Download
| Alert*
oval:org.secpod.oval:def:19500180
An HTTP Request Smuggling vulnerability was found in the llhttp library, used by Node.JS. Spaces as part of the header names were accepted as valid. In situations where HTTP conversations are being proxied , an attacker can use this flaw to inject arbitrary messages through the proxy. The highest t ... oval:org.secpod.oval:def:19500080 The BN_mod_sqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a ba ... oval:org.secpod.oval:def:85693 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full strength general purpose cryptography library. oval:org.secpod.oval:def:90228 The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base oval:org.secpod.oval:def:87130 [3.0.1-43.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.1-43] - CVE-2022-3602: X.509 Email Address Buffer Overflow - running tests Resolves: CVE-2022-3602 [1:3.0.1-42] - CVE-2022-3602: X.509 Email Address Buffer Overflow Resolves: CVE-2022-3602 oval:org.secpod.oval:def:707791 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:507248 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full strength general purpose cryptography library. Security Fix: * OpenSSL: X.509 Email Address Buffer Overflow * OpenSSL: X.509 Email Address Variable Length Buffer Overflow For m ... oval:org.secpod.oval:def:5800084 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full strength general purpose cryptography library. Security Fix: * OpenSSL: X.509 Email Address Buffer Overflow * OpenSSL: X.509 Email Address Variable Length Buffer Overflow For m ... oval:org.secpod.oval:def:3301282 SUSE Security Update: Security update for openssl-3 oval:org.secpod.oval:def:1506120 [3.0.1-43.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.1-43] - CVE-2022-3602: X.509 Email Address Buffer Overflow - running tests Resolves: CVE-2022-3602 [1:3.0.1-42] - CVE-2022-3602: X.509 Email Address Buffer Overflow Resolves: CVE-2022-3602 oval:org.secpod.oval:def:1506123 [3.0.1-41.0.3] - Add units tests for CVE-2022-3786, CVE-2022-3602 patches [3.0.1-41.0.2] - Fix CVE-2022-3786, CVE-2022-3602 [3.0.1-41.0.1] - Replace upstream references [Orabug: 34340177] [1:3.0.1-41] - Zeroize public keys as required by FIPS 140-3 Resolves: rhbz#2115861 - Add FIPS indicator for HKD ... oval:org.secpod.oval:def:124372 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:89048062 This update for openssl-3 fixes the following issues: - CVE-2022-3996: Fixed X.509 Policy Constraints Double Locking oval:org.secpod.oval:def:85360 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full strength general purpose cryptography library. Security Fix: * OpenSSL: X.509 Email Address Buffer Overflow * OpenSSL: X.509 Email Address Variable Length Buffer Overflow For mo ... oval:org.secpod.oval:def:3300932 SUSE Security Update: Security update for openssl-3 oval:org.secpod.oval:def:93171 openssl: Secure Socket Layer cryptographic library and tools Several security issues were fixed in OpenSSL. oval:org.secpod.oval:def:89047830 This update for openssl-3 fixes the following issues: - CVE-2022-3358: Fixed vulnerability where a custom cipher passed to EVP_CipherInit could lead into NULL encryption being unexpectedly used . - CVE-2022-3602: Fixed a buffer overflow in the X.509 email address. - CVE-2022-3786: Fixed another buf ... oval:org.secpod.oval:def:2107858 Oracle Solaris 11 - ( CVE-2022-3602 ) oval:org.secpod.oval:def:85337 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full strength general purpose cryptography library. Security Fix: * OpenSSL: X.509 Email Address Buffer Overflow * OpenSSL: X.509 Email Address Variable Length Buffer Overflow For mo ... oval:org.secpod.oval:def:85359 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full strength general purpose cryptography library. Security Fix: * OpenSSL: X.509 Email Address Buffer Overflow * OpenSSL: X.509 Email Address Variable Length Buffer Overflow For mo ... oval:org.secpod.oval:def:85376 The host is installed with Node.js 18.x before 18.12.1, 19.x before 19.0.1 and is prone to an email address variable length buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle stack overflow while verifying the name constraint of the X.509 certificate. ... oval:org.secpod.oval:def:85312 The host is installed with OpenSSL 3.0.0 before 3.0.7, Node.js 18.0.0 before 18.12.1, 19.0.0 before 19.0.1 or SoftEther VPN Client 4.39 Build 9772 Beta and is prone to an email address variable length buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle ... |