Lucene search
K

23343 matches found

ICS
ICS
added 2025/04/08 12:0 a.m.7 views

Siemens SIDIS Prime

SUMMARY SIDIS Prime before V4.0.700 is affected by multiple vulnerabilities in the components OpenSSL, SQLite, Boost C++ Libraries and several Microsoft components as described below. Siemens has released a new version of SIDIS Prime and recommends to update to the latest version. 2. GENERAL...

5.3CVSS9.1AI score0.02577EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2025/04/04 8:31 p.m.23 views

rust-openssl Use-After-Free in `Md::fetch` and `Cipher::fetch`

When a Some... value was passed to the properties argument of either of these functions, a use-after-free would result. In practice this would nearly always result in OpenSSL treating the properties as an empty string due to CString::drop's behavior. The maintainers thank quitbug for reporting th...

7AI score
Exploits0References4Affected Software1
OSV
OSV
added 2025/04/04 8:31 p.m.7 views

GHSA-4FCV-W3QC-PPGG rust-openssl Use-After-Free in `Md::fetch` and `Cipher::fetch`

When a Some... value was passed to the properties argument of either of these functions, a use-after-free would result. In practice this would nearly always result in OpenSSL treating the properties as an empty string due to CString::drop's behavior. The maintainers thank quitbug for reporting th...

6.3CVSS7AI score
Exploits0References4
OSV
OSV
added 2025/04/04 12:0 p.m.12 views

RUSTSEC-2025-0022 Use-After-Free in `Md::fetch` and `Cipher::fetch`

When a Some... value was passed to the properties argument of either of these functions, a use-after-free would result. In practice this would nearly always result in OpenSSL treating the properties as an empty string due to CString::drop's behavior. The maintainers thank quitbug for reporting th...

7AI score
Exploits0References3
RustSec
RustSec
added 2025/04/04 12:0 p.m.8 views

Use-After-Free in `Md::fetch` and `Cipher::fetch`

When a Some... value was passed to the properties argument of either of these functions, a use-after-free would result. In practice this would nearly always result in OpenSSL treating the properties as an empty string due to CString::drop's behavior. The maintainers thank quitbug for reporting th...

7AI score
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/04 12:0 a.m.2 views

PT-2025-15361

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified rust-openssl crate versions prior to 0.10.71 Description A flaw exists in the handling of the properties argument within certain functions. This issue can lead to a use-after-free condition, where the...

3.7CVSS7AI score0.00452EPSS
Exploits0References165
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/02 5:38 p.m.14 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a man-in-the-middle attack in OpenSSL [CVE-2024-12797]

Summary IBM Watson Speech Services Cartridge is vulnerable to a man-in-the-middle attack in OpenSSL, caused by a failure to abort TLS/DTLS handshakes in RFC7250 Raw Public Key RPK authentication CVE-2024-12797. OpenSSL is used by our Speech runtimes. This vulnerabilitiy has been addressed. Please...

6.3CVSS6.8AI score0.02357EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2025/04/02 5:15 p.m.2 views

openssl: SSL_select_next_proto buffer overread

A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSLselectnextproto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called...

9.1CVSS6.8AI score0.05582EPSS
Exploits1References5
Amazon
Amazon
added 2025/04/01 12:0 a.m.11 views

Medium: rust

Issue Overview: The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::sethost. CVE-2023-53159 Affected Packages: rust Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference...

9.1CVSS7AI score0.00329EPSS
Exploits1
OpenVAS
OpenVAS
added 2025/04/01 12:0 a.m.4 views

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2025-1321)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.1CVSS5AI score0.00601EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/04/01 12:0 a.m.4 views

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2025-1338)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.1CVSS5AI score0.00601EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.17 views

EulerOS 2.0 SP13 : openssl (EulerOS-SA-2025-1338)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact...

4.1CVSS6.4AI score0.00601EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.20 views

EulerOS 2.0 SP13 : openssl (EulerOS-SA-2025-1321)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact...

4.1CVSS6.4AI score0.00601EPSS
Exploits0References2
CBLMariner
CBLMariner
added 2025/03/31 9:13 p.m.6 views

CVE-2024-13176 affecting package openssl for versions less than 1.1.1k-36

CVE-2024-13176 affecting package openssl for versions less than 1.1.1k-36. A patched version of the package is available...

4.1CVSS4.6AI score0.00601EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/28 6:51 p.m.15 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in OpenSSL (CVE-2024-4741)

Summary A vulnerability in OpenSSL used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-4741 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the SSLfreebuffers API function. By...

7.5CVSS7.3AI score0.02945EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/28 6:46 p.m.18 views

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in OpenSSL

Summary Multiple vulnerabilities in OpenSSL used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2024-2511 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper server configuration validation. By using a specially crafted server...

9.1CVSS6AI score0.54026EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/28 4:42 p.m.19 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in OpenSSL (CVE-2024-6119)

Summary A vulnerability in OpenSSL used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-6119 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when performing certificate name checks e.g., TLS clients checking server certificate...

7.5CVSS6.7AI score0.66594EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/28 7:25 a.m.19 views

Security Bulletin: Multiple Vulnerabilities in OpenSSL Affect IBM Sterling Connect:Direct for HP

Summary There are multiple vulnerabilities in the OpenSSL library used by IBM Sterling Connect:Direct for HP NonStop. IBM Sterling Connect:Direct for HP NonStop has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-0466 DESCRIPTION: The function X509VERIFYPARAMadd0policy is...

5.3CVSS6AI score0.01625EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/28 7:15 a.m.18 views

Security Bulletin: Mulltiple Vulnerabilities in OpenSSL Affect IBM Sterling Connect:Direct for HP NonStop

Summary There are multiple vulnerabilities in the OpenSSL library used by IBM Sterling Connect:Direct for HP NonStop. IBM Sterling Connect:Direct for HP NonStop has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: A timing based side channel exists in the...

7.5CVSS7.1AI score0.59501EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/27 3:5 p.m.10 views

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Tivoli Netcool System Service Monitors/Application Service Monitors

Summary OpenSSL is used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors for Network Transport. CVE-2024-9143 is identified as a potential risk for products using older versions of OpenSLL. These potential risks are resolved by updating IBM Tivoli Netcool System Service...

4.3CVSS5.4AI score0.05966EPSS
Exploits0Affected Software1
Rows per page
Query Builder