Lucene search
K

129 matches found

Tenable Nessus
Tenable Nessus
added 2025/10/01 12:0 a.m.8 views

OpenSSL 1.0.2 < 1.0.2zm Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.0.2zm. It is, therefore, affected by a vulnerability as referenced in the 1.0.2zm advisory. - Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read...

7.5CVSS6.5AI score0.01744EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/10/01 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-9230

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact...

7.5CVSS6.6AI score0.01744EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/09/30 11:24 p.m.3 views

SUSE CVE-2025-9230

Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a...

7.5CVSS7.2AI score0.01744EPSS
Exploits0References37
Ubuntu
Ubuntu
added 2025/09/30 2:44 p.m.8 views

USN-7786-1: OpenSSL vulnerabilities

Stanislav Fort discovered that OpenSSL incorrectly handled memory when trying to decrypt CMS messages encrypted with password-based encryption. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2025-9230 Stanislav Fort discovered that OpenSSL ha...

7.5CVSS7.4AI score0.02234EPSS
Exploits0
OSV
OSV
added 2025/09/30 2:15 p.m.5 views

AZL-67980 CVE-2025-9230 affecting package openssl for versions less than 3.3.5-1

Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a...

7.5CVSS6.4AI score0.01744EPSS
Exploits0References1
NVD
NVD
added 2025/09/30 2:15 p.m.5 views

CVE-2025-9230

Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a...

7.5CVSS0.01744EPSS
Exploits0References16
OSV
OSV
added 2025/09/30 2:15 p.m.4 views

CVE-2025-9230

Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a...

7.5CVSS6.9AI score
Exploits0References10
OSV
OSV
added 2025/09/30 2:15 p.m.8 views

AZL-67997 CVE-2025-9230 affecting package openssl for versions less than 1.1.1k-37

Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a...

7.5CVSS6.5AI score0.01744EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/30 1:17 p.m.17 views

CVE-2025-9230 Out-of-bounds read & write in RFC 3211 KEK Unwrap

Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a...

0.01744EPSS
Exploits0References8
CVE
CVE
added 2025/09/30 1:17 p.m.91 views

CVE-2025-9230

CVE-2025-9230 describes an out-of-bounds read (and potential write) when decrypting CMS messages encrypted with password-based (PWRI) encryption in OpenSSL. The issue can cause a crash (Denial of Service) or memory corruption with possible code execution, though exploitability is considered low a...

7.5CVSS6.8AI score0.01744EPSS
Exploits0References16
Vulnrichment
Vulnrichment
added 2025/09/30 1:17 p.m.4 views

CVE-2025-9230 Out-of-bounds read & write in RFC 3211 KEK Unwrap

Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a...

6.8AI score0.01744EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2025/09/30 12:0 a.m.7 views

PT-2025-39986

Name of the Vulnerable Software and Affected Versions: OpenSSL versions prior to 3.5.4, 3.4.3, 3.3.5, 3.2.6, 3.0.18, 1.1.1zd, and 1.0.2zm. Description: OpenSSL contains vulnerabilities due to out-of-bounds read and write issues. Specifically, an out-of-bounds read and write can occur when...

7.8CVSS8.1AI score0.02945EPSS
Exploits0References136
OSV
OSV
added 2025/09/30 12:0 a.m.5 views

UBUNTU-CVE-2025-9230

Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a...

7.5CVSS6.7AI score0.01744EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2025/07/11 7:0 a.m.4 views

latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

...

7.5CVSS7AI score0.01383EPSS
Exploits1
AstraLinux
AstraLinux
added 2024/11/23 3:4 a.m.9 views

Astra Linux – Vulnerability in Jose

Latchset JOSE with version 11 allows attackers to cause a denial of service CPU consumption by using a large p2c value also known as PBES2 Count...

7.5CVSS7.2AI score0.01383EPSS
Exploits1References3
OSV
OSV
added 2024/04/19 11:7 a.m.3 views

OESA-2024-1471 jose security update

José is a C-language implementation of the Javascript Object Signing and Encryption standards. José provides a command-line utility which encompasses most of the JOSE features. This allows for easy integration into your project and one-off scripts. Security Fixes: latchset jose through version 11...

7.5CVSS6.8AI score0.01383EPSS
Exploits1References2
OSV
OSV
added 2024/03/20 4:15 p.m.4 views

AZL-43528 CVE-2023-50967 affecting package jose 10-7

latchset jose through version 11 allows attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value...

7.5CVSS6.6AI score0.01383EPSS
Exploits1References1
OSV
OSV
added 2024/03/19 3:15 p.m.1 views

DEBIAN-CVE-2023-50966

erlang-jose aka JOSE for Erlang and Elixir through 1.11.6 allow attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value in a JOSE header...

5.3CVSS5.8AI score0.00887EPSS
Exploits0References1
OSV
OSV
added 2024/03/19 3:15 p.m.6 views

AZL-39857 CVE-2023-50966 affecting package rabbitmq-server for versions less than 3.11.24-2

erlang-jose aka JOSE for Erlang and Elixir through 1.11.6 allow attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value in a JOSE header...

5.3CVSS6.3AI score0.00887EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/03/19 12:0 a.m.2 views

jose Security Vulnerabilities

jose is a JavaScript module for signing and encrypting JSON objects. A security vulnerability exists in jose 1.11.6 and earlier versions that could allow an attacker to cause a denial of service via the PBES2 Count value in the JOSE header...

5.3CVSS6.5AI score0.00887EPSS
Exploits0References5
Rows per page
Query Builder