Lucene search
K

23343 matches found

Positive Technologies
Positive Technologies
added 2025/05/14 12:0 a.m.3 views

PT-2025-22646 · Openssl +1 · Openssl +1

Name of the Vulnerable Software and Affected Versions: openssl-3 affected versions not specified Description: The issue concerns a timing side channel vulnerability in the P-384 implementation when used with ECDSA in the PPC architecture. Additionally, there is a missing null pointer check before...

5.3CVSS5.8AI score0.00361EPSS
Exploits0References34
Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.7 views

Alibaba Cloud Linux 3 : 0021: openssl (ALINUX3-SA-2021:0021)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0021 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-3449: An OpenSSL TLS server may...

7.4CVSS7.7AI score0.62906EPSS
Exploits4References3
Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.9 views

Alibaba Cloud Linux 3 : 0130: compat-openssl10 (ALINUX3-SA-2022:0130)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2022:0130 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-0778: The BNmodsqrt function, which comput...

7.5CVSS6.9AI score0.70561EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.14 views

Alibaba Cloud Linux 3 : 0044: edk2 (ALINUX3-SA-2023:0044)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2023:0044 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-4304: A timing based side channel...

7.5CVSS8AI score0.59501EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.10 views

Alibaba Cloud Linux 3 : 0148: openssl (ALINUX3-SA-2022:0148)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0148 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-1292: The crehash script does not...

10CVSS7.4AI score0.95764EPSS
Exploits6References4
Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.9 views

Alibaba Cloud Linux 3 : 0093: edk2 (ALINUX3-SA-2024:0093)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0093 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-36763: EDK2 is susceptible to a...

8.8CVSS7.5AI score0.05533EPSS
Exploits1References12
Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.16 views

Alibaba Cloud Linux 3 : 0254: iperf3 (ALINUX3-SA-2024:0254)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0254 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-7250: A flaw was found in iperf, ...

5.9CVSS6.4AI score0.01107EPSS
Exploits0References3
NVD
NVD
added 2025/05/13 4:15 p.m.16 views

CVE-2025-47276

Actualizer is a single shell script solution to allow developers and embedded engineers to create Debian operating systems OS. Prior to version 1.2.0, Actualizer uses OpenSSL's "-passwd" function, which uses SHA512 instead of a more suitable password hasher like Yescript/Argon2i. All Actualizer...

7.5CVSS0.00243EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/05/13 3:34 p.m.17 views

CVE-2025-47276 Actualizer Uses OpenSSL's "-passwd" Function Which Uses SHA512 Under The Hood Instead of Proper Password Hasher like Yescript/Argon2i

Actualizer is a single shell script solution to allow developers and embedded engineers to create Debian operating systems OS. Prior to version 1.2.0, Actualizer uses OpenSSL's "-passwd" function, which uses SHA512 instead of a more suitable password hasher like Yescript/Argon2i. All Actualizer...

7.5CVSS0.00243EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/05/13 3:34 p.m.7 views

CVE-2025-47276 Actualizer Uses OpenSSL's "-passwd" Function Which Uses SHA512 Under The Hood Instead of Proper Password Hasher like Yescript/Argon2i

Actualizer is a single shell script solution to allow developers and embedded engineers to create Debian operating systems OS. Prior to version 1.2.0, Actualizer uses OpenSSL's "-passwd" function, which uses SHA512 instead of a more suitable password hasher like Yescript/Argon2i. All Actualizer...

7.5CVSS7AI score0.00243EPSS
Exploits0References7
CVE
CVE
added 2025/05/13 3:34 p.m.44 views

CVE-2025-47276

Actualizer (a Debian OS creator) is affected by CVE-2025-47276 in versions before 1.2.0, due to using OpenSSL’s -passwd which hashes with SHA-512. The vulnerability pertains to password hashing quality for root and Alpha accounts across full OS deployments. Remediation is to upgrade to Actualizer...

7.5CVSS7.7AI score0.00243EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/05/13 8:50 a.m.5 views

nginx: TLS Session Resumption Vulnerability

A flaw was found in nginx. When name-based virtual hosts are configured to share the same IP address and port combination with TLS 1.3 and OpenSSL, a previously authenticated attacker can use session resumption to bypass client certificate authentication requirements on these servers. This...

5.3CVSS7.3AI score0.02557EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/05/13 8:49 a.m.10 views

rust-openssl: rust openssl ssl::select_next_proto use after free

A flaw was found in the rust-openssl package. In certain versions, ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than the client buffer's, this can cau...

6.3CVSS6AI score0.00623EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/05/13 8:48 a.m.22 views

rust-openssl: rust openssl ssl::select_next_proto use after free

A flaw was found in the rust-openssl package. In certain versions, ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than the client buffer's, this can cau...

6.3CVSS6AI score0.00623EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/05/13 8:41 a.m.5 views

golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads

A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey​ and ctx​. That functi...

7.5CVSS7.2AI score0.01533EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2025/05/13 8:35 a.m.2 views

rust-openssl: rust openssl ssl::select_next_proto use after free

A flaw was found in the rust-openssl package. In certain versions, ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than the client buffer's, this can cau...

6.3CVSS6AI score0.00623EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/05/13 8:32 a.m.9 views

Moderate: Red Hat Security Advisory: rpm-ostree security update

An update for rpm-ostree is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

6.3CVSS5.9AI score0.00623EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/05/13 8:32 a.m.4 views

rust-openssl: rust openssl ssl::select_next_proto use after free

A flaw was found in the rust-openssl package. In certain versions, ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than the client buffer's, this can cau...

6.3CVSS6AI score0.00623EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/05/13 8:5 a.m.2 views

openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected

A flaw was found in OpenSSL's RFC7250 Raw Public Key RPK authentication. This vulnerability allows man-in-the-middle MITM attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSLVERIFYPEER verification mode being set...

6.3CVSS7.1AI score0.02357EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/05/13 8:5 a.m.2 views

Important: Red Hat Bug Fix Advisory: openssl bug fix and enhancement update

An update for openssl is now available for Red Hat Enterprise Linux 10. For detailed information on changes in this release, see the Red Hat Enterprise Linux 10 Release Notes linked from the References section...

6.3CVSS6.9AI score0.02357EPSS
Exploits0References8
Rows per page
Query Builder