Download
| Alert*
oval:org.secpod.oval:def:85362
The host is installed with Node.js 18.0.0 before 18.12.1, 19.0.0 before 19.0.1 and is prone to an email address 4-byte buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle stack overflow while verifying the name constraint of the X.509 certificate. On s ... oval:org.secpod.oval:def:19500180 An HTTP Request Smuggling vulnerability was found in the llhttp library, used by Node.JS. Spaces as part of the header names were accepted as valid. In situations where HTTP conversations are being proxied , an attacker can use this flaw to inject arbitrary messages through the proxy. The highest t ... oval:org.secpod.oval:def:19500080 The BN_mod_sqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a ba ... oval:org.secpod.oval:def:85374 The host is installed with Node.js 18.x before 18.12.1, 19.x before 19.0.1 and is prone to an email address 4-byte buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle stack overflow while verifying the name constraint of the X.509 certificate. On succe ... oval:org.secpod.oval:def:85693 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full strength general purpose cryptography library. oval:org.secpod.oval:def:90228 The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base oval:org.secpod.oval:def:87130 [3.0.1-43.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.1-43] - CVE-2022-3602: X.509 Email Address Buffer Overflow - running tests Resolves: CVE-2022-3602 [1:3.0.1-42] - CVE-2022-3602: X.509 Email Address Buffer Overflow Resolves: CVE-2022-3602 oval:org.secpod.oval:def:3300932 SUSE Security Update: Security update for openssl-3 oval:org.secpod.oval:def:707791 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:507248 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full strength general purpose cryptography library. Security Fix: * OpenSSL: X.509 Email Address Buffer Overflow * OpenSSL: X.509 Email Address Variable Length Buffer Overflow For m ... oval:org.secpod.oval:def:5800084 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full strength general purpose cryptography library. Security Fix: * OpenSSL: X.509 Email Address Buffer Overflow * OpenSSL: X.509 Email Address Variable Length Buffer Overflow For m ... oval:org.secpod.oval:def:1506120 [3.0.1-43.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.1-43] - CVE-2022-3602: X.509 Email Address Buffer Overflow - running tests Resolves: CVE-2022-3602 [1:3.0.1-42] - CVE-2022-3602: X.509 Email Address Buffer Overflow Resolves: CVE-2022-3602 oval:org.secpod.oval:def:93171 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:89047830 This update for openssl-3 fixes the following issues: - CVE-2022-3358: Fixed vulnerability where a custom cipher passed to EVP_CipherInit could lead into NULL encryption being unexpectedly used . - CVE-2022-3602: Fixed a buffer overflow in the X.509 email address. - CVE-2022-3786: Fixed another buf ... oval:org.secpod.oval:def:2107858 Oracle Solaris 11 - ( CVE-2022-3602 ) oval:org.secpod.oval:def:1506123 [3.0.1-41.0.3] - Add units tests for CVE-2022-3786, CVE-2022-3602 patches [3.0.1-41.0.2] - Fix CVE-2022-3786, CVE-2022-3602 [3.0.1-41.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.1-41] - Zeroize public keys as required by FIPS 140-3 Resolves: rhbz#2115861 - Add FIPS indicator for HKD ... oval:org.secpod.oval:def:85358 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full strength general purpose cryptography library. Security Fix: * OpenSSL: X.509 Email Address Buffer Overflow * OpenSSL: X.509 Email Address Variable Length Buffer Overflow For mo ... oval:org.secpod.oval:def:124372 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:85311 The host is installed with OpenSSL 3.0.0 before 3.0.7, Node.js 18.0.0 before 18.12.1, 19.0.0 before 19.0.1 or SoftEther VPN Client 4.39 Build 9772 Beta and is prone to an email address 4-byte buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle stack ov ... oval:org.secpod.oval:def:85357 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full strength general purpose cryptography library. Security Fix: * OpenSSL: X.509 Email Address Buffer Overflow * OpenSSL: X.509 Email Address Variable Length Buffer Overflow For mo ... oval:org.secpod.oval:def:85335 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full strength general purpose cryptography library. Security Fix: * OpenSSL: X.509 Email Address Buffer Overflow * OpenSSL: X.509 Email Address Variable Length Buffer Overflow For mo ... oval:org.secpod.oval:def:85367 The host is installed with Node.js 18.0.0 before 18.12.1, 19.0.0 before 19.0.1 and is prone to an email address variable length buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle stack overflow while verifying the name constraint of the X.509 certific ... |