Lucene search
K

23343 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 7:23 a.m.7 views

CVE-2018-20997

An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing...

9.8CVSS6.9AI score0.01744EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:36 a.m.10 views

CVE-2010-2450

The keygen.sh script in Shibboleth SP 2.0 located in /usr/local/etc/shibboleth by default uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask default 22 instead of chmoding the resulting file itself, so the generated private key is world readable by...

7.5CVSS6.8AI score0.01234EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:8 a.m.10 views

CVE-2013-7373

Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within multiple applications...

7.5CVSS6.9AI score0.01135EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:39 a.m.2 views

CVE-2010-1378

OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows remote attackers to bypass X.509 certificate authentication via an arbitrary certificate issued by a legitimate Certification Authority...

9.8CVSS6.9AI score0.01269EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/05/22 12:0 a.m.15 views

CVE-2025-4575

Issue summary: Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate. Impact summary: If a user intends to make a trusted certificate rejected for a particular use it will be instead marked as trusted for that use. A copy & paste...

6.5CVSS7.1AI score0.00292EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2025/05/22 12:0 a.m.2 views

OpenSSL Security Advisory 20250522

OpenSSL Security Advisory 20250522 - Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate...

6.5CVSS7AI score0.00292EPSS
Exploits0
CNNVD
CNNVD
added 2025/05/22 12:0 a.m.4 views

OpenSSL 安全漏洞

OpenSSL is an open source general-purpose cryptographic library capable of implementing the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols from the OpenSSL team. It supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...

6.5CVSS6.6AI score0.00292EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/05/22 12:0 a.m.7 views

Oracle Linux 9 : keylime-agent-rust (ELSA-2025-7313)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-7313 advisory. 0.2.2-2 - Update openssl crate to version 0.10.70 to fix CVE-2025-24898 Tenable has extracted the preceding description block directly from the Oracle Linux...

6.3CVSS5.3AI score0.00623EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/05/22 12:0 a.m.48 views

OpenSSL 3.5.0 < 3.5.1 Vulnerability

The version of OpenSSL installed on the remote host is prior to 3.5.1. It is, therefore, affected by a vulnerability as referenced in the 3.5.1 advisory. - Issue summary: Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate...

6.5CVSS7.3AI score0.00292EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2025/05/22 12:0 a.m.6 views

SUSE: Security Advisory (SUSE-SU-2025:1555-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS7.6AI score0.00647EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/05/21 9:4 p.m.15 views

CVE-2009-5057

The S/MIME feature in Open Ticket Request System OTRS before 2.3.4 does not configure the RANDFILE and HOME environment variables for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations,...

5CVSS7AI score0.01645EPSS
Exploits0References1
Snyk
Snyk
added 2025/05/21 9:0 p.m.1 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation through incorrect assignment of trusted use instead of a rejected use for a certificate when using the -addreject option with the openssl x509 application. If a user intends to make a trusted certificate...

6.9CVSS6.8AI score0.00292EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/21 8:42 p.m.6 views

CVE-2009-0130

lib/crypto/csrc/cryptodrv.c in erlang does not properly check the return value from the OpenSSL DSAdoverify function, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a package...

7.5CVSS6.9AI score0.05188EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:41 p.m.7 views

CVE-2009-0128

plugins/crypto/openssl/cryptoopenssl.c in Simple Linux Utility for Resource Management aka SLURM or slurm-llnl does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS...

5.8CVSS6.8AI score0.05188EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:1 p.m.6 views

CVE-2008-7278

The S/MIME feature in Open Ticket Request System OTRS before 2.2.5, and 2.3.x before 2.3.0-beta1, does not properly configure the RANDFILE environment variable for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available fo...

5CVSS7AI score0.01984EPSS
Exploits0References1
Hacker One
Hacker One
added 2025/05/20 12:7 a.m.11 views

curl: Stack Buffer Overflow in curl's OpenSSL Provider Handling

Summary Hello curl Team, I found a stack buffer overflow in curl's OpenSSL provider handling code. The bug is in osslsetprovider function located in lib/vtls/openssl.c. When a provider name longer than MAXPROVIDERLEN is passed, the function copies it to a fixed-size buffer without proper length...

7.6AI score
Exploits0
SUSE Linux
SUSE Linux
added 2025/05/19 9:24 p.m.7 views

Security update for python-maturin

This update for python-maturin fixes the following issues: CVE-2025-3416: openssl: use-after-free in Md::fetch and Cipher::fetch when Some... value passed as properties argument to either function bsc1242631. CVE-2025-4574: crossbeam-channel: double-free leading to possible memory corruption in...

6.3CVSS5.6AI score0.00452EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2025/05/19 8:51 a.m.22 views

Important: Red Hat Security Advisory: compat-openssl11 security update

An update for compat-openssl11 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

7.4CVSS7.1AI score0.59501EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/05/19 8:51 a.m.8 views

openssl: X.400 address type confusion in X.509 GeneralName

A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled for example, the application sets the X509VFLAGCRLCHECK flag, this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call,...

7.4CVSS6.9AI score0.59501EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/05/19 6:21 a.m.12 views

Important: Red Hat Security Advisory: compat-openssl10 security update

An update for compat-openssl10 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

7.4CVSS7.1AI score0.59501EPSS
Exploits0References2
Rows per page
Query Builder