Lucene search
K

507 matches found

Tenable Nessus
Tenable Nessus
added 2025/02/21 12:0 a.m.17 views

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : OpenSSL vulnerabilities (USN-7278-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7278-1 advisory. George Pantelakis and Alicja Kario discovered that OpenSSL had a timing side-channel when performing ECDSA signature computations...

4.3CVSS7.4AI score0.05966EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2025/02/20 5:40 p.m.88 views

USN-7278-1: OpenSSL vulnerabilities

George Pantelakis and Alicja Kario discovered that OpenSSL had a timing side-channel when performing ECDSA signature computations. A remote attacker could possibly use this issue to recover private data. CVE-2024-13176 It was discovered that OpenSSL incorrectly handled certain memory operations...

4.3CVSS7.3AI score0.05966EPSS
Exploits0
AlmaLinux
AlmaLinux
added 2025/02/19 12:0 a.m.46 views

Important: mysql:8.0 security update

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. Security Fixes: openssl: SSLselectnextproto buffer overread CVE-2024-5535 krb5: GSS message token handling CVE-2024-37371 curl: libcurl: ASN.1 date pars...

9.1CVSS6.4AI score0.16212EPSS
Exploits3References100
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/17 3:16 p.m.34 views

Security Bulletin: Security vulnerability found in package openssl shipped with IBM CICS TX Advanced.

Summary Security vulnerability found in package openssl shipped with IBM CICS TX Advanced. The versions of the packages have been updated. Vulnerability Details CVEID:CVE-2024-4741 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-fr...

9.1CVSS8.6AI score0.54026EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/02/12 12:0 a.m.18 views

Ubuntu 24.10 : OpenSSL vulnerabilities (USN-7264-1)

The remote Ubuntu 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7264-1 advisory. It was discovered that OpenSSL clients incorrectly handled authenticating servers using RFC7250 Raw Public Keys. In certain cases, the connection will not...

6.3CVSS7.5AI score0.05966EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2025/02/12 12:0 a.m.15 views

Ubuntu: Security Advisory (USN-7264-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.3CVSS5.3AI score0.05966EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2025/02/11 4:9 p.m.17 views

USN-7264-1: OpenSSL vulnerabilities

It was discovered that OpenSSL clients incorrectly handled authenticating servers using RFC7250 Raw Public Keys. In certain cases, the connection will not abort as expected, possibly causing the communication to be intercepted. CVE-2024-12797 George Pantelakis and Alicja Kario discovered that...

6.3CVSS7.3AI score0.05966EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/02/11 3:59 p.m.12 views

CVE-2024-12797 RFC7250 handshakes with unauthenticated servers don't abort as expected

Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSLVERIFYPEER verification mode is set. Impact summary: TLS and DTLS connections using raw public keys m...

6.7AI score0.02357EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/02/11 12:0 a.m.1 views

OpenSSL 安全漏洞

OpenSSL is an open source general-purpose cryptographic library capable of implementing the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols from the OpenSSL team. It supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...

6.3CVSS6.7AI score0.02357EPSS
Exploits0References9
Chainguard
Chainguard
added 2025/01/20 2:15 p.m.40 views

CVE-2024-13176 vulnerabilities

Vulnerabilities for packages: openssl-provider-fips, openssl, openssl-provider-fips-3.1.2...

4.1CVSS6.6AI score0.00601EPSS
Exploits0
Wolfi
Wolfi
added 2025/01/20 2:15 p.m.113 views

CVE-2024-13176 vulnerabilities

Vulnerabilities for packages: openssl...

4.1CVSS7.2AI score0.00601EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/01/14 12:0 a.m.32 views

EulerOS 2.0 SP9 : openssl (EulerOS-SA-2025-1058)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds...

4.3CVSS7AI score0.05966EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/01/13 12:0 a.m.12 views

EulerOS 2.0 SP10 : openssl (EulerOS-SA-2025-1009)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds...

4.3CVSS7AI score0.05966EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/01/13 12:0 a.m.29 views

EulerOS 2.0 SP10 : openssl (EulerOS-SA-2025-1026)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds...

4.3CVSS7AI score0.05966EPSS
Exploits0References2
OSV
OSV
added 2025/01/09 3:15 p.m.7 views

CVE-2023-24010

An attacker can arbitrarily craft malicious DDS Participants or ROS 2 Nodes with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7 certificate’s validation. This is caused by a...

8.2CVSS6.7AI score
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/04 12:32 p.m.28 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM® Db2® Big SQL.

Summary There are multiple vulnerabilities in OpenSSL used by IBM® Db2® Big SQL 7 on IBM Cloud Pak for Data 4.6.0 and earlier. Vulnerability Details CVEID:CVE-2022-3602 DESCRIPTION: A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note...

7.5CVSS8.7AI score0.91153EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/12/16 5:50 p.m.30 views

Security Bulletin: IBM Storage Scale System may be affected by vulnerabilities in OpenSSL

Summary Security vulnerabilities have been discovered in OpenSSL that are now fixed. Vulnerability Details CVEID:CVE-2023-3446 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using the DHcheck, DHcheckex or EVPPKEYparamcheck functions to check a DH key or DH...

5.3CVSS7AI score0.05533EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/12/12 12:0 a.m.10 views

EulerOS 2.0 SP11 : openssl (EulerOS-SA-2024-2984)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds...

4.3CVSS7.4AI score0.05966EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/12/12 12:0 a.m.5 views

EulerOS 2.0 SP12 : openssl (EulerOS-SA-2024-2941)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds...

4.3CVSS7AI score0.05966EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/11/19 12:0 a.m.26 views

Oracle Linux 9 : openssl / and / openssl-fips-provider (ELSA-2024-9333)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9333 advisory. - Fix CVE-2024-6119: Possible denial of service in X.509 name checks Resolves: RHEL-55339 - Fix CVE-2024-5535: SSLselectnextproto buffer overread...

9.1CVSS7.4AI score0.91153EPSS
Exploits7References5
Rows per page
Query Builder