Lucene search
K

23341 matches found

Hacker One
Hacker One
added 2025/07/09 3:4 a.m.15 views

curl: Use-After-Free in OpenSSL Keylog Callback via SSL_get_ex_data() in libcurl

Summary: A Use-After-Free UAF vulnerability exists in libcurl when the OpenSSL SSLCTXsetkeylogcallback is set. The callback may be invoked after the associated SSL object has been freed via SSLfree, leading to access to a dangling pointer and potential crash or information leak via SSLgetexdata...

7.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/07/08 12:0 a.m.6 views

PT-2025-28643 · Undefined · Undefined

🚨 Breaking: OpenSSL 3.0 has a new vulnerability CVE-2025-02236—moderate risk but needs patching NOW! 🔐 Affects TLS 1.3 sessions. Fix: Upgrade to 3.0.10. Read more: 👉 https://t.co/rd2BO9Z8OI CyberSecurity SUSE Linux https://t.co/JcQ8TTAWUJ...

7.1AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/07/08 12:0 a.m.6 views

SUSE SLED15: libopenssl-3-devel / libopenssl-3-fips-provider / etc (SUSE-SU-2025:02236-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02236-1 advisory. - CVE-2025-27587: Fixed Minerva side channel vulnerability in P-384 bsc1240366. - Backport mdless cms signing support...

5.3CVSS7.2AI score0.00361EPSS
Exploits0References4
Broadcom
Broadcom
added 2025/07/08 12:0 a.m.15 views

Plaintext security passwords are logged in the audit logs while executing openssl cmd (CVE-2025-4662)

Brocade SANnav before SANnav 2.4.0a logs plaintext passphrases in the Brocade SANnav host server audit logs while executing OpenSSL command using a passphrase from the command line or while providing the passphrase through a temporary file. These audit logs are the local server VM’s audit logs an...

5.1CVSS6.6AI score0.00136EPSS
Exploits0
OSV
OSV
added 2025/07/07 3:15 p.m.1 views

DEBIAN-CVE-2025-5987

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with th...

8.1CVSS6.4AI score0.0144EPSS
Exploits0References1
OSV
OSV
added 2025/07/07 3:15 p.m.6 views

AZL-64797 CVE-2025-5987 affecting package libssh for versions less than 0.10.6-2

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with th...

8.1CVSS6.4AI score0.0144EPSS
Exploits0References1
OSV
OSV
added 2025/07/07 3:15 p.m.4 views

CVE-2025-5987

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with th...

8.1CVSS6AI score0.0144EPSS
Exploits0References17
OSV
OSV
added 2025/07/07 3:15 p.m.6 views

AZL-64794 CVE-2025-5987 affecting package libssh for versions less than 0.10.6-2

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with th...

8.1CVSS6.4AI score0.0144EPSS
Exploits0References1
NVD
NVD
added 2025/07/07 3:15 p.m.11 views

CVE-2025-5987

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with th...

8.1CVSS0.0144EPSS
Exploits0References17
CVE
CVE
added 2025/07/07 2:24 p.m.71 views

CVE-2025-5987

CVE-2025-5987 affects libssh when using ChaCha20 with OpenSSL. Root cause: OpenSSL error codes alias with SSH_OK, causing libssh to miss detection of an error during ChaCha20-Poly1305 key setup, potentially leading to a partially initialized cipher context and undefined behavior that can compromi...

8.1CVSS6.2AI score0.0144EPSS
Exploits0References17Affected Software1
ATTACKERKB
ATTACKERKB
added 2025/07/07 2:24 p.m.3 views

CVE-2025-5987

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with th...

8.1CVSS5.9AI score0.0144EPSS
Exploits0References18Affected Software17
Cvelist
Cvelist
added 2025/07/07 2:24 p.m.13 views

CVE-2025-5987 Libssh: invalid return code for chacha20 poly1305 with openssl backend

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with th...

8.1CVSS0.0144EPSS
Exploits0References17
Vulnrichment
Vulnrichment
added 2025/07/07 2:24 p.m.5 views

CVE-2025-5987 Libssh: invalid return code for chacha20 poly1305 with openssl backend

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with th...

8.1CVSS6.2AI score0.0144EPSS
Exploits0References17
Debian CVE
Debian CVE
added 2025/07/07 2:24 p.m.5 views

CVE-2025-5987

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with th...

8.1CVSS6.4AI score0.0144EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/07/07 2:24 p.m.2 views

CVE-2025-5987

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with th...

8.1CVSS6.3AI score0.0144EPSS
Exploits0
SUSE Linux
SUSE Linux
added 2025/07/07 12:59 p.m.2 views

Security update for openssl-3

This update for openssl-3 fixes the following issues: CVE-2025-27587: Fixed Minerva side channel vulnerability in P-384 bsc1240366. Backport mdless cms signing support jscPED-12895 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate...

6CVSS7.3AI score0.00361EPSS
Exploits0References6
OSV
OSV
added 2025/07/07 12:58 p.m.4 views

SUSE-SU-2025:02236-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2025-27587: Fixed Minerva side channel vulnerability in P-384 bsc1240366. - Backport mdless cms signing support jscPED-12895...

5.3CVSS7.1AI score0.00361EPSS
Exploits0References3
Zero Day Initiative
Zero Day Initiative
added 2025/07/07 12:0 a.m.4 views

Parallels Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AppServer...

7.3CVSS6.9AI score
Exploits0References2
OpenVAS
OpenVAS
added 2025/07/07 12:0 a.m.5 views

OpenSSL Library (.so) Detection (Linux/Unix SSH Login)

SSH login-based detection of OpenSSL. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.119052";...

7.3AI score
Exploits0
OSV
OSV
added 2025/07/04 2:44 p.m.5 views

OESA-2025-1747 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications th...

5.3CVSS6.9AI score0.04459EPSS
Exploits0References2
Rows per page
Query Builder