openssl security update

1.0.2k-23.0.1 - Change Epoch from 1 to 10 - Fix DH self-test to add shared secret comparison Orabug: 32467026 - Add DH support changes for SP 800-56A rev3 requirements Orabug: 32467059 - Add TLS KDF self-test Orabug: 32467193 - Add EC keys pairwise consistency test Orabug: 32467059 1.0.2k-23 -...

openssl security update

1.0.2k-23 - fixes CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings - Resolves: rhbz1996054...

Oracle Linux 7 : openssl (ELSA-2022-9023)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9023 advisory. - fixes CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings Tenable has extracted the preceding description block directly from the Oracle Linu...

Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1 3.1.2 3.0.2 and 2.0.1.

...

Juniper Junos OS Vulnerability (JSA11293)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA11293 advisory. - ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer length...

Oracle Linux 7 : openssl (ELSA-2022-0064)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-0064 advisory. - fixes CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings Tenable has extracted the preceding description block directly from the Oracle Linu...

openssl: Read buffer overruns processing ASN.1 strings

It was found that openssl assumed ASN.1 strings to be NUL terminated. A malicious actor may be able to force an application into calling openssl function with a specially crafted, non-NUL terminated string to deliberately hit this bug, which may result in a crash of the application, causing a...

UBUNTU-CVE-2021-29454

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the...

GHSA-F9JG-8P32-2F55 kubectl ANSI escape characters not filtered

kubectl k8s.io/kubernetes/pkg/kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events...

An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless."

...

XSS in uri token

Handle 0x1f8b Vulnerability details Impact It could be produced an XSS. Proof of Concept The method tokenURI could be used with an arbitrary IPair, if this pair is composed with a specific symbol, it could be produced an uri with XSS inside the SVG file, it will produce an stored XSS. Reference:...

EulerOS Virtualization 3.0.2.0 : openssl (EulerOS-SA-2021-2828)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string da...

CVE-2021-45691

An issue was discovered in the messagepack-rs crate through 2021-01-26 for Rust. deserializestring may read from uninitialized memory locations...

openssl security update

1:1.1.1k-5 - CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings - Resolves: rhbz2005400...

openssl security update

1:1.1.1k-5 - CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings - Resolves: rhbz2005400...

openssl: Read buffer overruns processing ASN.1 strings

It was found that openssl assumed ASN.1 strings to be NUL terminated. A malicious actor may be able to force an application into calling openssl function with a specially crafted, non-NUL terminated string to deliberately hit this bug, which may result in a crash of the application, causing a...

Moderate: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: Read buffer overruns processing ASN.1 strings CVE-2021-3712 For more details about the security...

PYSEC-2021-855

Incomplete string comparison in the numpy.core component in NumPy1.9.x, which allows attackers to fail the APIs via constructing specific string objects...

UBUNTU-CVE-2021-34141

An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless."...

Access Restriction Bypass

Overview Affected versions of this package are vulnerable to Access Restriction Bypass. Strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects the Saved Searches and Code Monitoring features. A successful attack would require an authenticate...