Lucene search
K

23341 matches found

HackRead
HackRead
added 2025/06/23 4:16 p.m.3 views

Speaker Proposal Deadline Approaches for OpenSSL Conference 2025 in Prague

Newark, United States, 23rd June 2025, CyberNewsWire...

7.3AI score
Exploits0
Rosalinux
Rosalinux
added 2025/06/23 8:18 a.m.5 views

Advisory ROSA-SA-2025-2904

Software: openssl 1.1.1k OS: ROSA Virtualization 3.0 packageevrstring: openssl-1.1.1k-12.0.1.rv30 CVE-ID: CVE-2009-1387 BDU-ID: 2015-09404 CVE-Crit: MEDIUM CVE-DESC.: Multiple vulnerabilities in the openssl package up to version 0.9.8l-r2 of the Gentoo Linux operating system, the exploitation of...

9.8CVSS9.4AI score0.87816EPSS
Exploits4
Rosalinux
Rosalinux
added 2025/06/23 8:16 a.m.4 views

Advisory ROSA-SA-2025-2903

Software: openssl 1.1.1k OS: ROSA Virtualization 2.1 packageevrstring: openssl-1.1.1.1k-9.rv3 CVE-ID: CVE-2009-1387 BDU-ID: 2015-09404 CVE-Crit: MEDIUM CVE-DESC.: Multiple vulnerabilities in the openssl package up to version 0.9.8l-r2 of the Gentoo Linux operating system, the exploitation of whic...

9.8CVSS9.4AI score0.87816EPSS
Exploits4
Rosalinux
Rosalinux
added 2025/06/23 7:23 a.m.13 views

Advisory ROSA-SA-2025-2898

Software: openssl 1.1.1k OS: ROSA Virtualization 3.0 packageevrstring: openssl-1.1.1k-12.0.1.rv30 CVE-ID: CVE-2019-1547 BDU-ID: 2019-04084 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the ecerr.c and eclib.c functions of the OpenSSL library is related to the lack of data encryption measures...

10CVSS9.2AI score0.95764EPSS
Exploits15
Rosalinux
Rosalinux
added 2025/06/23 7:22 a.m.14 views

Advisory ROSA-SA-2025-2897

Software: openssl 1.1.1k OS: ROSA Virtualization 2.1 packageevrstring: openssl-1.1.1.1k-14.0.1.rv3 CVE-ID: CVE-2019-1547 BDU-ID: 2019-04084 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the ecerr.c and eclib.c functions of the OpenSSL library is related to the lack of data encryption measures...

10CVSS9.2AI score0.95764EPSS
Exploits15
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/22 12:20 p.m.5 views

Security Bulletin: Vulnerability in cryptography affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2023-2650, CVE-2023-4807, CVE-2023-3446 ]

Summary The cryptography package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2023-2650, CVE-2023-4807, CVE-2023-3446 Vulnerability Details CVEID:CVE-2023-2650 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caus...

7.8CVSS7.6AI score0.73461EPSS
Exploits0Affected Software1
Packet Storm News
Packet Storm News
added 2025/06/22 12:0 a.m.4 views

LURK-T: Limited Use of Remote Keys with Added Trust in TLS 1.3

In many web applications, such as Content Delivery Networks CDNs, TLS credentials are shared, e.g., between the website's TLS origin server and the CDN's edge servers, which can be distributed around the globe. To enhance the security and trust for TLS 1.3 in such scenarios, we propose LURK-T, a...

7.1AI score
Exploits0
SUSE Linux
SUSE Linux
added 2025/06/20 12:40 p.m.3 views

Security update for python310

This update for python310 fixes the following issues: python310 was updated from version 3.10.16 to 3.10.18: Security issues fixed: CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS bsc1243273 CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4517: Fix...

8.4CVSS6.1AI score0.01184EPSS
Exploits14References24
OSV
OSV
added 2025/06/20 12:40 p.m.5 views

SUSE-SU-2025:02047-1 Security update for python310

This update for python310 fixes the following issues: python310 was updated from version 3.10.16 to 3.10.18: - Security issues fixed: CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS bsc1243273 CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4517:...

9.4CVSS9.3AI score0.01184EPSS
Exploits14References13
SUSE Linux
SUSE Linux
added 2025/06/20 10:38 a.m.2 views

Security update for openssl-3

This update for openssl-3 fixes the following issues: CVE-2025-27587: timing side-channel vulnerability in the P-384 implementation when used with ECDSA bsc1243459. CVE-2024-12797: Fixed that RFC7250 handshakes with unauthenticated servers don't abort as expected. bsc1236599 CVE-2024-13176: Fixed...

8.8CVSS7.5AI score0.02357EPSS
Exploits0References12
OSV
OSV
added 2025/06/20 10:38 a.m.2 views

SUSE-SU-2025:02042-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2025-27587: timing side-channel vulnerability in the P-384 implementation when used with ECDSA bsc1243459. - CVE-2024-12797: Fixed that RFC7250 handshakes with unauthenticated servers don't abort as expected. bsc1236599 - CVE-2024-13176:...

6.3CVSS6.7AI score0.02357EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/19 4:11 p.m.15 views

Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities

Summary IBM QRadar SIEM includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. These have been addressed in the update. Vulnerability Details CVEID:CVE-2023-0286 DESCRIPTION: There is a type confusion vulnerability relating to X.400...

7.8CVSS9AI score0.59501EPSS
Exploits0Affected Software1
SUSE Linux
SUSE Linux
added 2025/06/19 7:14 a.m.2 views

Security update for s390-tools

This update for s390-tools fixes the following issues: Security issues fixed: CVE-2025-3416: Fixed Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate. bsc1242622 Other issues: Added the new IBM z17 9175 processor type. Patch Instructions: To install this SUSE update use the SUSE...

6.3CVSS7.2AI score0.00452EPSS
Exploits0References6
OSV
OSV
added 2025/06/19 7:14 a.m.3 views

SUSE-SU-2025:02017-1 Security update for s390-tools

This update for s390-tools fixes the following issues: Security issues fixed: - CVE-2025-3416: Fixed Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate. bsc1242622 Other issues: - Added the new IBM z17 9175 processor type...

3.7CVSS4.6AI score0.00452EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/06/18 12:2 a.m.10 views

CVE-2025-27587

OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVPDigestSign API, and then using the private key to extract the K value nonce from the signatures. Next, based on the bit size of t...

5.3CVSS6AI score0.00361EPSS
Exploits0References1
NVD
NVD
added 2025/06/16 10:15 p.m.21 views

CVE-2025-27587

OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVPDigestSign API, and then using the private key to extract the K value nonce from the signatures. Next, based on the bit size of t...

5.3CVSS0.00361EPSS
Exploits0References2
OSV
OSV
added 2025/06/16 10:15 p.m.5 views

CVE-2025-27587

OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVPDigestSign API, and then using the private key to extract the K value nonce from the signatures. Next, based on the bit size of t...

5.3CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2025/06/16 10:15 p.m.8 views

DEBIAN-CVE-2025-27587

OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVPDigestSign API, and then using the private key to extract the K value nonce from the signatures. Next, based on the bit size of t...

5.3CVSS7.2AI score0.00361EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2025/06/16 11:28 a.m.5 views

Astra Linux – Vulnerability in OpenSSL

Issue summary: Clients that use RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the server was not authenticated, because the handshake does not abort as expected when the SSLVERIFYPEER verification mode is set. Impact summary: TLS and DTLS connections that use raw...

6.3CVSS6.8AI score0.02357EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2025/06/16 11:28 a.m.2 views

Astra Linux – Vulnerability in easy-rsa

The weak encryption algorithm in the Easy-RSA version 3.0.5 to 3.1.7 allows a local attacker to more easily brute-force the private CA key when it is created using OpenSSL 3...

5.3CVSS6.1AI score0.00081EPSS
Exploits0References3
Rows per page
Query Builder