Download
| Alert*
oval:org.secpod.oval:def:60335
The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base oval:org.secpod.oval:def:2103647 Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so ... oval:org.secpod.oval:def:89003017 This update for ovmf fixes the following issues: Security issues fixed: - CVE-2018-0739: Update openssl to 1.0.2o to limit ASN.1 constructed types recursive definition depth . - CVE-2019-14563: Fixed a memory corruption caused by insufficient numeric truncation . - CVE-2019-14559: Fixed a remotely e ... oval:org.secpod.oval:def:89002352 This update for openssl fixes the following issues: - CVE-2018-0739: Constructed ASN.1 types with a recursive definition could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TL ... oval:org.secpod.oval:def:89002591 This update for ovmf provide the following fix: Security issues fixed: - CVE-2018-0739: Update openssl to 1.0.2o to limit ASN.1 constructed types recursive definition depth . Bug fixes: - Only use SLES-UEFI-CA-Certificate-2048.crt for the SUSE flavor to provide the better compatibility oval:org.secpod.oval:def:89002314 This update for openssl fixes the following issues: - CVE-2018-0739: Constructed ASN.1 types with a recursive definition could exceed the stack. This could result in a Denial Of Service attack oval:org.secpod.oval:def:1600918 Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security cl ... oval:org.secpod.oval:def:1600915 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability ca ... oval:org.secpod.oval:def:1600912 Vulnerability in the MySQL Server component of Oracle MySQL . Supported versions that are affected are 5.6.40 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can ... oval:org.secpod.oval:def:114224 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:114223 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:88267 The host is installed with Oracle VM VirtualBox before 5.1.36 or 5.2.10 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Core (OpenSSL). Successful exploitation allows attackers to affect Availability. oval:org.secpod.oval:def:89049741 This update for ovmf fixes the following issues: Security issues fixed: - CVE-2018-0739: Update openssl to 1.0.2o to limit ASN.1 constructed types recursive definition depth . oval:org.secpod.oval:def:603337 It was discovered that constructed ASN.1 types with a recursive definition could exceed the stack, potentially leading to a denial of service. Details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20180327.txt oval:org.secpod.oval:def:704032 openssl: Secure Socket Layer cryptographic library and tools OpenSSL could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:53291 It was discovered that constructed ASN.1 types with a recursive definition could exceed the stack, potentially leading to a denial of service. Details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20180327.txt oval:org.secpod.oval:def:502384 OVMF is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. The following packages have been upgraded to a later upstream version: ovmf . Security Fix: * openssl: Handling of crafted recursive ASN.1 structures can cause a sta ... oval:org.secpod.oval:def:114823 A comprehensive, modular and portable cryptographic toolkit that provides developers with a vast array of well known published block ciphers, one-way hash functions, chaining modes, pseudo-random number generators, public key cryptography and a plethora of other routines. Designed from the ground up ... oval:org.secpod.oval:def:114263 The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries and is provided for compatibility with previous releases and software that does not support compilation with OpenSSL-1.1. oval:org.secpod.oval:def:114262 The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries and is provided for compatibility with previous releases and software that does not support compilation with OpenSSL-1.1. oval:org.secpod.oval:def:204916 OVMF is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. The following packages have been upgraded to a later upstream version: ovmf . Security Fix: * openssl: Handling of crafted recursive ASN.1 structures can cause a sta ... oval:org.secpod.oval:def:1502323 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:52023 openssl: Secure Socket Layer cryptographic library and tools OpenSSL could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:1502373 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:44771 The host is installed with OpenSSL 1.1.0 before 1.1.0h or OpenSSL 1.0.2b before 1.0.2n or MySQL Server prior to 5.6.40, 5.7.22 or 8.0.11 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle malicious input to a stack. Successful expl ... oval:org.secpod.oval:def:1700093 During key agreement in a TLS handshake using a DH based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This cou ... oval:org.secpod.oval:def:603338 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3738 David Benjamin of Google reported an overflow bug in the AVX2 Montgomery multiplication procedure used in exponent ... oval:org.secpod.oval:def:1600954 Libgcrypt allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacke ... oval:org.secpod.oval:def:53292 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2017-3738 David Benjamin of Google reported an overflow bug in the AVX2 Montgomery multiplication procedure used in exponent ... oval:org.secpod.oval:def:502382 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries * openssl: Malicious server can send lar ... oval:org.secpod.oval:def:204960 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries * openssl: Malicious server can send lar ... oval:org.secpod.oval:def:97563 [CLSA-2021:1632262317] Fixed CVEs in openssl: CVE-2021-3712, CVE-2018-0737, CVE-2018-0739, CVE-2018-0732 oval:org.secpod.oval:def:1502368 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1000687 The remote host is missing a patch 151913-12 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:1000767 The remote host is missing a patch 151912-12 containing a security fix. For more information please visit the reference link. |