Lucene search
K

20 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.11 views

Unity Linux 20.1060e / 20.1070e Security Update: openssl (UTSA-2026-017581)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017581 advisory. Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum...

7.5CVSS5.8AI score0.50732EPSS
Exploits0References4
OSV
OSV
added 2026/04/27 6:33 p.m.8 views

JLSEC-2026-222 Integer Overflow in openssl-src

The OpenSSL public API function X509issuerandserialhash attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field which might occur if the...

5.9CVSS6.3AI score0.07471EPSS
Exploits0References30
OSV
OSV
added 2024/03/06 11:5 a.m.29 views

BIT-NODE-2021-23840 Integer overflow in CipherUpdate

Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...

7.5CVSS7.5AI score0.50732EPSS
Exploits0References21
OSV
OSV
added 2022/05/24 7:12 p.m.37 views

GHSA-Q9WJ-F4QW-6VFJ Read buffer overruns processing ASN.1 strings

ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL 0 byte...

7.4CVSS7.9AI score0.50445EPSS
Exploits0References31
Tenable Nessus
Tenable Nessus
added 2022/05/10 12:0 a.m.49 views

NewStart CGSL CORE 5.04 / MAIN 5.04 : openssl Multiple Vulnerabilities (NS-SA-2022-0017)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has openssl packages installed that are affected by multiple vulnerabilities: - Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is clo...

7.5CVSS6.5AI score0.50732EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2021/08/25 8:52 p.m.46 views

Integer Overflow in openssl-src

Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...

5.9CVSS7.2AI score0.07471EPSS
Exploits0References27Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/07/01 12:0 a.m.33 views

EulerOS Virtualization 3.0.6.6 : openssl (EulerOS-SA-2021-2032)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The OpenSSL public API function X509issuerandserialhash attempts to create a unique hash value based on the issuer and serial...

7.5CVSS6.5AI score0.50732EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2021/03/23 12:0 a.m.33 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : OpenSSL vulnerabilities (USN-4738-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4738-1 advisory. Paul Kehrer discovered that OpenSSL incorrectly handled certain input lengths in EVP functions. A remote attacker could possibly...

7.5CVSS6.6AI score0.50732EPSS
Exploits0References3
Amazon
Amazon
added 2021/03/20 12:0 a.m.90 views

Medium: openssl11

Issue Overview: Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissible length for an integer on the platform. In such cases the return value from the function call will be 1...

7.5CVSS7.4AI score0.50732EPSS
Exploits0
OpenVAS
OpenVAS
added 2021/02/17 12:0 a.m.25 views

OpenSSL: Null pointer deref in X509_issuer_and_serial_hash() (CVE-2021-23841) - Linux

OpenSSL is prone to a denial of service DoS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; yo...

5.9CVSS6.9AI score0.07471EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2021/02/17 12:0 a.m.18 views

OpenSSL: Null pointer deref in X509_issuer_and_serial_hash() (CVE-2021-23841) - Windows

OpenSSL is prone to a denial of service DoS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; yo...

5.9CVSS6.9AI score0.07471EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2021/02/17 12:0 a.m.19 views

OpenSSL: Incorrect SSLv2 rollback protection (CVE-2021-23839) - Linux

OpenSSL is prone to an incorrect SSLv2 rollback protection vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fr...

4.3CVSS5.7AI score0.02961EPSS
Exploits0References1
OSV
OSV
added 2021/02/16 5:15 p.m.2 views

DEBIAN-CVE-2021-23841

The OpenSSL public API function X509issuerandserialhash attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field which might occur if the...

5.9CVSS9.1AI score0.07471EPSS
Exploits0References1
OSV
OSV
added 2021/02/16 5:15 p.m.7 views

ALPINE-CVE-2021-23840

Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...

7.5CVSS7.1AI score0.50732EPSS
Exploits0References1
OSV
OSV
added 2021/02/16 5:15 p.m.1 views

DEBIAN-CVE-2021-23840

Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...

7.5CVSS6.3AI score0.50732EPSS
Exploits0References1
Prion
Prion
added 2021/02/16 5:15 p.m.28 views

Null pointer dereference

The OpenSSL public API function X509issuerandserialhash attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field which might occur if the...

4.3CVSS6.7AI score0.07471EPSS
Exploits0References21Affected Software20
UbuntuCve
UbuntuCve
added 2021/02/16 5:15 p.m.26 views

CVE-2021-23839

OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater th...

4.3CVSS6.7AI score0.02961EPSS
Exploits0References4
OSV
OSV
added 2021/02/16 5:15 p.m.9 views

UBUNTU-CVE-2021-23840

Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...

7.5CVSS6.7AI score0.50732EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2021/02/16 4:55 p.m.5 views

CVE-2021-23840 Integer overflow in CipherUpdate

Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...

7.1AI score0.50732EPSS
Exploits0References20
AlpineLinux
AlpineLinux
added 2021/02/16 4:55 p.m.51 views

CVE-2021-23839

OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater th...

4.3CVSS5.7AI score0.02961EPSS
Exploits0
Rows per page
Query Builder