Lucene search
K

1572 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-5363

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during...

7.5CVSS6.4AI score0.03332EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-3416

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may resu...

3.7CVSS5.8AI score0.00452EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2021-3449

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the...

5.9CVSS7.5AI score0.62906EPSS
Exploits3References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/12 7:56 p.m.9 views

Security Bulletin: IBM i is affected by errors in OpenSSL resulting in denial-of-service attacks and incorrect X.509 certificate verification due to multiple vulnerabilities.

Summary IBM i is affected by errors in OpenSSL as part of IBM Portable Utilities for i resulting in denial-of-service attacks CVE-2023-0464, CVE-2023-2650, CVE-2023-3817 and incorrect X.509 certificate verification CVE-2023-0465, CVE-2023-0466 as described in the vulnerability details section. Th...

7.5CVSS7.1AI score0.73461EPSS
Exploits0Affected Software6
Tenable Nessus
Tenable Nessus
added 2025/08/12 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2024-5535

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be se...

9.1CVSS7.5AI score0.05582EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/11 1:6 p.m.7 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest

Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-9143 DESCRIPTION: Issue summary: Use of the low-level GF2^m elliptic curve APIs with...

4.3CVSS7.7AI score0.05966EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2025/07/28 3:31 a.m.6 views

Duplicate Advisory: `openssl` `X509VerifyParamRef::set_host` buffer over-read

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xcf7-rvmh-g6q4. This link is maintained to preserve external references. Original Description The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to...

9.1CVSS7AI score0.00329EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2025/07/28 12:0 a.m.2 views

CVE-2023-53159

The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::sethost...

4.5CVSS6.1AI score0.00329EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/07/23 8:5 a.m.15 views

CVE-2025-0664

A locally authenticated, privileged user can craft a malicious OpenSSL configuration file, potentially leading the agent to load an arbitrary local library. This may impair endpoint defenses and allow the attacker to achieve code execution with SYSTEM-level privileges...

6.7CVSS6.8AI score0.00168EPSS
Exploits0References1
NVD
NVD
added 2025/07/21 7:15 a.m.9 views

CVE-2025-0664

A locally authenticated, privileged user can craft a malicious OpenSSL configuration file, potentially leading the agent to load an arbitrary local library. This may impair endpoint defenses and allow the attacker to achieve code execution with SYSTEM-level privileges...

6.7CVSS0.00168EPSS
Exploits0References1
CVE
CVE
added 2025/07/21 7:8 a.m.35 views

CVE-2025-0664

CVE-2025-0664 affects Trellix Endpoint Security HX Agent. A locally authenticated, privileged user can craft a malicious OpenSSL configuration file, potentially causing the agent to load an arbitrary local library and execute code with SYSTEM privileges. Evidence from multiple sources confirms th...

6.7CVSS6.9AI score0.00168EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/21 7:8 a.m.4 views

CVE-2025-0664

A locally authenticated, privileged user can craft a malicious OpenSSL configuration file, potentially leading the agent to load an arbitrary local library. This may impair endpoint defenses and allow the attacker to achieve code execution with SYSTEM-level privileges...

6.7CVSS6.9AI score0.00168EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/21 12:0 a.m.4 views

PT-2025-30237 · Openssl · Openssl

Name of the Vulnerable Software and Affected Versions: OpenSSL affected versions not specified Description: A locally authenticated, privileged user can create a malicious OpenSSL configuration file, potentially causing the agent to load an arbitrary local library. This could compromise endpoint...

6.7CVSS6.5AI score0.00168EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/07/20 11:8 p.m.12 views

CVE-2025-7394

In the OpenSSL compatibility layer implementation, the function RANDpoll was not behaving as expected and leading to the potential for predictable values returned from RANDbytes after fork is called. This can lead to weak or predictable random numbers generated in applications that are both using...

7CVSS6.6AI score0.00387EPSS
Exploits0References1
NVD
NVD
added 2025/07/18 11:15 p.m.18 views

CVE-2025-7394

In the OpenSSL compatibility layer implementation, the function RANDpoll was not behaving as expected and leading to the potential for predictable values returned from RANDbytes after fork is called. This can lead to weak or predictable random numbers generated in applications that are both using...

9.8CVSS0.00387EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/18 10:34 p.m.9 views

CVE-2025-7394

In the OpenSSL compatibility layer implementation, the function RANDpoll was not behaving as expected and leading to the potential for predictable values returned from RANDbytes after fork is called. This can lead to weak or predictable random numbers generated in applications that are both using...

7CVSS0.00387EPSS
Exploits0References1
CVE
CVE
added 2025/07/18 10:34 p.m.39 views

CVE-2025-7394

In CVE-2025-7394, the OpenSSL compatibility layer’s RAND_poll() misbehavior can yield predictable random values from RAND_bytes() when fork() occurs, affecting only applications that call RAND_bytes() after forking (not internal TLS operations). WolfSSL implemented a complementary change so RAND_...

9.8CVSS7.3AI score0.00387EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2025/07/18 10:34 p.m.6 views

CVE-2025-7394

In the OpenSSL compatibility layer implementation, the function RANDpoll was not behaving as expected and leading to the potential for predictable values returned from RANDbytes after fork is called. This can lead to weak or predictable random numbers generated in applications that are both using...

9.8CVSS5.4AI score0.00387EPSS
Exploits0
CNNVD
CNNVD
added 2025/07/18 12:0 a.m.4 views

OpenSSL 安全漏洞

OpenSSL is an open source general-purpose cryptographic library capable of implementing the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols from the OpenSSL team. It supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...

9.8CVSS6.4AI score0.00387EPSS
Exploits0References2
Hacker One
Hacker One
added 2025/07/09 3:4 a.m.15 views

curl: Use-After-Free in OpenSSL Keylog Callback via SSL_get_ex_data() in libcurl

Summary: A Use-After-Free UAF vulnerability exists in libcurl when the OpenSSL SSLCTXsetkeylogcallback is set. The callback may be invoked after the associated SSL object has been freed via SSLfree, leading to access to a dangling pointer and potential crash or information leak via SSLgetexdata...

7.3AI score
Exploits0
Rows per page
Query Builder