Download
| Alert*
oval:org.secpod.oval:def:89950
The remote host is missing a patch 151913-20 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:706347 openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools OpenSSL could be made to stop responding if it opened a specially crafted certificate. oval:org.secpod.oval:def:2107656 Oracle Solaris 11 - ( CVE-2022-0778 ) oval:org.secpod.oval:def:78537 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: Infinite loop in BN_mod_sqrt reachable when parsing certificates For more details about the security issu ... oval:org.secpod.oval:def:1505533 [1:1.1.1k-5.0.1] - fix CVE-2022-0778 - possible infinite loop in BN_mod_sqrt [Orabug: 33974871] oval:org.secpod.oval:def:89046279 This update for nodejs14 fixes the following issues: - CVE-2022-0778: Fixed a infinite loop in BN_mod_sqrt reachable when parsing certificates . - CVE-2021-44906: Fixed a prototype pollution in node-minimist . - CVE-2021-44907: Fixed a potential Denial of Service vulnerability in node-qs . - CVE-202 ... oval:org.secpod.oval:def:89046278 This update for nodejs12 fixes the following issues: - CVE-2022-0778: Fixed a infinite loop in BN_mod_sqrt reachable when parsing certificates . - CVE-2021-44906: Fixed a prototype pollution in node-minimist . - CVE-2021-44907: Fixed a potential Denial of Service vulnerability in node-qs . - CVE-202 ... oval:org.secpod.oval:def:1505534 [1.0.2k-25_fips] - Change Epoch from 1 to 10 - Fix DH self-test to add shared secret comparison [Orabug: 32467026] - Add DH support changes for SP 800-56A rev3 requirements [Orabug: 32467059] - Add TLS KDF self-test [Orabug: 32467193] - Add EC keys pairwise consistency test [Orabug: 32467059] [1:1.0 ... oval:org.secpod.oval:def:1700891 The BN_mod_sqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a ba ... oval:org.secpod.oval:def:5800099 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. compat-openssl11 provides the legacy 1.1 version of OpenSSL for use with older binaries. Security Fix: * openssl: Infinite loop in ... oval:org.secpod.oval:def:2500715 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. oval:org.secpod.oval:def:1601524 The BN_mod_sqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a ba ... oval:org.secpod.oval:def:121829 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:80128 The host is installed with Apple Mac OS X 10.15.7 or Apple Mac OS 12 before 12.4 or Apple Mac OS before 11.6.6 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle a validation issue. On successful exploitation, processing a maliciou ... oval:org.secpod.oval:def:1505581 [1.0.1e-59.0.3] - Fix possible infinite loop in BN_mod_sqrt [CVE-2022-0778][Orabug: 33969800] [1.0.1e-59.0.1] - Backport fixes for CVE-2020-1971 [Orabug: 32654738] [1.0.1e-58.0.1] - Oracle bug 28730228: backport CVE-2018-0732 - Oracle bug 28758493: backport CVE-2018-0737 - Merge upstream patch to fi ... oval:org.secpod.oval:def:506985 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. compat-openssl11 provides the legacy 1.1 version of OpenSSL for use with older binaries. Security Fix: * openssl: Infinite loop in ... oval:org.secpod.oval:def:78329 The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. oval:org.secpod.oval:def:1505542 [1.0.1e-59.0.3] - Fix possible infinite loop in BN_mod_sqrt [CVE-2022-0778][Orabug: 33969800] oval:org.secpod.oval:def:1505541 [1:1.0.2k-25] - Fixes CVE-2022-2078 Infinite loop in BN_mod_sqrt reachable when parsing certificates - Related: rhbz#2067160 oval:org.secpod.oval:def:89046145 This update for openssl fixes the following issues: - CVE-2022-0778: Infinite loop in BN_mod_sqrt reachable when parsing certificates . oval:org.secpod.oval:def:89046144 This update for openssl fixes the following issues: - CVE-2022-0778: Infinite loop in BN_mod_sqrt reachable when parsing certificates . oval:org.secpod.oval:def:89046142 This update for openssl-1_1 fixes the following issues: - CVE-2022-0778: Infinite loop in BN_mod_sqrt reachable when parsing certificates . - Add safe primes to DH parameter generation as recommended from RFC7919 and RFC3526 . oval:org.secpod.oval:def:3300786 SUSE Security Update: Security update for openssl-1_0_0 oval:org.secpod.oval:def:78324 The host is installed with OpenSSL 1.0.2 through 1.0.2zc, 1.1.1 through 1.1.1m or 3.0.0 through 3.0.1 and is prone to an infinite loop vulnerability. A flaw is present in the BN_mod_sqrt() function, which computes a modular square root. Successful exploitation could allow attackers to trigger the in ... oval:org.secpod.oval:def:2500790 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. compat-openssl10 provides the legacy 1.0 version of OpenSSL for use with older binaries. oval:org.secpod.oval:def:78436 openssl: Secure Socket Layer cryptographic library and tools - openssl1.0: Secure Socket Layer cryptographic library and tools OpenSSL could be made to stop responding if it opened a specially crafted certificate. oval:org.secpod.oval:def:89046138 This update for openssl-1_1 fixes the following issues: Security issue fixed: - CVE-2022-0778: Infinite loop in BN_mod_sqrt reachable when parsing certificates . Non-security issues fixed: - Fix PAC pointer authentication in ARM. - Pull libopenssl-1_1 when updating openssl-1_1 with the same version ... oval:org.secpod.oval:def:89046139 This update for openssl-1_0_0 fixes the following issues: - CVE-2022-0778: Infinite loop in BN_mod_sqrt reachable when parsing certificates . - Allow CRYPTO_THREADID_set_callback to be called with NULL parameter . oval:org.secpod.oval:def:1505510 [1.0.2k-24.0.3] - fix CVE-2022-0778 - possible infinite loop in BN_mod_sqrt oval:org.secpod.oval:def:506836 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: Infinite loop in BN_mod_sqrt reachable when parsing certificates For more details about the security issu ... oval:org.secpod.oval:def:89046136 This update for openssl-1_1 fixes the following issues: - CVE-2022-0778: Infinite loop in BN_mod_sqrt reachable when parsing certificates . oval:org.secpod.oval:def:1505553 [1.0.2k-24.0.3] - fix CVE-2022-0778 openssl: Fix possible infinite loop in BN_mod_sqrt - Change Epoch from 1 to 10 - Fix DH self-test to add shared secret comparison [Orabug: 32467026] - Add DH support changes for SP 800-56A rev3 requirements [Orabug: 32467059] - Add TLS KDF self-test [Orabug: 32467 ... oval:org.secpod.oval:def:1505879 [1:1.1.1k-4.0.1] - Backport upstream PRs 18446 and 18481 which update certificates used for the self-tests [Orabug: 34326055] [1:1.1.1k-4] - Fixes CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt reachable when parsing certificates Resolves: rhbz#2063147 - Disable FIPS mode; it does not work and ... oval:org.secpod.oval:def:1505513 [1:1.1.1k-5.0.1] - fix CVE-2022-0778 - possible infinite loop in BN_mod_sqrt [Orabug: 33974871] oval:org.secpod.oval:def:89046133 This update for openssl-1_0_0 fixes the following issues: - CVE-2022-0778: Infinite loop in BN_mod_sqrt reachable when parsing certificates . oval:org.secpod.oval:def:1700870 The BN_mod_sqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a ba ... oval:org.secpod.oval:def:3301286 SUSE Security Update: Security update for nodejs12 oval:org.secpod.oval:def:78395 Tavis Ormandy discovered that the BN_mod_sqrt function of OpenSSL could be tricked into an infinite loop. This could result in denial of service via malformed certificates. Additional details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20220315.txt In addition this upd ... oval:org.secpod.oval:def:507055 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. compat-openssl10 provides the legacy 1.0 version of OpenSSL for use with older binaries. Security Fix: * compat-openssl10: Infinite ... oval:org.secpod.oval:def:4500957 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: Infinite loop in BN_mod_sqrt reachable when parsing certificates For more details about the security issu ... oval:org.secpod.oval:def:4501128 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. compat-openssl10 provides the legacy 1.0 version of OpenSSL for use with older binaries. Security Fix: * compat-openssl10: Infinite ... oval:org.secpod.oval:def:1505520 [1:1.1.1k-6] - Fixes CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt reachable when parsing certificates - Resolves: rhbz#2067144 oval:org.secpod.oval:def:1505526 [1.0.2k-24.0.3] - fix CVE-2022-0778 - possible infinite loop in BN_mod_sqrt oval:org.secpod.oval:def:506807 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: Infinite loop in BN_mod_sqrt reachable when parsing certificates For more details about the security issu ... oval:org.secpod.oval:def:80064 The host is missing a patch containing a security fixes, which affects the following package(s): openssl.base oval:org.secpod.oval:def:506806 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: Infinite loop in BN_mod_sqrt reachable when parsing certificates For more details about the security issu ... oval:org.secpod.oval:def:1505523 [1:1.1.1k-6] - Fixes CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt reachable when parsing certificates - Resolves: rhbz#2067144 oval:org.secpod.oval:def:606181 Tavis Ormandy discovered that the BN_mod_sqrt function of OpenSSL could be tricked into an infinite loop. This could result in denial of service via malformed certificates. Additional details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20220315.txt In addition this upd ... oval:org.secpod.oval:def:121770 The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. oval:org.secpod.oval:def:89955 The remote host is missing a patch 151912-20 containing a security fix. For more information please visit the reference link. oval:org.secpod.oval:def:3301153 SUSE Security Update: Security update for nodejs14 oval:org.secpod.oval:def:1505801 [1:1.0.2o-4] - Fix CVE-2022-0778: Infinite loop in BN_mod_sqrt reachable when parsing certificates Resolves: rhbz#2077417 oval:org.secpod.oval:def:1701744 Vulnerability in the MySQL Server product of Oracle MySQL . Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of ... oval:org.secpod.oval:def:19500048 Vulnerability in the MySQL Server product of Oracle MySQL . Supported versions that are affected are 5.7.34 and prior and 8.0.25 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of ... oval:org.secpod.oval:def:79011 The host is installed with Oracle MySQL Server through 5.7.37 or 8.0.28 or OpenSSL 1.0.2 through 1.0.2zc, 1.1.1 through 1.1.1m or 3.0.0 through 3.0.1 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Packaging (OpenSS ... oval:org.secpod.oval:def:708554 nodejs: An open-source, cross-platform JavaScript runtime environment. Several security issues were fixed in Node.js. oval:org.secpod.oval:def:94969 nodejs: An open-source, cross-platform JavaScript runtime environment. Several security issues were fixed in Node.js. oval:org.secpod.oval:def:80148 The host is missing a security update according to Apple advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle multiple issues. Successful exploitation allow attackers to execute arbitrary code, cause denial of service or di ... oval:org.secpod.oval:def:80065 The host is missing a security update according to Apple advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle multiple issues. Successful exploitation allow attackers to execute arbitrary code, cause denial of service or di ... oval:org.secpod.oval:def:97610 [CLSA-2022:1647550273] Fixed CVE-2022-0778 in openssl oval:org.secpod.oval:def:80066 The host is missing a security update according to Apple advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle multiple issues. Successful exploitation allow attackers to execute arbitrary code, cause denial of service or di ... oval:org.secpod.oval:def:1505519 [1:1.0.2k-25] - Fixes CVE-2022-2078 Infinite loop in BN_mod_sqrt reachable when parsing certificates - Related: rhbz#2067160 oval:org.secpod.oval:def:19500080 The BN_mod_sqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a ba ... oval:org.secpod.oval:def:1702213 A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERAL_NAME_cmp function, could cause the application, compiled with openssl to crash resulting in a denial of service. The highest threat from this vulnerability is to system availability. ... |