Latest stormshield stormshield management center Vulnerabilities

CVE-2023-0401
NULL dereference during PKCS7 data verification
redhat/openssl<1:3.0.1-47.el9_1
redhat/openssl<1:3.0.1-46.el9_0
OpenSSL OpenSSL>=3.0.0<=3.0.7
Stormshield Stormshield Management Center<3.3.3
ubuntu/nodejs<12.22.9~dfsg-1ubuntu3.3
ubuntu/openssl<3.0.8
and 6 more
CVE-2023-0216
Invalid pointer dereference in d2i_PKCS7 functions
redhat/openssl<1:3.0.1-47.el9_1
redhat/openssl<1:3.0.1-46.el9_0
OpenSSL OpenSSL>=3.0.0<=3.0.7
Stormshield Stormshield Management Center<3.3.3
ubuntu/openssl<3.0.8-1ubuntu1
ubuntu/openssl<3.0.8
and 5 more
CVE-2023-0215
Use-after-free following BIO_new_NDEF
redhat/jbcs-httpd24-openssl<1:1.1.1k-14.el8
redhat/jbcs-httpd24-openssl<1:1.1.1k-14.el7
redhat/edk2<0:20220126gitbb1bba3d77-4.el8
redhat/openssl<1:1.1.1k-9.el8_7
redhat/edk2<0:20220126gitbb1bba3d77-2.el8_6.1
redhat/openssl<1:1.1.1k-9.el8_6
and 28 more
CVE-2023-0286
X.400 address type confusion in X.509 GeneralName
redhat/jbcs-httpd24-openssl<1:1.1.1k-14.el8
redhat/jbcs-httpd24-openssl<1:1.1.1k-14.el7
redhat/openssl<0:1.0.1e-61.el6_10
redhat/openssl<1:1.0.2k-26.el7_9
redhat/edk2<0:20220126gitbb1bba3d77-4.el8
redhat/openssl<1:1.1.1k-9.el8_7
and 40 more
CVE-2022-32213
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).
Llhttp Llhttp<2.1.5
Llhttp Llhttp>=6.0.0<6.0.7
Nodejs Node.js>=14.0.0<=14.14.0
Nodejs Node.js>=14.15.0<14.20.1
Nodejs Node.js>=16.0.0<=16.12.0
Nodejs Node.js>=16.13.0<16.17.1
and 15 more
CVE-2022-32214
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).
Llhttp Llhttp<2.1.5
Llhttp Llhttp>=6.0.0<6.0.7
Nodejs Node.js>=14.0.0<=14.14.0
Nodejs Node.js>=14.15.0<14.20.0
Nodejs Node.js>=16.0.0<=16.12.0
Nodejs Node.js>=16.13.0<16.16.0
and 9 more
CVE-2022-32215
The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).
Llhttp Llhttp>=14.0.0<14.20.1
Llhttp Llhttp>=16.0.0<16.17.1
Llhttp Llhttp>=18.0.0<18.9.1
Nodejs Node.js>=14.0.0<=14.14.0
Nodejs Node.js>=14.15.0<14.20.0
Nodejs Node.js>=16.0.0<=16.12.0
and 16 more
CVE-2002-20001
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-expo...
Balasys Dheater
SUSE Linux Enterprise Server=15
SUSE Linux Enterprise Server=11
SUSE Linux Enterprise Server=12
F5 BIG-IQ Centralized Management=7.1.0
F5 BIG-IQ Centralized Management>=8.0.0<=8.2.0
and 80 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203