Lucene search
K

23343 matches found

OpenVAS
OpenVAS
added 2025/06/13 12:0 a.m.3 views

openSUSE Security Advisory (SUSE-SU-2025:01884-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS5.7AI score0.00516EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/11 11:58 a.m.12 views

Security Bulletin: IBM DataPower Gateway affected by timing side-channel in OpenSSL (CVE-2024-13176)

Summary IBM DataPower Gateway uses OpenSSL for most cryptographic operations. Vulnerability Details CVEID:CVE-2024-13176 DESCRIPTION: Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing...

4.1CVSS8.9AI score0.00601EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/06/11 5:43 a.m.3 views

SUSE-SU-2025:01887-1 Security update for perl-Crypt-OpenSSL-RSA

This update for perl-Crypt-OpenSSL-RSA fixes the following issues: - CVE-2024-2467: Side-channel attack in PKCS1 v1.5 padding mode Marvin Attack bsc1221446...

5.9CVSS6AI score0.00516EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2025/06/11 5:42 a.m.2 views

Security update for perl-Crypt-OpenSSL-RSA

This update for perl-Crypt-OpenSSL-RSA fixes the following issues: CVE-2024-2467: Side-channel attack in PKCS1 v1.5 padding mode Marvin Attack bsc1221446 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

5.9CVSS6AI score0.00516EPSS
Exploits0References4
OSV
OSV
added 2025/06/11 5:42 a.m.2 views

SUSE-SU-2025:01884-1 Security update for perl-Crypt-OpenSSL-RSA

This update for perl-Crypt-OpenSSL-RSA fixes the following issues: - CVE-2024-2467: Side-channel attack in PKCS1 v1.5 padding mode Marvin Attack bsc1221446...

5.9CVSS6AI score0.00516EPSS
Exploits0References3
OSV
OSV
added 2025/06/11 5:41 a.m.2 views

SUSE-SU-2025:01879-1 Security update for nodejs22

This update for nodejs22 fixes the following issues: Update to version 22.15.1. Security issues fixed: - CVE-2025-23166: remotely triggerable process crash due to improper error handling in async cryptographic operations bsc1243218. - CVE-2025-23165: memory leak and unbounded memory growth due to...

7.5CVSS6.2AI score0.00763EPSS
Exploits0References7
Zero Day Initiative
Zero Day Initiative
added 2025/06/11 12:0 a.m.10 views

Trend Micro Worry-Free Business Security Uncontrolled Search Path Element Arbitrary Code Execution Vulnerability

This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Trend Micro Worry-Free Business Security. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The process loads an...

6.8CVSS7.5AI score0.00244EPSS
Exploits0References1
OSV
OSV
added 2025/06/10 11:49 a.m.7 views

BIT-MARIADB-MIN-2022-0778 Infinite loop in BN_mod_sqrt() reachable when parsing certificates

The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a...

7.5CVSS7.7AI score0.70561EPSS
Exploits2References35
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/06/10 3:22 a.m.3 views

Malicious code in openssl-pkcs11 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 79dc9baa4004010efe414f668e04f952497b63704184784cffcac6e22d8ce16e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
OSV
OSV
added 2025/06/10 3:22 a.m.3 views

MAL-2025-4861 Malicious code in openssl-pkcs11 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 79dc9baa4004010efe414f668e04f952497b63704184784cffcac6e22d8ce16e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/06/09 12:0 a.m.7 views

NewStart CGSL MAIN 7.02 : openssl Multiple Vulnerabilities (NS-SA-2025-0049)

The remote NewStart CGSL host, running version MAIN 7.02, has openssl packages installed that are affected by multiple vulnerabilities: - Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes...

6.5CVSS7.5AI score0.05966EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2025/06/09 12:0 a.m.8 views

NewStart CGSL MAIN 7.02 : openssl Multiple Vulnerabilities (NS-SA-2025-0088)

The remote NewStart CGSL host, running version MAIN 7.02, has openssl packages installed that are affected by multiple vulnerabilities: - Issue summary: Applications performing certificate name checks e.g., TLS clients checking server certificates may attempt to read an invalid memory address...

7.5CVSS6.3AI score0.66594EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2025/06/08 7:18 p.m.13 views

CVE-2025-5480

Action1 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Action1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to explo...

7.8CVSS7.5AI score0.00257EPSS
Exploits0References1
OSV
OSV
added 2025/06/06 7:15 p.m.4 views

CVE-2025-5480

Action1 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Action1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to explo...

7.8CVSS6.2AI score0.00257EPSS
Exploits0References2
NVD
NVD
added 2025/06/06 7:15 p.m.7 views

CVE-2025-5480

Action1 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Action1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to explo...

7.8CVSS0.00257EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/06 6:49 p.m.5 views

CVE-2025-5480 Action1 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Action1 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Action1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to explo...

7.8CVSS8AI score0.00257EPSS
Exploits0References2
CVE
CVE
added 2025/06/06 6:49 p.m.56 views

CVE-2025-5480

CVE-2025-5480 describes an Uncontrolled Search Path Element Local Privilege Escalation in Action1. The root cause is the product loading an OpenSSL configuration file from an unsecured location, enabling a local attacker who can execute low-privileged code to escalate to SYSTEM and potentially ex...

7.8CVSS7.8AI score0.00257EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/06/06 6:49 p.m.14 views

CVE-2025-5480 Action1 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Action1 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Action1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to explo...

7.8CVSS0.00257EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/06 12:0 a.m.1 views

Action1 代码问题漏洞

Action1 is a patch management software from Action1, Inc. Action1 suffers from a code issue vulnerability that stems from an insecure OpenSSL configuration file loading location that could lead to local elevation of privilege...

7.8CVSS7.4AI score0.00257EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2025/06/05 1:53 p.m.1 views

Security update for python-cryptography

This update for python-cryptography fixes the following issues: CVE-2025-3416: openssl: use-after-free in Md::fetch and Cipher::fetch when Some... value passed as properties argument to either function bsc1242631. Patch Instructions: To install this SUSE update use the SUSE recommended installati...

6.3CVSS4.6AI score0.00452EPSS
Exploits0References4
Rows per page
Query Builder