Lucene search
K

23343 matches found

AlmaLinux
AlmaLinux
added 2025/05/13 12:0 a.m.6 views

Moderate: python3.12-cryptography security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

6.3CVSS7AI score0.00623EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2025/05/13 12:0 a.m.10 views

Moderate: rust-bootupd security update

Bootloader updater Security Fixes: rust-openssl: rust openssl ssl::selectnextproto use after free CVE-2025-24898 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section...

6.3CVSS7AI score0.00623EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2025/05/13 12:0 a.m.8 views

Moderate: keylime-agent-rust security update

Rust agent for Keylime Security Fixes: rust-openssl: rust openssl ssl::selectnextproto use after free CVE-2025-24898 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References...

6.3CVSS7AI score0.00623EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/05/12 12:0 a.m.6 views

EulerOS 2.0 SP10 : openssl (EulerOS-SA-2025-1533)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact...

4.1CVSS6.4AI score0.00601EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/05/12 12:0 a.m.9 views

EulerOS 2.0 SP10 : openssl (EulerOS-SA-2025-1532)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact...

4.1CVSS6.4AI score0.00601EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/05/10 2:53 a.m.4 views

SUSE CVE-2025-27587

OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVPDigestSign API, and then using the private key to extract the K value nonce from the signatures. Next, based on the bit size of t...

5.3CVSS6.3AI score0.00361EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2025/05/09 12:0 a.m.6 views

SUSE SLES15 Security Update : openssl-3 (SUSE-SU-2025:1516-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:1516-1 advisory. - CVE-2024-6119: Fixed denial of service in X.509 name checks bsc1229465 Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider...

7.5CVSS6.8AI score0.66594EPSS
Exploits0References19
Tenable Nessus
Tenable Nessus
added 2025/05/09 12:0 a.m.6 views

SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2025:0613-2)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:0613-2 advisory. - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation bsc1236136. Other bugfixes: - Non approved PBKDF parameters wrongly...

4.1CVSS6.4AI score0.00601EPSS
Exploits0References5
SUSE Linux
SUSE Linux
added 2025/05/08 1:17 p.m.1 views

Security update for openssl-1_1

This update for openssl-11 fixes the following issues: CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation bsc1236136. Other bugfixes: Non approved PBKDF parameters wrongly resulting as approved bsc1236771. Patch Instructions: To install this SUSE update use the SUSE...

6CVSS7.3AI score0.00601EPSS
Exploits0References6
SUSE Linux
SUSE Linux
added 2025/05/08 1:17 p.m.4 views

Security update for openssl-3

This update for openssl-3 fixes the following issues: CVE-2024-6119: Fixed denial of service in X.509 name checks bsc1229465 Other fixes: FIPS: Deny SHA-1 signature verification in FIPS provider bsc1221365. FIPS: RSA keygen PCT requirements. FIPS: Check that the fips provider is available before...

8.2CVSS7.3AI score0.66594EPSS
Exploits0References34
RedhatCVE
RedhatCVE
added 2025/05/07 8:15 p.m.9 views

CVE-2025-46551

A security issue was discovered in JRuby-OpenSSL gem for JRuby. When verifying SSL certificates, jruby-openssl does not confirm that the hostname presented in the certificate matches the hostname of the system in which it is attempting to connect. A man-in-the-middle can present a valid certifica...

6.5CVSS6.3AI score0.00158EPSS
Exploits1References5
Rockylinux
Rockylinux
added 2025/05/07 7:13 p.m.6 views

openssl-pkcs11 bug fix and enhancement update

An update is available for openssl-pkcs11. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Lin...

6.8AI score
Exploits0
Snyk
Snyk
added 2025/05/07 5:32 p.m.3 views

Improper Validation of Certificate with Host Mismatch

Overview Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch in the SSL certificate validation process. An attacker can intercept secure communications by presenting a valid certificate for an unrelated domain that the attacker controls. Note:...

7.1CVSS6.9AI score0.00158EPSS
Exploits1References2
OSV
OSV
added 2025/05/07 5:32 p.m.12 views

GHSA-72QJ-48G4-5XGX JRuby-OpenSSL has hostname verification disabled by default

Summary When verifying SSL certificates, jruby-openssl is not verifying that the hostname presented in the certificate matches the one we are trying to connect to, meaning a MITM could just present any valid cert for a completely different domain they own, and JRuby wouldn't complain. Details n/a...

7.1CVSS6.9AI score0.00158EPSS
Exploits1References6
NVD
NVD
added 2025/05/07 5:15 p.m.16 views

CVE-2025-46551

JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. Starting in JRuby-OpenSSL version 0.12.1 and prior to version 0.15.4 corresponding to JRuby versions starting in 9.3.4.0 prior to 9.4.12.1 and 10.0.0.0 prior to 10.0.0.1, when verifying SSL certificates,...

7.1CVSS0.00158EPSS
Exploits1References2
OSV
OSV
added 2025/05/07 5:15 p.m.1 views

UBUNTU-CVE-2025-46551

JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. Starting in JRuby-OpenSSL version 0.12.1 and prior to version 0.15.4 corresponding to JRuby versions starting in 9.3.4.0 prior to 9.4.12.1 and 10.0.0.0 prior to 10.0.0.1, when verifying SSL certificates,...

7.1CVSS7.3AI score0.00158EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/05/07 4:12 p.m.28 views

CVE-2025-46551 JRuby-OpenSSL has hostname verification disabled by default

JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. Starting in JRuby-OpenSSL version 0.12.1 and prior to version 0.15.4 corresponding to JRuby versions starting in 9.3.4.0 prior to 9.4.12.1 and 10.0.0.0 prior to 10.0.0.1, when verifying SSL certificates,...

7.1CVSS0.00158EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/05/07 4:12 p.m.9 views

CVE-2025-46551 JRuby-OpenSSL has hostname verification disabled by default

JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. Starting in JRuby-OpenSSL version 0.12.1 and prior to version 0.15.4 corresponding to JRuby versions starting in 9.3.4.0 prior to 9.4.12.1 and 10.0.0.0 prior to 10.0.0.1, when verifying SSL certificates,...

7.1CVSS6.4AI score0.00158EPSS
Exploits1References2
CVE
CVE
added 2025/05/07 4:12 p.m.63 views

CVE-2025-46551

JRuby-OpenSSL (JRuby OpenSSL gem) prior to 0.15.4 fails hostname verification when validating SSL certificates, enabling MITM risk for HTTPS requests to external APIs or web scraping. The affected range is 0.12.1 up to, but not including, 0.15.4 (aligned with JRuby 9.3.4.0–9.4.12.1 and 10.0.0.0–1...

7.1CVSS6.3AI score0.00158EPSS
Exploits1References2Affected Software2
OSV
OSV
added 2025/05/07 4:12 p.m.5 views

CVE-2025-46551 JRuby-OpenSSL has hostname verification disabled by default

JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. Starting in JRuby-OpenSSL version 0.12.1 and prior to version 0.15.4 corresponding to JRuby versions starting in 9.3.4.0 prior to 9.4.12.1 and 10.0.0.0 prior to 10.0.0.1, when verifying SSL certificates,...

7.1CVSS6.2AI score0.00158EPSS
Exploits1References4
Rows per page
Query Builder