Lucene search
+L

89 matches found

OSV
OSV
added 2025/08/15 12:51 p.m.5 views

SUSE-SU-2025:02810-1 Security update for rust-keylime

This update for rust-keylime fixes the following issues: - Update to version 0.2.7+141: CVE-2025-58266: shlex: Fixed command injection bsc1247193 - Update to version 0.2.7+117: CVE-2023-26964: rust-keylime: hyper,h2: stream stacking when H2 processing HTTP2 RSTSTREAM frames bsc1210344...

8.8CVSS6.4AI score0.01121EPSS
Exploits2References14
RedhatCVE
RedhatCVE
added 2025/07/28 6:15 p.m.10 views

CVE-2023-53159

A flaw was found in openssl. An out-of-bounds read can occur within the X509VerifyParamRef::sethost function when processing an empty string. A local attacker can trigger this condition by providing a specially crafted input, resulting in a potential information leak. Mitigation Mitigation for th...

9.1CVSS5.5AI score0.00329EPSS
Exploits1References6
AlpineLinux
AlpineLinux
added 2025/07/07 2:24 p.m.4 views

CVE-2025-5987

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with th...

8.1CVSS6.3AI score0.0144EPSS
Exploits0
NVD
NVD
added 2025/07/04 6:15 a.m.7 views

CVE-2025-5372

A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenl...

8.8CVSS0.00407EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/05/22 2:39 a.m.4 views

CVE-2010-1378

OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows remote attackers to bypass X.509 certificate authentication via an arbitrary certificate issued by a legitimate Certification Authority...

9.8CVSS6.9AI score0.01269EPSS
Exploits0References1
OSV
OSV
added 2025/04/08 6:24 p.m.31 views

CVE-2025-3416 Rust-openssl: rust-openssl use-after-free in `md::fetch` and `cipher::fetch`

A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string...

3.7CVSS5.8AI score0.00486EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.17 views

Linux Distros Unpatched Vulnerability : CVE-2024-9355

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buff...

6.5CVSS7AI score0.00298EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2014-8176

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The dtls1clearqueues function in ssl/d1lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering...

7.5CVSS7.2AI score0.16587EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2015-3194

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto/rsa/rsaameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service NULL pointer dereference and...

7.5CVSS6.7AI score0.44016EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2016-7056

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys. CVE-2016-70...

5.5CVSS7AI score0.00594EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2019-1559

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respon...

5.9CVSS6.3AI score0.17139EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2014-8275

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to...

5CVSS6.7AI score0.1653EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/12 2:43 a.m.25 views

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java

Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION: Vulnerability in Java SE component: Serialization. Difficult to exploit vulnerability allows...

5.3CVSS6.2AI score0.05966EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/27 6:19 p.m.31 views

Security Bulletin: Multiple vulnerabilities in IBM® Semeru Runtime affect IBM Tivoli Netcool Impact

Summary There are multiple vulnerabilities in IBM® Semuru Runtime used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION: Vulnerability in Java SE component: Serialization. Difficult to exploit...

5.3CVSS7.8AI score0.05966EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/01/09 4:5 a.m.46 views

CVE-2025-0306 Ruby: openssl: ruby marvin attack

A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service...

7.4CVSS0.00636EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/11/12 9:20 a.m.3 views

openssl: Excessive time spent checking invalid RSA public keys

A flaw was found in OpenSSL. When the EVPPKEYpubliccheck function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large...

5.9CVSS7.1AI score0.02303EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/25 2:45 p.m.28 views

Security Bulletin: IBM Master Data Management may provide weaker than expected security due to OpenSSL through a carry propogation flaw (CVE-2021-4160)

Summary IBM Master Data Management v11.6, and v12.0 are vulnerable to a carry propogation flaw found in OpenSSL. OpenSSL could provide weaker than expected security, caused by a carry propagation flaw in the MIPS32 and MIPS64 squaring procedure. An attacker could exploit this vulnerability to...

5.9CVSS6.2AI score0.03803EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/10/01 7:15 p.m.10 views

AZL-52774 CVE-2024-9355 affecting package golang for versions less than 1.22.9-1

A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted...

6.5CVSS7.2AI score0.00298EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/09/18 9:18 p.m.4 views

openssl: Possible denial of service in X.509 name checks

A flaw was found in OpenSSL. Applications performing certificate name checks e.g., TLS clients checking server certificates may attempt to read an invalid memory address resulting in abnormal termination of the application process...

7.5CVSS7.3AI score0.66582EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/04/30 10:36 a.m.4 views

openssl: Excessive time spent checking invalid RSA public keys

A flaw was found in OpenSSL. When the EVPPKEYpubliccheck function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large...

5.9CVSS7.1AI score0.02303EPSS
Exploits0References6
Rows per page
Query Builder