Download
| Alert*
oval:org.secpod.oval:def:70495
The host is installed with OpenSSL 1.1.1h through 1.1.1j and is prone to a security bypass vulnerability. A flaw is present in the application which fails to properly handle the check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters. Successful exploitatio ... oval:org.secpod.oval:def:1700576 A flaw was found in openssl. A server crash and denial of service attack could occur if a client sends a TLSv1.2 renegotiation ClientHello and omits the signature_algorithms extension but includes a signature_algorithms_cert extension. The highest threat from this vulnerability is to system availabi ... oval:org.secpod.oval:def:2106716 Oracle Solaris 11 - ( CVE-2021-3450 ) oval:org.secpod.oval:def:1801877 empty oval:org.secpod.oval:def:1504804 [1.1.1g-15] - version bump [1.1.1g-14] - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT [1.1.1g-13] - Fix CVE-2021-3449 NULL pointer deref in signature_algorithms processing oval:org.secpod.oval:def:1504809 [1.1.1g-15] - version bump [1.1.1g-14] - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT [1.1.1g-13] - Fix CVE-2021-3449 NULL pointer deref in signature_algorithms processing oval:org.secpod.oval:def:70840 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: NULL pointer dereference in signature_algorithms processing * openssl: CA certificate check bypass with X ... oval:org.secpod.oval:def:2500285 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. oval:org.secpod.oval:def:89045099 This update for nodejs10 fixes the following issues: Update nodejs10 to 10.24.1. Including fixes for - CVE-2021-22918: libuv upgrade - Out of bounds read - CVE-2021-27290: ssri Regular Expression Denial of Service - CVE-2021-23362: hosted-git-info Regular Expression Denial of Service - CVE-2020-7 ... oval:org.secpod.oval:def:75326 The host is installed with Microsoft Visual Studio or OpenSSL 1.1.1h through 1.1.1j and is prone to a CA certificate check bypass vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could allow an unspecified impact. oval:org.secpod.oval:def:4501291 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: NULL pointer dereference in signature_algorithms processing * openssl: CA certificate check bypass with X ... oval:org.secpod.oval:def:505995 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: NULL pointer dereference in signature_algorithms processing * openssl: CA certificate check bypass with X ... oval:org.secpod.oval:def:1702213 A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERAL_NAME_cmp function, could cause the application, compiled with openssl to crash resulting in a denial of service. The highest threat from this vulnerability is to system availability. ... |