25 matches found
Azure Linux 3.0 Security Update: edk2 / hvloader / nodejs18 / openssl (CVE-2023-0464)
The version of edk2 / hvloader / nodejs18 / openssl installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-0464 advisory. - A security vulnerability has been identified in all supported versions of OpenS...
OESA-2024-1168 nodejs security update
Node.js is an open-source, cross-platform, JavaScript runtime environment, it executes JavaScript code outside of a browser. Security Fixes: A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include polic...
EulerOS Virtualization 2.11.1 : openssl (EulerOS-SA-2023-2736)
According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certifica...
Security Bulletin: IBM Rational Build Forge 8.0.0.25 addresses multiple vulnerabilities
Summary IBM Rational Build Forge 8.0.0.25 addresses multiple vulnerabilities Vulnerability Details CVEID:CVE-2023-42794 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by accumulation of temporary files on Windows when a web application opened a stream for an uploaded file...
Security Bulletin: IBM Spectrum Symphony openssl 1.1.1 End of Life
Summary IBM Spectrum Symphony openssl 1.1.1 End of Life Vulnerability Details CVEID:CVE-2023-0464 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error related to the verification of X.509 certificate chains that include policy constraints. By creating a specially crafted...
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2023-2702)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Linux 9 : openssl (ELSA-2023-12768)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12768 advisory. 3.0.7-16.0.1 - Replace upstream references Orabug: 34340177 Tenable has extracted the preceding description block directly from the Oracle Linux...
Huawei EulerOS: Security Advisory for compat-openssl10 (EulerOS-SA-2023-2187)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux AMI : openssl (ALAS-2023-1762)
The version of openssl installed on the remote host is prior to 1.0.2k-16.163. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1762 advisory. A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.50...
Amazon Linux 2 : openssl (ALAS-2023-2073)
The version of openssl installed on the remote host is prior to 1.0.2k-24. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2073 advisory. A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509...
Debian DSA-5417-1 : openssl - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5417 advisory. - A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy...
Security Bulletin: OpenSSL security vulnerability CVE-2021-3449 and CVE-2021-3450 in IBM Safer Payments versions of 6.1 and 6.2 below 6.1.0.08 and 6.2.1.03
Summary CVE-2021-3449: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signaturealgorithms processing. By sending a specially crafted renegotiation ClientHello message from a client, a remote attacker could exploit this vulnerability to cause the TLS server t...
SUSE SLES12: libopenssl-devel / libopenssl1_0_0 / libopenssl1_0_0-32bit / etc (SUSE-SU-2023:1738-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2023:1738-1 advisory. - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints bsc1209624. Tenable has extracted the preceding description block...
Design/Logic Flaw
A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of...
OpenSSL 3.0.0 < 3.0.9 Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 3.0.9. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.0.9 advisory. - The function X509VERIFYPARAMadd0policy is documented to implicitly enable the certificate policy check when doing certificate...
Security Bulletin: Multiple vulnerabilities in OpenSSL may affect IBM Workload Scheduler
Summary OpenSSL vulnerabilities CVE-2021-3449 and CVE-2021-3450 have been disclosed by the OpenSSL Project. OpenSSL is used by IBM Workload Scheduler. IBM Workload Scheduler has addressed the CVE Vulnerability Details CVEID: CVE-2021-3449 DESCRIPTION: OpenSSL is vulnerable to a denial of service,...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest (CVE-2021-3449, CVE-2021-3450)
Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-3449 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL...
Security Bulletin: IBM MQ for HPE NonStop Server is affected by OpenSSL vulnerabilities (CVE-2021-3449 and CVE-2021-3450)
Summary IBM MQ for HPE NonStop Server is affected by OpenSSL vulnerabilities CVE-2021-3449 and CVE-2021-3450. Vulnerability Details CVEID: CVE-2021-3449 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signaturealgorithms processing. By sending a...
Security Bulletin: OpenSSL for IBM i is affected by CVE-2021-3449 and CVE-2021-3450
Summary OpenSSL is used by IBM i. IBM i has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2021-3449 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in signaturealgorithms processing. By sending a specially crafted renegotiation...
CVE-2021-1721
A flaw was found in dotnet. A recursion error when building X.509 certificate chains can lead to a stack overflow which could crash the system. The highest threat from this vulnerability is to system availability...