Lucene search
K

149 matches found

RedhatCVE
RedhatCVE
added 2025/02/06 1:48 a.m.11 views

CVE-2022-43507

Improper buffer restrictions in the IntelR QAT Engine for OpenSSL before version 0.6.16 may allow a privileged user to potentially enable escalation of privilege via network access...

8.8CVSS7.2AI score0.00611EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2025/02/03 8:4 p.m.0 views

Security update for openssl-1_1

This update for openssl-11 fixes the following issues: CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation bsc1236136 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you...

8.2CVSS6.3AI score0.00601EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/01/07 11:49 a.m.16 views

CVE-2025-0306

A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service. Mitigation See the following possible...

7.4CVSS6.9AI score0.00626EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.9 views

PT-2026-4943

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.5 and 3.6 Description The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. This can lead a user to believe an entire file ...

9.8CVSS5.9AI score0.47621EPSS
Exploits7References66
OSV
OSV
added 2024/12/16 2:4 p.m.10 views

BIT-NODE-MIN-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT

The X509VFLAGX509STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an...

7.4CVSS7.5AI score0.18339EPSS
Exploits1References25
OSV
OSV
added 2024/12/16 2:1 p.m.19 views

BIT-NODE-MIN-2022-3602 X.509 Email Address 4-byte Buffer Overflow

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...

7.5CVSS8.2AI score0.89804EPSS
Exploits6References43
SUSE Linux
SUSE Linux
added 2024/11/07 10:12 a.m.1 views

Security update for openssl-3

This update for openssl-3 fixes the following issues: CVE-2023-50782: Implicit rejection in PKCS1 v1.5 bsc1220262 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed fo...

5.9CVSS6.7AI score0.01118EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2024/10/29 1:34 a.m.3 views

Security update for openssl-3

This update for openssl-3 fixes the following issues: CVE-2023-50782: Implicit rejection in PKCS1 v1.5 bsc1220262 CVE-2024-41996: Avoid expensive public key validation for known safe-prime groups DHEATATTACK bsc1230698 Patch Instructions: To install this SUSE update use the SUSE recommended...

8.2CVSS6.2AI score0.01118EPSS
Exploits0References8
vulnersOsv
vulnersOsv
added 2024/07/22 5:34 p.m.6 views

bitcoin-harness (=0.1.0), bitcoin_rpc_client (>=0.5.0 <=0.6.1) +80 more potentially affected by unknown CVE via openssl (>=0.10.22 <=0.10.57)

openssl CARGO version =0.10.22, =0.5.0, =0.2.0, =0.0.0, =0.0.1, =0.3.3, =0.6.25, =0.1.0-alpha.0, =0.1.24, =0.37.0, =0.4.0, =0.37.0, =0.37.0, =0.38.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-Q445-7M23-QRMW...

5.7AI score
Exploits0
IBM AIX
IBM AIX
added 2024/07/16 3:22 p.m.90 views

AIX is vulnerable to a denial of service (CVE-2024-2511 CVE-2024-0727) due to OpenSSL

IBM SECURITY ADVISORY First Issued: Tue Jul 16 15:22:01 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/openssladvisory41.asc Security Bulletin: AIX is vulnerable to a denial of service CVE-2024-2511, CVE-2024-0727 due to OpenS...

5.9CVSS7.3AI score0.54026EPSS
Exploits0
OSV
OSV
added 2024/06/09 8:15 p.m.8 views

AZL-42616 CVE-2024-2408 affecting package php for versions less than 8.3.8-1

The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817...

5.9CVSS6.4AI score0.01158EPSS
Exploits1References1
OSV
OSV
added 2024/06/09 8:15 p.m.25 views

CVE-2024-2408

The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817...

5.9CVSS5.6AI score
Exploits0References4
Cvelist
Cvelist
added 2024/06/09 7:55 p.m.519 views

CVE-2024-2408 PHP is vulnerable to the Marvin Attack

The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817...

0.01158EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/06/07 12:0 a.m.19 views

OpenSSL 0.9.7 < 0.9.7h Vulnerability

The version of OpenSSL installed on the remote host is prior to 0.9.7h. It is, therefore, affected by a vulnerability as referenced in the 0.9.7h advisory. - The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSLOPMSIESSLV2RSAPADDING option,...

5CVSS6.5AI score0.04866EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/04/08 12:0 a.m.119 views

OpenSSL 3.2.0 < 3.2.2 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.2.2. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.2.2 advisory. - Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the function...

7.5CVSS7.2AI score0.54026EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2024/01/09 12:0 a.m.132 views

OpenSSL 3.2.0 < 3.2.1 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.2.1. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.2.1 advisory. - Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service...

6.5CVSS6.7AI score0.03174EPSS
Exploits0References9
vulnersOsv
vulnersOsv
added 2023/11/23 12:0 p.m.5 views

bitcoin-harness (=0.1.0), bitcoin_rpc_client (>=0.5.0 <=0.6.1) +80 more potentially affected by unknown CVE via openssl (>=0.10.22 <=0.10.57)

openssl CARGO version =0.10.22, =0.5.0, =0.2.0, =0.0.0, =0.0.1, =0.3.3, =0.6.25, =0.1.0-alpha.0, =0.1.24, =0.37.0, =0.4.0, =0.37.0, =0.37.0, =0.38.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2023-0072...

5.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/07/19 12:0 a.m.283 views

OpenSSL 3.0.0 < 3.0.10 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.0.10. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.0.10 advisory. - Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functio...

5.3CVSS6.7AI score0.05533EPSS
Exploits0References13
OSV
OSV
added 2023/05/30 2:15 p.m.5 views

ALPINE-CVE-2023-2650

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...

6.5CVSS6.6AI score0.73461EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/17 10:25 p.m.35 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in libcurl (CVE-2022-32221)

Summary A vulnerability in libcurl used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2022-32221 DESCRIPTION: cURL libcurl could allow a remote attacker to bypass security restrictions, caused by a flaw when using the read callback CURLOPTREADFUNCTION to ask for...

9.8CVSS8.4AI score0.04325EPSS
Exploits1Affected Software1
Rows per page
Query Builder