Lucene search
K

159 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-4160

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves...

5.9CVSS6.6AI score0.03803EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2021-3449

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the...

5.9CVSS7.5AI score0.62906EPSS
Exploits3References2
Positive Technologies
Positive Technologies
added 2025/05/07 12:0 a.m.4 views

PT-2025-20241 · Jruby · Jruby +1

Name of the Vulnerable Software and Affected Versions: JRuby-OpenSSL versions 0.12.1 through 0.15.3 JRuby versions 9.3.4.0 through 9.4.12.0 JRuby version 10.0.0.0 Description: The issue concerns the verification of SSL certificates. When verifying these certificates, the hostname presented in the...

7.1CVSS6.3AI score0.00158EPSS
Exploits1References14
Tenable Nessus
Tenable Nessus
added 2025/03/13 12:0 a.m.12 views

Siemens SCALANCE X-200RNA Switch Devices Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2017-3735)

While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g. This plugin onl...

5.3CVSS6.3AI score0.17699EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2018-0732

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - During key agreement in a TLS handshake using a DHE based ciphersuite a malicious server can send a very large prime value to the client. This will cause the...

7.5CVSS6.3AI score0.49268EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2021-23840

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the...

7.5CVSS6.7AI score0.50732EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/03 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2011-4576

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might all...

5CVSS7.2AI score0.14523EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/02/21 12:0 a.m.13 views

CBL Mariner 2.0 Security Update: cloud-hypervisor-cvm / openssl (CVE-2024-12797)

The version of cloud-hypervisor-cvm / openssl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-12797 advisory. - Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server M...

6.3CVSS7AI score0.02357EPSS
Exploits0References2
OSV
OSV
added 2025/02/11 4:15 p.m.46 views

CVE-2024-12797

Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSLVERIFYPEER verification mode is set. Impact summary: TLS and DTLS connections using raw public keys m...

6.3CVSS4.4AI score
Exploits0References7
OSV
OSV
added 2025/01/20 2:15 p.m.6 views

AZL-55889 CVE-2024-13176 affecting package openssl for versions less than 3.3.3-1

Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would...

4.1CVSS6.5AI score0.00601EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.4 views

PT-2026-4945

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.3 through 3.6 Description A TLS 1.3 connection utilizing certificate compression can be manipulated to allocate a substantial buffer prior to decompression, bypassing the configured certificate size limit. This can lead to...

9.8CVSS6AI score0.47621EPSS
Exploits7References71
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.9 views

PT-2026-4942

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.3 through 3.6 Description A flaw exists in OpenSSL where the SSL CIPHER find function, when used in a QUIC protocol client or server, can experience a NULL pointer dereference if it receives an unknown cipher suite from its...

8.8CVSS5.8AI score0.47621EPSS
Exploits7References126
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.6 views

PT-2026-4948

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.1.1 through 3.6 OpenSSL version 1.0.2 is not affected Description The issue relates to the handling of non-block-aligned input lengths when using the low-level OCB API directly with AES-NI or other hardware-accelerated code...

9.8CVSS5.9AI score0.47621EPSS
Exploits7References107
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.6 views

PT-2026-4946

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.0.2 through 3.6 OpenSSL versions 1.1.1 OpenSSL versions 3.0 through 3.6 OpenSSL versions 3.3 through 3.6 OpenSSL versions 3.4 through 3.6 OpenSSL versions 3.5 through 3.6 Description A heap-based out-of-bounds write can occu...

9.8CVSS5.9AI score0.47621EPSS
Exploits7References116
OpenVAS
OpenVAS
added 2024/06/27 12:0 a.m.54 views

OpenSSL Buffer Overread Vulnerability (20240627) - Windows

OpenSSL is prone to a buffer overread vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openssl:openssl";...

9.1CVSS9.6AI score0.05582EPSS
Exploits1References2
OSV
OSV
added 2024/05/24 11:8 a.m.2 views

OESA-2024-1639 iperf3 security update

Iperf is a tool for active measurements of the maximum achievable bandwidth on IP networks. It supports tuning of various parameters related to timing, protocols, and buffers. Security Fixes: iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a...

5.9CVSS6.8AI score0.01107EPSS
Exploits0References2
OSV
OSV
added 2024/05/16 4:15 p.m.7 views

AZL-42063 CVE-2024-4603 affecting package edk2 for versions less than 20240524git3e722403cd16-8

Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVPPKEYparamcheck or EVPPKEYpubliccheck to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked...

5.3CVSS6.6AI score0.01131EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/01/09 12:0 a.m.2 views

OpenSSL Security Vulnerabilities

OpenSSL is an open source capable general-purpose cryptographic library from the OpenSSL team that implements the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. It supports a wide range of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...

6.5CVSS6.7AI score0.02323EPSS
Exploits0References9
OSV
OSV
added 2023/11/06 4:15 p.m.5 views

AZL-35084 CVE-2023-5678 affecting package openssl for versions less than 1.1.1k-28

Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHgeneratekey to generate an X9.42 DH key may experience long delays. Likewise, applications that use...

5.3CVSS6.5AI score0.04459EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/07/19 12:0 a.m.5 views

OpenSSL 安全漏洞

OpenSSL is an open source capable general-purpose cryptographic library from the OpenSSL team that implements the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. It supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...

5.3CVSS6.4AI score0.05533EPSS
Exploits0References22
Rows per page
Query Builder