Lucene search
+L

40 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2017-17962

Malware in sbrugna...

7.5CVSS7.6AI score0.01731EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/12 10:8 p.m.10 views

Security Bulletin: Vulnerability in FOS firmware used by IBM b-type SAN directors and switches.

Summary The b-type products are vulnerable due to an OpenSSL issue in the FOS firmware. The vulnerability has been addressed and can be resolved by applying the FOS code level listed below. Vulnerability Details CVEID:CVE-2023-6237 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused...

5.9CVSS6.8AI score0.02303EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/02/24 12:0 a.m.12 views

Siemens SCALANCE Devices Uncontrolled Resource Consumption (CVE-2023-6237)

Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVPPKEYpubliccheck to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an untrusted source this may...

5.9CVSS6.4AI score0.02303EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2024/11/19 12:0 a.m.13 views

Oracle Linux 9 : edk2 (ELSA-2024-9088)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9088 advisory. - Resolves: RHEL-55336 CVE-2024-6119 edk2/openssl: Possible denial of service in X.509 name checks rhel-9.5 - Resolves: RHEL-21653 CVE-2023-6237 edk2:...

7.5CVSS6.5AI score0.66582EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/11/19 12:0 a.m.27 views

Oracle Linux 9 : openssl / and / openssl-fips-provider (ELSA-2024-9333)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9333 advisory. - Fix CVE-2024-6119: Possible denial of service in X.509 name checks Resolves: RHEL-55339 - Fix CVE-2024-5535: SSLselectnextproto buffer overread...

9.1CVSS7.4AI score0.92488EPSS
Exploits7References5
Broadcom
Broadcom
added 2024/11/12 12:0 a.m.27 views

OpenSSL is vulnerable to a denial of service, caused by a flaw in the handling of RSA public keys by the EVP_PKEY_public_check() function

OpenSSL is vulnerable to a denial-of-service DoS issue due to how there is no restriction on RSA public key size, or the subsequent time spent processing such keys. Applications that use the EVPPKEYpubliccheck function to check RSA public keys obtained from potentially untrusted sources can be...

5.3CVSS6.5AI score0.02303EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/07/03 12:0 a.m.26 views

CBL Mariner 2.0 Security Update: cloud-hypervisor-cvm / hvloader / nodejs / nodejs18 / openssl (CVE-2023-6237)

The version of cloud-hypervisor-cvm / hvloader / nodejs / nodejs18 / openssl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-6237 advisory. - Issue summary: Checking excessively long invalid RSA...

5.9CVSS6.5AI score0.02303EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/03 12:11 p.m.61 views

Security Bulletin: openssl-src-300.2.1+3.2.0.crate is vulnerable to CVE-2024-0727, CVE-2023-6129, and CVE-2023-6237 used in IBM Maximo Application Suite - Edge Data Collector

Summary IBM Maximo Application Suite - Edge Data Collector uses openssl-src-300.2.1+3.2.0.crate which is vulnerable to CVE-2024-0727, CVE-2023-6129, and CVE-2023-6237 Vulnerability Details CVEID:CVE-2024-0727 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper input...

6.5CVSS6.6AI score0.03174EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/04/30 12:0 a.m.469 views

RHEL 9 : openssl and openssl-fips-provider (RHSA-2024:2447)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2447 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

6.5CVSS6.6AI score0.05533EPSS
Exploits0References26
NVD
NVD
added 2024/04/25 7:15 a.m.27 views

CVE-2023-6237

Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVPPKEYpubliccheck to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an untrusted source this may...

5.9CVSS6AI score0.02303EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2024/04/25 7:15 a.m.4 views

CVE-2023-6237

Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVPPKEYpubliccheck to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an untrusted source this may...

5.9CVSS6.8AI score0.02303EPSS
Exploits0References7Affected Software1
Microsoft CVE
Microsoft CVE
added 2024/04/25 7:0 a.m.5 views

Excessive time spent checking invalid RSA public keys

...

5.9CVSS6.7AI score0.02303EPSS
Exploits0
Cvelist
Cvelist
added 2024/04/25 6:27 a.m.35 views

CVE-2023-6237 Excessive time spent checking invalid RSA public keys

Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVPPKEYpubliccheck to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an untrusted source this may...

6.2AI score0.02303EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/02/20 12:0 a.m.61 views

Amazon Linux 2023 : openssl, openssl-devel, openssl-libs (ALAS2023-2024-520)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-520 advisory. A flaw was found in OpenSSL. When the EVPPKEYpubliccheck function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is ...

5.9CVSS6.4AI score0.03174EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/02/17 12:0 a.m.32 views

SUSE SLED15 / SLES15 Security Update : openssl-3 (SUSE-SU-2024:0518-1)

The remote SUSE Linux SLED15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0518-1 advisory. - CVE-2023-6129: Fixed vector register clobbering on PowerPC. bsc1218690 - CVE-2023-6237: Fixed excessive time spent...

6.5CVSS6.8AI score0.03174EPSS
Exploits0References10
Mageia
Mageia
added 2024/02/14 11:2 p.m.88 views

Updated quictls packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Excessive time spent in DH check / generation with large Q parameter value. CVE-2023-5678 POLY1305 MAC implementation corrupts vector registers on PowerPC. CVE-2023-6129 Excessive time spent checking invalid RSA public keys. CVE-2023-6237 PKCS12...

6.5CVSS7.4AI score0.04459EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2024/02/05 12:0 a.m.46 views

Mageia: Security Advisory (MGASA-2024-0020)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.2AI score0.04459EPSS
Exploits0References7
OSV
OSV
added 2024/02/04 2:49 a.m.14 views

MGASA-2024-0020 Updated openssl packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Excessive time spent in DH check / generation with large Q parameter value. CVE-2023-5678 POLY1305 MAC implementation corrupts vector registers on PowerPC. CVE-2023-6129 Excessive time spent checking invalid RSA public keys. CVE-2023-6237 PKCS12...

6.5CVSS5.8AI score0.04459EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/02/01 12:0 a.m.36 views

FreeBSD : OpenSSL -- Multiple vulnerabilities (10dee731-c069-11ee-9190-84a93843eb75)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 10dee731-c069-11ee-9190-84a93843eb75 advisory. - Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash...

5.9CVSS6.4AI score0.03174EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/25 9:15 p.m.116 views

Security Bulletin: AIX is vulnerable to a denial of service (CVE-2023-5678, CVE-2023-6129, CVE-2023-6237) and an attacker may obtain sensitive information (CVE-2023-5363) due to OpenSSL

Summary Vulnerabilities in OpenSSL could allow a remote attacker to cause a denial of service CVE-2023-5678, CVE-2023-6129, CVE-2023-6237 or obtain sensitive information CVE-2023-5363. OpenSSL is used by AIX as part of AIX's secure network communications. Vulnerability Details CVEID:CVE-2023-5363...

7.5CVSS7.4AI score0.04459EPSS
Exploits0Affected Software1
Rows per page
Query Builder