Lucene search
K

23343 matches found

AlpineLinux
AlpineLinux
added 2025/05/07 4:12 p.m.3 views

CVE-2025-46551

JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. Starting in JRuby-OpenSSL version 0.12.1 and prior to version 0.15.4 corresponding to JRuby versions starting in 9.3.4.0 prior to 9.4.12.1 and 10.0.0.0 prior to 10.0.0.1, when verifying SSL certificates,...

7.1CVSS6.8AI score0.0016EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2025/05/07 2:12 a.m.3 views

SUSE CVE-2025-3416

A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string...

3.7CVSS6.7AI score0.00452EPSS
Exploits0References47
BDU FSTEC
BDU FSTEC
added 2025/05/07 12:0 a.m.8 views

The vulnerability of the Platform V Pangolin DB database management system, related to data conflicts in BIO structures of OpenSSL, allows attackers to overwrite critical data, limit the ability to establish SSL connections, and cause data leaks from the process’s memory.

The vulnerability of the Platform V Pangolin DB database management system is related to a data conflict in the BIO structures of OpenSSL. Exploiting this vulnerability can allow an attacker to overwrite critical data, limit the ability to establish SSL connections, and cause data leaks from the...

9CVSS5.5AI score
Exploits0Affected Software1
CNVD
CNVD
added 2025/05/07 12:0 a.m.2 views

NVIDIA NvContainer Trust Management Issue Vulnerability

NVIDIA NvContainer is a container management service from NVIDIA. NVIDIA NvContainer suffers from a trust management issue vulnerability that stems from a hard-coded path issue in the use of OpenSSL, which could be exploited by an attacker to cause code execution, denial of service, elevation of...

2.5CVSS7.1AI score0.00137EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/07 12:0 a.m.4 views

PT-2025-20241 · Jruby · Jruby +1

Name of the Vulnerable Software and Affected Versions: JRuby-OpenSSL versions 0.12.1 through 0.15.3 JRuby versions 9.3.4.0 through 9.4.12.0 JRuby version 10.0.0.0 Description: The issue concerns the verification of SSL certificates. When verifying these certificates, the hostname presented in the...

7.1CVSS6.3AI score0.0016EPSS
Exploits1References14
OpenVAS
OpenVAS
added 2025/05/07 12:0 a.m.10 views

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2025-1432)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.1CVSS4.8AI score0.00601EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/05/07 12:0 a.m.10 views

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2025-1431)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.1CVSS4.8AI score0.00601EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/05/07 12:0 a.m.4 views

Enable the haveged Service

The haveged service can generate an unpredictable stream of random numbers in a simple way. These random numbers can fill the system entropy pool, which can solve the problem of low system entropy in some cases. You are advised to enable this service to meet the needs of encryption, decryption, o...

6.8AI score
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/06 5:23 p.m.19 views

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to a Denial of Service (CVE-2024-6119) due to the use of OpenSSL

Summary IBM Virtualization Engine TS7700 is susceptible to a denial of service due to the use of OpenSSL CVE-2024-6119. OpenSSL is used in TS7700 to encrypt data in flight during EKM communications, Secure Data Transfer between clusters, and for TS7700 Advanced Object Store for DS8000...

7.5CVSS7.1AI score0.66594EPSS
Exploits0Affected Software3
F5 Networks
F5 Networks
added 2025/05/06 3:46 p.m.12 views

K000151201: OpenSSL vulnerability CVE-2024-12797

Security Advisory Description Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSLVERIFYPEER verification mode is set. Impact summary: TLS and DTLS...

6.3CVSS6.7AI score0.02357EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/06 8:1 a.m.16 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to cryptography-43.0.1-cp37-abi3-manylinux_2_28_x86_64.whl CVE-2024-12797

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to cryptography-43.0.1-cp37-abi3-manylinux228x8664.whl CVE-2024-12797. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-12797 DESCRIPTION: Issue summary: Clients...

6.3CVSS7AI score0.02357EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/05/06 12:0 a.m.5 views

EulerOS 2.0 SP12 : openssl (EulerOS-SA-2025-1432)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact...

4.1CVSS6.4AI score0.00601EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/05/06 12:0 a.m.5 views

EulerOS 2.0 SP12 : openssl (EulerOS-SA-2025-1431)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact...

4.1CVSS6.4AI score0.00601EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/05/05 11:28 a.m.14 views

CVE-2025-2545

Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES 3DES cryptographic algorithm is used to protect emails sent with S/MIME encryption. Triple DES is considered obsolete and insecure due to its susceptibility to birthday attacks, which could...

2.3CVSS5.2AI score0.00154EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/02 7:33 p.m.9 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in OpenSSL (CVE-2024-9143)

Summary A vulnerability in OpenSSL that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-9143 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds memory read or write flaw due to the...

4.3CVSS7.5AI score0.05966EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/02 12:0 a.m.3 views

PT-2025-22478

Name of the Vulnerable Software and Affected Versions OpenSSL version 3.5 Description The issue arises from the use of the -addreject option with the openssl x509 application, which adds a trusted use instead of a rejected use for a certificate. This means if a user intends to make a trusted...

6.5CVSS7AI score0.00292EPSS
Exploits0References21
Tenable Product Security Advisories
Tenable Product Security Advisories
added 2025/04/30 4:50 p.m.7 views

[R2] Sensor Proxy Version 1.2.0 Fixes Multiple Vulnerabilities

R2 Sensor Proxy Version 1.2.0 Fixes Multiple Vulnerabilities Arnie Cabral Wed, 04/30/2025 - 12:50 Sensor Proxy leverages third-party software to help provide underlying functionality. Several of the third-party components OpenSSL, Go were found to contain vulnerabilities, and updated versions hav...

7.6AI score
Exploits0
Rosalinux
Rosalinux
added 2025/04/30 8:30 a.m.13 views

Advisory ROSA-SA-2025-2858

Software: openssl 1.1.1k OS: ROSA Virtualization 3.0 packageevrstring: openssl-1.1.1k-14.0.2.rv30 CVE-ID: CVE-2020-1971 BDU-ID: 2021-00872 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the GENERALNAMEcmp function of the OpenSSL library is related to pointer dereferencing errors. Exploitation of...

7.5CVSS7.8AI score0.62906EPSS
Exploits6
Rosalinux
Rosalinux
added 2025/04/30 8:25 a.m.15 views

Advisory ROSA-SA-2025-2857

Software: openssl 1.1.1k OS: ROSA Virtualization 2.1 packageevrstring: openssl-1.1.1.1k-14.0.1.rv3 CVE-ID: CVE-2020-1971 BDU-ID: 2021-00872 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the GENERALNAMEcmp function of the OpenSSL library is related to pointer dereferencing errors. Exploitation of...

7.5CVSS7.8AI score0.62906EPSS
Exploits6
Rosalinux
Rosalinux
added 2025/04/30 7:45 a.m.17 views

Advisory ROSA-SA-2025-2853

Software: openssl 1.1.1k OS: ROSA Virtualization 2.1 packageevrstring: openssl-1.1.1.1k-14.0.1.rv3 CVE-ID: CVE-2024-5535 BDU-ID: 2024-06988 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the SSLselectnextproto function of the TLS and SSL OpenSSL protocol toolkit is related to information disclosure...

9.1CVSS7.1AI score0.05582EPSS
Exploits1
Rows per page
Query Builder