507 matches found
Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : OpenSSL vulnerabilities (USN-7278-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7278-1 advisory. George Pantelakis and Alicja Kario discovered that OpenSSL had a timing side-channel when performing ECDSA signature computations...
USN-7278-1: OpenSSL vulnerabilities
George Pantelakis and Alicja Kario discovered that OpenSSL had a timing side-channel when performing ECDSA signature computations. A remote attacker could possibly use this issue to recover private data. CVE-2024-13176 It was discovered that OpenSSL incorrectly handled certain memory operations...
Important: mysql:8.0 security update
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. Security Fixes: openssl: SSLselectnextproto buffer overread CVE-2024-5535 krb5: GSS message token handling CVE-2024-37371 curl: libcurl: ASN.1 date pars...
Security Bulletin: Security vulnerability found in package openssl shipped with IBM CICS TX Advanced.
Summary Security vulnerability found in package openssl shipped with IBM CICS TX Advanced. The versions of the packages have been updated. Vulnerability Details CVEID:CVE-2024-4741 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-fr...
Ubuntu 24.10 : OpenSSL vulnerabilities (USN-7264-1)
The remote Ubuntu 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7264-1 advisory. It was discovered that OpenSSL clients incorrectly handled authenticating servers using RFC7250 Raw Public Keys. In certain cases, the connection will not...
Ubuntu: Security Advisory (USN-7264-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-7264-1: OpenSSL vulnerabilities
It was discovered that OpenSSL clients incorrectly handled authenticating servers using RFC7250 Raw Public Keys. In certain cases, the connection will not abort as expected, possibly causing the communication to be intercepted. CVE-2024-12797 George Pantelakis and Alicja Kario discovered that...
CVE-2024-12797 RFC7250 handshakes with unauthenticated servers don't abort as expected
Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSLVERIFYPEER verification mode is set. Impact summary: TLS and DTLS connections using raw public keys m...
OpenSSL 安全漏洞
OpenSSL is an open source general-purpose cryptographic library capable of implementing the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols from the OpenSSL team. It supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...
CVE-2024-13176 vulnerabilities
Vulnerabilities for packages: openssl-provider-fips, openssl, openssl-provider-fips-3.1.2...
CVE-2024-13176 vulnerabilities
Vulnerabilities for packages: openssl...
EulerOS 2.0 SP9 : openssl (EulerOS-SA-2025-1058)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds...
EulerOS 2.0 SP10 : openssl (EulerOS-SA-2025-1009)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds...
EulerOS 2.0 SP10 : openssl (EulerOS-SA-2025-1026)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds...
CVE-2023-24010
An attacker can arbitrarily craft malicious DDS Participants or ROS 2 Nodes with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7 certificate’s validation. This is caused by a...
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM® Db2® Big SQL.
Summary There are multiple vulnerabilities in OpenSSL used by IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4.6.0 and earlier. Vulnerability Details CVEID:CVE-2022-3602 DESCRIPTION: A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note...
Security Bulletin: IBM Storage Scale System may be affected by vulnerabilities in OpenSSL
Summary Security vulnerabilities have been discovered in OpenSSL that are now fixed. Vulnerability Details CVEID:CVE-2023-3446 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DHcheck, DHcheckex or EVPPKEYparamcheck functions to check a DH key or DH...
EulerOS 2.0 SP11 : openssl (EulerOS-SA-2024-2984)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds...
EulerOS 2.0 SP12 : openssl (EulerOS-SA-2024-2941)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds...
Oracle Linux 9 : openssl / and / openssl-fips-provider (ELSA-2024-9333)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9333 advisory. - Fix CVE-2024-6119: Possible denial of service in X.509 name checks Resolves: RHEL-55339 - Fix CVE-2024-5535: SSLselectnextproto buffer overread...