what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 49 RSS Feed

CVE-2023-0286

Status Candidate

Overview

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.

Related Files

Red Hat Security Advisory 2024-6095-03
Posted Sep 12, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-6095-03 - Important Logging for Red Hat OpenShift - 5.9.6.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-0286
SHA-256 | 4356c672f0f9e778b40adb601366638999d75ac204dee1c273fc063c90910cdb
Red Hat Security Advisory 2024-5136-03
Posted Aug 9, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-5136-03 - An update for openssl is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-0286
SHA-256 | 4767406fbd5334ba5b2fdb41cc926f9de94165f587723c6862fc374089fd681e
Gentoo Linux Security Advisory 202402-08
Posted Feb 5, 2024
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202402-8 - Multiple vulnerabilities have been found in OpenSSL, the worst of which could result in denial of service. Versions greater than or equal to 3.0.10 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2022-3358, CVE-2022-4203, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0216, CVE-2023-0217, CVE-2023-0286, CVE-2023-0401, CVE-2023-0464, CVE-2023-0465, CVE-2023-0466, CVE-2023-2650, CVE-2023-2975
SHA-256 | 21ad378435b07083191f0c5fc69298cd031080be76d8665f35aae2aacebb11f1
Ubuntu Security Notice USN-6564-1
Posted Jan 3, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6564-1 - Hubert Kario discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain sensitive information. CarpetFuzz, Dawei Wang discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0401
SHA-256 | ae06e9d7de3a8aa6879c9ffafc7bea669c2fbcc0dec9e5141b1982070bee30b7
Red Hat Security Advisory 2023-2022-01
Posted Oct 11, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2022-01 - EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-0286
SHA-256 | 2b2e25d29e21971176c7f7a4d3f484f44b9102057e4fa2ce6cff934049abbb82
Red Hat Security Advisory 2023-5209-01
Posted Sep 19, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5209-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-21216, CVE-2022-33196, CVE-2023-0286
SHA-256 | e2349325b497de01733a16778a47c3ad4594b641992b40d4decefa64fedf5c94
Red Hat Security Advisory 2023-5103-01
Posted Sep 12, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-5103-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.11.6 images.

tags | advisory
systems | linux, redhat
advisories | CVE-2016-3709, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0361, CVE-2023-2828, CVE-2023-3089, CVE-2023-38408, CVE-2023-3899
SHA-256 | ff86c5fcb20d801641ee0a943d716618abfc792dd089f942079ae10795581374
Red Hat Security Advisory 2023-4310-01
Posted Aug 2, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4310-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.46. Issues addressed include denial of service and out of bounds read vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2021-38561, CVE-2022-4304, CVE-2023-0215, CVE-2023-0286, CVE-2023-24329, CVE-2023-2828
SHA-256 | ca92d84023a0e05b7798a857cca840a5ac2e7d09d50d170362be6bb5b247c0cb
Red Hat Security Advisory 2023-4421-01
Posted Aug 2, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4421-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.12.5 images.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-24736, CVE-2022-41723, CVE-2022-4304, CVE-2023-0215, CVE-2023-0286, CVE-2023-1667, CVE-2023-2283, CVE-2023-24329, CVE-2023-24540, CVE-2023-26604, CVE-2023-2828, CVE-2023-3089
SHA-256 | db79e46b0eba3e1a78e180a54c5653048a4f2e53759b8bc14de7603ad8f84236
Red Hat Security Advisory 2023-4252-01
Posted Jul 25, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4252-01 - EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-0286
SHA-256 | 6156786294d3494ea88cfd7c133a82f17d3f41e607df631c36327acb00e10f97
Red Hat Security Advisory 2023-4128-01
Posted Jul 18, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4128-01 - EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Issues addressed include a use-after-free vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-4304, CVE-2023-0215, CVE-2023-0286
SHA-256 | 26d7d6b2c7ca45bddabac4bf3d4c499fd5b957034a4976dfaaadd7854797b918
Red Hat Security Advisory 2023-4124-01
Posted Jul 18, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-4124-01 - EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.

tags | advisory
systems | linux, redhat
advisories | CVE-2023-0286
SHA-256 | bd84646f7e0983d4141ca02e96ba332562397ae44bce2b8c9b1c1bbfdd9d30fa
Red Hat Security Advisory 2023-3645-01
Posted Jun 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3645-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. This advisory covers the RPM packages for the release. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2021-20329, CVE-2021-43138, CVE-2022-24999, CVE-2022-25858, CVE-2022-27664, CVE-2022-2880, CVE-2022-36227, CVE-2022-39229, CVE-2022-41715, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0361
SHA-256 | 3023d0e9a727cd7cb6e6e20ebd2258d11d98d83016ff62bc73e6192f91c39a04
Red Hat Security Advisory 2023-3455-01
Posted Jun 6, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3455-01 - OpenShift Serverless version 1.29.0 contains a moderate security impact. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2022-36227, CVE-2022-41723, CVE-2022-41724, CVE-2022-41725, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0361, CVE-2023-0767, CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939
SHA-256 | fb699e506aa118c17dbd87137af0d14f01a829ce5c8b64ec9846e9ca82990b0b
Red Hat Security Advisory 2023-3421-01
Posted Jun 6, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3421-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.3 serves as a replacement for Red Hat JBoss Web Server 5.7.2. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include double free and use-after-free vulnerabilities.

tags | advisory, java, web, vulnerability
systems | linux, redhat
advisories | CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286
SHA-256 | b7e1a0f2d05b87882ca88c3378b08af039b9aeff34f0360edcb8d3063a932038
Red Hat Security Advisory 2023-3354-01
Posted Jun 6, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3354-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass, denial of service, double free, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2006-20001, CVE-2022-25147, CVE-2022-4304, CVE-2022-43551, CVE-2022-43552, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-23914, CVE-2023-23915, CVE-2023-23916, CVE-2023-25690
SHA-256 | 872079b042f0763e48a97309fcbc46a8880cc332bd629c972bb2a0f58175222a
Red Hat Security Advisory 2023-3420-02
Posted Jun 6, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3420-02 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.3 serves as a replacement for Red Hat JBoss Web Server 5.7.2. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include double free and use-after-free vulnerabilities.

tags | advisory, java, web, vulnerability
systems | linux, redhat
advisories | CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286
SHA-256 | 7dc1c42b2d4f1fd9c491c25d54360d67b2b29c51a72221e9df51c6909ebdb4f8
Red Hat Security Advisory 2023-3355-01
Posted Jun 6, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-3355-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass, denial of service, double free, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2006-20001, CVE-2022-25147, CVE-2022-4304, CVE-2022-43551, CVE-2022-43552, CVE-2022-43680, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-23914, CVE-2023-23915, CVE-2023-23916, CVE-2023-25690
SHA-256 | cced047a9c8b64215ce3e215ff5c91c3249ad0174bafa7de957f9317816d705d
Red Hat Security Advisory 2023-2932-01
Posted May 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2932-01 - EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Issues addressed include double free and use-after-free vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286
SHA-256 | 00200990c07f487dedd50b1c32123acb4670b6fc0d2132bec18aad3ba0cb10cd
Red Hat Security Advisory 2023-2110-01
Posted May 11, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2110-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.16. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2022-46146, CVE-2023-0286, CVE-2023-1999, CVE-2023-28617
SHA-256 | 4e216a91a43a7b8927163cc64253bfb9385719276af01ea8051621c425a5d012
Red Hat Security Advisory 2023-2165-01
Posted May 9, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2165-01 - EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Issues addressed include double free, privilege escalation, and use-after-free vulnerabilities.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2021-38578, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286
SHA-256 | 066a0b8b887b807496ca5e4cab3ba9a903e29113186a10b4fa2c79670fcb6c9c
Red Hat Security Advisory 2023-2107-01
Posted May 4, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2107-01 - The Migration Toolkit for Containers (MTC) 1.7.9 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2022-41724, CVE-2022-41725, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0361, CVE-2023-23916, CVE-2023-25173, CVE-2023-28617
SHA-256 | 4e5916017cd2c38d0dbb46d07a4b6c5a15d545e4b934c30942abd25556065af8
Red Hat Security Advisory 2023-2098-01
Posted May 4, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2098-01 - Multicluster Engine for Kubernetes 2.0.8 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2022-25881, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0361, CVE-2023-0767, CVE-2023-23916
SHA-256 | 5b409796351ae2191f3661c02dbe09dbe4a07067b31d38f4971846d655574798
Red Hat Security Advisory 2023-2061-01
Posted May 2, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2061-01 - Multicluster Engine for Kubernetes 2.1.6 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2020-10735, CVE-2021-28861, CVE-2022-25881, CVE-2022-40897, CVE-2022-4304, CVE-2022-4415, CVE-2022-4450, CVE-2022-45061, CVE-2022-48303, CVE-2023-0215, CVE-2023-0286, CVE-2023-0361, CVE-2023-0767, CVE-2023-23916
SHA-256 | 7da47561e67a1270c55a788f2757706933c85cf0d1b623630d91a7ddea2d1a34
Red Hat Security Advisory 2023-2023-01
Posted Apr 26, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2023-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-10735, CVE-2021-28861, CVE-2022-40186, CVE-2022-40897, CVE-2022-4304, CVE-2022-4415, CVE-2022-4450, CVE-2022-45061, CVE-2022-48303, CVE-2023-0215, CVE-2023-0286, CVE-2023-0361, CVE-2023-23916
SHA-256 | c6904d9c5fef64669837a2ad40e8be5c2049a68a8cf769b21ca87ac743de8433
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close