Lucene search
K

23343 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/05/15 10:55 p.m.11 views

Security Bulletin: Astronomer with IBM is vulnerable to buffer overflow due to the OpenSSL package (CVE-2021-3711).

Summary OpenSSL is used by Astronomer with IBM as part of secure communications. Vulnerability Details CVEID:CVE-2021-3711 DESCRIPTION: OpenSSL is vulnerable to a buffer overflow, caused by improper bounds checking by the EVPPKEYdecrypt function within implementation of the SM2 decryption. By...

9.8CVSS8.2AI score0.87816EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2025/05/15 6:36 p.m.7 views

openssl: X.400 address type confusion in X.509 GeneralName

A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled for example, the application sets the X509VFLAGCRLCHECK flag, this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call,...

7.4CVSS6.9AI score0.59501EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/05/15 6:36 p.m.12 views

Important: Red Hat Security Advisory: compat-openssl11 security update

An update for compat-openssl11 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.4CVSS7.1AI score0.59501EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/15 4:34 p.m.19 views

CVE-2025-47276

Actualizer is a single shell script solution to allow developers and embedded engineers to create Debian operating systems OS. Prior to version 1.2.0, Actualizer uses OpenSSL's "-passwd" function, which uses SHA512 instead of a more suitable password hasher like Yescript/Argon2i. All Actualizer...

7.5CVSS7AI score0.00243EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2025/05/15 12:51 p.m.0 views

Security update for rustup

This update for rustup fixes the following issues: CVE-2025-3416: Fixed use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate bsc1242617 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

6.3CVSS4.6AI score0.00452EPSS
Exploits0References4
OSV
OSV
added 2025/05/15 12:51 p.m.1 views

SUSE-SU-2025:1560-1 Security update for rustup

This update for rustup fixes the following issues: - CVE-2025-3416: Fixed use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate bsc1242617...

3.7CVSS5.6AI score0.00452EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2025/05/15 8:51 a.m.1 views

Security update for openssl-1_1

This update for openssl-11 fixes the following issues: CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation bsc1236136. Other bugfixes: Non approved PBKDF parameters wrongly resulting as approved bsc1236771. Patch Instructions: To install this SUSE update use the SUSE...

6CVSS7.3AI score0.00601EPSS
Exploits0References6
OSV
OSV
added 2025/05/15 8:51 a.m.3 views

SUSE-SU-2025:0613-2 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation bsc1236136. Other bugfixes: - Non approved PBKDF parameters wrongly resulting as approved bsc1236771...

4.1CVSS5.2AI score0.00601EPSS
Exploits0References4
OSV
OSV
added 2025/05/15 8:51 a.m.3 views

SUSE-SU-2025:0613-3 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation bsc1236136. Other bugfixes: - Non approved PBKDF parameters wrongly resulting as approved bsc1236771...

4.1CVSS7.1AI score0.00601EPSS
Exploits0References4
OSV
OSV
added 2025/05/15 5:5 a.m.7 views

SUSE-SU-2025:1555-1 Security update for go1.22-openssl

This update for go1.22-openssl fixes the following issues: Update to version 1.22.12 bsc1218424: Security fixes: - CVE-2024-45336: net/http: sensitive headers incorrectly sent after cross-domain redirect bsc1236046 - CVE-2024-45341: crypto/x509: usage of IPv6 zone IDs can bypass URI name...

6.1CVSS6.5AI score0.00647EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/05/15 12:0 a.m.8 views

SUSE SLED15: libopenssl-3-devel / libopenssl-3-devel-32bit / etc (SUSE-SU-2025:1550-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:1550-1 advisory. Security: - CVE-2025-27587: Timing side channel vulnerability in the P-384 implementation when used with...

5.3CVSS7.2AI score0.00361EPSS
Exploits0References8
SUSE Linux
SUSE Linux
added 2025/05/14 5:5 p.m.3 views

Security update for openssl-3

This update for openssl-3 fixes the following issues: Security: CVE-2025-27587: Timing side channel vulnerability in the P-384 implementation when used with ECDSA in the PPC architecture bsc1240366. Missing null pointer check before accessing handshakefunc in ssllib.c bsc1240607. FIPS: Disabling...

6CVSS6.7AI score0.00361EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2025/05/14 12:0 a.m.3 views

PT-2025-22646 · Openssl +1 · Openssl +1

Name of the Vulnerable Software and Affected Versions: openssl-3 affected versions not specified Description: The issue concerns a timing side channel vulnerability in the P-384 implementation when used with ECDSA in the PPC architecture. Additionally, there is a missing null pointer check before...

5.3CVSS5.8AI score0.00361EPSS
Exploits0References34
Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.10 views

Alibaba Cloud Linux 3 : 0148: openssl (ALINUX3-SA-2022:0148)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0148 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-1292: The crehash script does not...

10CVSS7.4AI score0.95764EPSS
Exploits6References4
Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.11 views

Alibaba Cloud Linux 3 : 0047: openssl (ALINUX3-SA-2024:0047)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0047 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-3446: Issue summary: Checking...

5.3CVSS6.6AI score0.05533EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.10 views

Alibaba Cloud Linux 3 : 0231: grafana (ALINUX3-SA-2024:0231)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0231 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-47875: DOMPurify is a DOM-only,...

10CVSS7.6AI score0.01093EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.14 views

Alibaba Cloud Linux 3 : 0044: edk2 (ALINUX3-SA-2023:0044)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2023:0044 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-4304: A timing based side channel...

7.5CVSS8AI score0.59501EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.5 views

Alibaba Cloud Linux 3 : 0006: openssl (ALINUX3-SA-2021:0006)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2021:0006 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-1971: The X.509 GeneralName type is a...

5.9CVSS7.1AI score0.06968EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.9 views

Alibaba Cloud Linux 3 : 0130: compat-openssl10 (ALINUX3-SA-2022:0130)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2022:0130 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-0778: The BNmodsqrt function, which comput...

7.5CVSS6.9AI score0.70561EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.16 views

Alibaba Cloud Linux 3 : 0254: iperf3 (ALINUX3-SA-2024:0254)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0254 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-7250: A flaw was found in iperf, ...

5.9CVSS6.4AI score0.01107EPSS
Exploits0References3
Rows per page
Query Builder