CBL Mariner 2.0 Security Update: mariadb (CVE-2023-6936)

The version of mariadb installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-6936 advisory. - In wolfSSL prior to 5.6.6, if callback functions are enabled via the WOLFSSLCALLBACKS flag, then a malicious...

CVE-2023-6936

...

Fedora 41 : wolfssl (2024-e089551039)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-e089551039 advisory. RHBZ2308628 RHBZ2308629 RHBZ2308630 RHBZ2308631 fixed in 5.7.2 release Tenable has extracted the preceding description block directly from the Fedor...

CVE-2024-2379

...

The vulnerability of the MatchDomainName() function in the SSL/TLS library WolfSSL allows a attacker to influence the accessibility of protected information.

The vulnerability of the MatchDomainName function in the SSL/TLS library WolfSSL is related to the escape of the operation beyond the buffer in memory due to incorrect checking of pointers during the processing of the str parameter. Exploiting this vulnerability could allow a remote attacker to...

The vulnerability of the wc_ecc_sign_hash() function in the SSL/TLS library WolfSSL, which allows a hacker to gain unauthorized access to protected information

The vulnerability of the wceccsignhash function in the SSL/TLS library WolfSSL is related to improper verification of the ECDSA cryptographic signature during the processing of elliptical curve values. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected...

The vulnerability in the implementation of the TLS protocol for the SSL/TLS library WolfSSL allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the TLS protocol implementation of the SSL/TLS WolfSSL library is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information...

The vulnerability of the WOLFSSL_CHECKSIG_FAULTS configuration in the SSL/TLS WolfSSL library allows a perpetrator to gain unauthorized access to protected information. [source-iocs-preserved const=WOLFSSL_CHECK_SIG_FAULTS]

The vulnerability of the WOLFSSLCHECKSIGFAULTS configuration in the SSL/TLS library WolfSSL is related to improper verification of the ECDSA cryptographic signature. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information by performing a Rowhammer...

[SECURITY] Fedora 41 Update: wolfssl-5.7.2-2.fc41

The wolfSSL embedded SSL library formerly CyaSSL is a lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments - primarily because of its small size, speed, and feature set. It is commonly used in standard operating environments as well...

[SECURITY] Fedora 39 Update: wolfssl-5.7.2-2.fc39

The wolfSSL embedded SSL library formerly CyaSSL is a lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments - primarily because of its small size, speed, and feature set. It is commonly used in standard operating environments as well...

Fedora 40 : wolfssl (2024-ed1a50aa61)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-ed1a50aa61 advisory. RHBZ2308628 RHBZ2308629 RHBZ2308630 RHBZ2308631 fixed in 5.7.2 release Tenable has extracted the preceding description block directly from the Fedor...

Fedora: Security Advisory (FEDORA-2024-b73e44fe9d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-ed1a50aa61)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 39 : wolfssl (2024-b73e44fe9d)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-b73e44fe9d advisory. RHBZ2308628 RHBZ2308629 RHBZ2308630 RHBZ2308631 fixed in 5.7.2 release Tenable has extracted the preceding description block directly from the Fedor...

FreeBSD : netatalk3 -- multiple WolfSSL vulnerabilities (8fbe81f7-6eb5-11ef-b7bd-00505632d232)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 8fbe81f7-6eb5-11ef-b7bd-00505632d232 advisory. Netatalk release reports: WolfSSL 5.7.0 included in netatalk includes multiple security...

[slackware-security] netatalk

New netatalk packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/netatalk-3.2.8-i586-1slack15.0.txz: Upgraded. Bump bundled WolfSSL library to stable version 5.7.2, GitHub 1433. For more informatio...

netatalk3 -- multiple WolfSSL vulnerabilities

Netatalk release reports: WolfSSL 5.7.0 included in netatalk includes multiple security vulnerabilities...

WolfSSL suffers from an unspecified vulnerability (CNVD-2024-37447)

wolfSSL CyaSSL is the United States wolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. A security vulnerability exists in WolfSSL version 5.6.6, which can be exploited by remote attackers to disclose information and elevate privileges via a...

Unspecified vulnerability in wolfSSL (CNVD-2024-37446)

wolfSSL CyaSSL is the United States wolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. A security vulnerability exists in WolfSSL versions prior to 5.6.5, which can be exploited by an attacker to obtain the sub-cache line resolution of each...

CVE-2024-2881

Fault Injection vulnerability in wced25519signmsg function in wolfssl/wolfcrypt/src/ed25519.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the...