Download
| Alert*
|
oval:org.secpod.oval:def:506491
OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: integer overflow in CipherUpdate * openssl: NULL pointer dereference in X509_issuer_and_serial_hash For ... oval:org.secpod.oval:def:506376 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: integer overflow in CipherUpdate * openssl: NULL pointer dereference in X509_issuer_and_serial_hash For ... oval:org.secpod.oval:def:89044082 This update for openssl fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash oval:org.secpod.oval:def:89044041 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash oval:org.secpod.oval:def:506477 EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. The following packages have been upgraded to a later upstream version: edk2 . Security Fix: * openssl: integer overflow in CipherUpdate * openssl: NULL pointer deref ... oval:org.secpod.oval:def:89044039 This update for openssl-1_0_0 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash oval:org.secpod.oval:def:89044036 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash oval:org.secpod.oval:def:89044071 This update for openssl-1_0_0 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash oval:org.secpod.oval:def:89044074 This update for openssl fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash oval:org.secpod.oval:def:86335 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: integer overflow in CipherUpdate * openssl: NULL pointer dereference in X509_issuer_and_serial_hash For ... oval:org.secpod.oval:def:86332 EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. The following packages have been upgraded to a later upstream version: edk2 . Security Fix: * openssl: integer overflow in CipherUpdate * openssl: NULL pointer deref ... oval:org.secpod.oval:def:70385 openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:89044025 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash oval:org.secpod.oval:def:72422 The host is missing a security update according to Apple advisory, APPLE-SA-2021-05-25-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle multiple issues. Successful exploitation allows attackers to cause arbitrary code executio ... oval:org.secpod.oval:def:78642 The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base oval:org.secpod.oval:def:1601419 Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissible length for an integer on the platform. In such cases the return value from the function call will be 1 , but the output ... oval:org.secpod.oval:def:72506 The host is installed with Apple Safari before 14.1.1 on MacOS Mojave or MacOS Catalina and is prone to a null pointer dereference vulnerability. A flaw is present in the application, which fails to handle an input validation issue. On successful exploitation, a remote attacker may be able to cause ... oval:org.secpod.oval:def:72424 The host is installed with Apple Mac OS 11.4 or Apple Safari before 14.1.1 on MacOS Mojave or MacOS Catalina and is prone to a null pointer dereference vulnerability. A flaw is present in the application, which fails to properly handle an input validation issue. Successful exploitation allows an att ... oval:org.secpod.oval:def:605442 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. An overflow bug in the x64_64 Montgomery squaring procedure, an integer overflow in CipherUpdate and a NULL pointer dereference flaw X509_issuer_and_serial_hash were found, which could result in denial of servi ... oval:org.secpod.oval:def:69873 Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. An overflow bug in the x64_64 Montgomery squaring procedure, an integer overflow in CipherUpdate and a NULL pointer dereference flaw X509_issuer_and_serial_hash were found, which could result in denial of servi ... oval:org.secpod.oval:def:2500492 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. oval:org.secpod.oval:def:2106578 Oracle Solaris 11 - ( CVE-2021-23840 ) oval:org.secpod.oval:def:4501352 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: integer overflow in CipherUpdate * openssl: NULL pointer dereference in X509_issuer_and_serial_hash For ... oval:org.secpod.oval:def:205899 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: integer overflow in CipherUpdate * openssl: NULL pointer dereference in X509_issuer_and_serial_hash For ... oval:org.secpod.oval:def:1505141 [1.0.2k-22] - fix CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash - fix CVE-2021-23840 openssl: integer overflow in CipherUpdate - Resolves: rhbz#1932132, rhbz#1932126 oval:org.secpod.oval:def:1700564 Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissible length for an integer on the platform. In such cases the return value from the function call will be 1 , but the output ... oval:org.secpod.oval:def:89049532 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash - Fixed unresolved error codes in FIPS . oval:org.secpod.oval:def:2500363 EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. oval:org.secpod.oval:def:76222 EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. The following packages have been upgraded to a later upstream version: edk2 . Security Fix: * openssl: integer overflow in CipherUpdate * openssl: NULL pointer deref ... oval:org.secpod.oval:def:1505287 [1:1.1.1k-4] - Fixes bugs in s390x AES code. - Uses the first detected address family if IPv6 is not available - Reverts the changes in https://github.com/openssl/openssl/pull/13305 as it introduces a regression if server has a DSA key pair, the handshake fails when the protocol is not explicitly se ... oval:org.secpod.oval:def:1505163 [1.0.2k-22] - fix CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash - fix CVE-2021-23840 openssl: integer overflow in CipherUpdate - Resolves: rhbz#1932132, rhbz#1932126 oval:org.secpod.oval:def:4501326 EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. The following packages have been upgraded to a later upstream version: edk2 . Security Fix: * openssl: integer overflow in CipherUpdate * openssl: NULL pointer deref ... oval:org.secpod.oval:def:1700549 OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater than ... oval:org.secpod.oval:def:1505246 [1:1.1.1k-4] - Fixes bugs in s390x AES code. - Uses the first detected address family if IPv6 is not available - Reverts the changes in https://github.com/openssl/openssl/pull/13305 as it introduces a regression if server has a DSA key pair, the handshake fails when the protocol is not explicitly se ... oval:org.secpod.oval:def:1505167 [1.0.2k-22_fips] - Change Epoch from 1 to 10 - Fix DH self-test to add shared secret comparison [Orabug: 32467026] - Add DH support changes for SP 800-56A rev3 requirements [Orabug: 32467059] - Add TLS KDF self-test [Orabug: 32467193] - Add EC keys pairwise consistency test [Orabug: 32467059] [1.0.2 ... oval:org.secpod.oval:def:705900 openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:69228 The host is installed with OpenSSL 1.0.2 through 1.0.2x, 1.1.1 through 1.1.1i or MySQL Server 5.7 through 5.7.33 or 8.0 through 8.0.23 and is prone to a NULL pointer de-reference vulnerability. A flaw is present in the application, which fails to correctly handle any errors that may occur while pars ... oval:org.secpod.oval:def:71415 The host is installed with Oracle MySQL Server through 5.7.33 or 8.0.23 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Security: Encryption (OpenSSL). Successful exploitation allows attackers to affect Availability ... oval:org.secpod.oval:def:2106813 Oracle Solaris 11 - ( CVE-2021-2307 ) oval:org.secpod.oval:def:97634 [CLSA-2022:1651180462] Fixed CVE-2021-23841 in openssl oval:org.secpod.oval:def:72498 The host is missing a security update according to Apple advisory, APPLE-SA-2021-05-25-5. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle a validation issue. Successful exploitation allows attackers to execute arbitrary code. oval:org.secpod.oval:def:1702213 A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERAL_NAME_cmp function, could cause the application, compiled with openssl to crash resulting in a denial of service. The highest threat from this vulnerability is to system availability. ... |
