EulerOS-SA-2023-1982)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a netwo...
EulerOS 2.0 SP9 : openssl (EulerOS-SA-2023-1875)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a netwo...
Rocky Linux 8 : openssl (RLSA-2023:1405)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:1405 advisory. - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a...
openssl-src vulnerable to Use-after-free following `BIO_new_NDEF`
The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the...
SUSE SLED15: libopenssl-3-devel / libopenssl-3-devel-32bit / libopenssl3 / etc (SUSE-SU-2023:0312-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0312-1 advisory. Security fixes: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERALNAMEcmp for...