Download
| Alert*
oval:org.secpod.oval:def:70570
openssl: Secure Socket Layer cryptographic library and tools OpenSSL could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:1700576 A flaw was found in openssl. A server crash and denial of service attack could occur if a client sends a TLSv1.2 renegotiation ClientHello and omits the signature_algorithms extension but includes a signature_algorithms_cert extension. The highest threat from this vulnerability is to system availabi ... oval:org.secpod.oval:def:1504804 [1.1.1g-15] - version bump [1.1.1g-14] - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT [1.1.1g-13] - Fix CVE-2021-3449 NULL pointer deref in signature_algorithms processing oval:org.secpod.oval:def:71416 The host is installed with Oracle MySQL Server through 5.7.33 or 8.0.23 and is prone to an unspecified vulnerability. A flaw is present in the application, which fails to handle vectors related to Server: Packaging (OpenSSL). Successful exploitation allows attackers to affect Availability. oval:org.secpod.oval:def:1504809 [1.1.1g-15] - version bump [1.1.1g-14] - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT [1.1.1g-13] - Fix CVE-2021-3449 NULL pointer deref in signature_algorithms processing oval:org.secpod.oval:def:74375 postgresql-10: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:70640 A NULL pointer dereference was found in the signature_algorithms processing in OpenSSL, a Secure Sockets Layer toolkit, which could result in denial of service. Additional details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20210325.txt oval:org.secpod.oval:def:89045099 This update for nodejs10 fixes the following issues: Update nodejs10 to 10.24.1. Including fixes for - CVE-2021-22918: libuv upgrade - Out of bounds read - CVE-2021-27290: ssri Regular Expression Denial of Service - CVE-2021-23362: hosted-git-info Regular Expression Denial of Service - CVE-2020-7 ... oval:org.secpod.oval:def:75325 The host is installed with Microsoft Visual Studio and is prone to a NULL pointer de-reference vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation could allow an unspecified impact. oval:org.secpod.oval:def:2106813 Oracle Solaris 11 - ( CVE-2021-2307 ) oval:org.secpod.oval:def:4501291 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: NULL pointer dereference in signature_algorithms processing * openssl: CA certificate check bypass with X ... oval:org.secpod.oval:def:2106832 Oracle Solaris 11 - ( CVE-2021-3449 ) oval:org.secpod.oval:def:89044103 This update for openssl-1_1 fixes the following security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_alg ... oval:org.secpod.oval:def:74531 postgresql-10: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:74526 postgresql-13: Object-relational SQL database - postgresql-12: Object-relational SQL database - postgresql-10: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:70840 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: NULL pointer dereference in signature_algorithms processing * openssl: CA certificate check bypass with X ... oval:org.secpod.oval:def:505995 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Security Fix: * openssl: NULL pointer dereference in signature_algorithms processing * openssl: CA certificate check bypass with X ... oval:org.secpod.oval:def:705945 openssl: Secure Socket Layer cryptographic library and tools OpenSSL could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:706101 postgresql-13: Object-relational SQL database - postgresql-12: Object-relational SQL database - postgresql-10: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:70494 The host is installed with racle MySQL Server through 5.7.33 or 8.0.23 or OpenSSL 1.1.1 through 1.1.1j and is prone to a NULL pointer dereference vulnerability. A flaw is present in the application which fails to handle a maliciously crafted renegotiation ClientHello message from a client. Successfu ... oval:org.secpod.oval:def:1801877 empty oval:org.secpod.oval:def:605470 A NULL pointer dereference was found in the signature_algorithms processing in OpenSSL, a Secure Sockets Layer toolkit, which could result in denial of service. Additional details can be found in the upstream advisory: https://www.openssl.org/news/secadv/20210325.txt oval:org.secpod.oval:def:2500285 OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. oval:org.secpod.oval:def:89047105 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_ce ... oval:org.secpod.oval:def:1702213 A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERAL_NAME_cmp function, could cause the application, compiled with openssl to crash resulting in a denial of service. The highest threat from this vulnerability is to system availability. ... |