Lucene search
K

134 matches found

nessus
nessus
added 2022/10/16 12:0 a.m.42 views

GLSA-202210-02 : OpenSSL: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202210-02 OpenSSL: Multiple Vulnerabilities - The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman DH...

10CVSS7.9AI score0.87816EPSS
Exploits8References15
broadcom
broadcom
added 2022/09/13 12:0 a.m.49 views

CVE-2021-3711: ASN1_STRING structure contains a buffer holding the string data

In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...

9.8CVSS1AI score0.87816EPSS
Exploits1
broadcom
broadcom
added 2022/09/13 12:0 a.m.41 views

CVE-2021-3711: ASN1_STRING structure contains a buffer holding the string data

Security Advisory ID : BSA-2022-1586 Component : OpenSSL Revision : 2.0 In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and,...

9.8CVSS7.8AI score0.87816EPSS
Exploits1
nessus
nessus
added 2022/09/07 12:0 a.m.73 views

GLSA-202209-02 : IBM Spectrum Protect: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202209-02 IBM Spectrum Protect: Multiple Vulnerabilities - IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when processing the current locale...

9.8CVSS9.2AI score0.87816EPSS
Exploits10References9
osv
osv
added 2022/05/24 7:12 p.m.192 views

GHSA-5WW6-PX42-WC85 SM2 Decryption Buffer Overflow

In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...

9.8CVSS9.1AI score0.87816EPSS
Exploits1References22
github
github
added 2022/05/24 7:12 p.m.63 views

SM2 Decryption Buffer Overflow

In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...

9.8CVSS9.5AI score0.87816EPSS
Exploits1References23Affected Software1
nessus
nessus
added 2022/05/06 12:0 a.m.35 views

Nessus Network Monitor < 6.0.0 Multiple Vulnerabilities (TNS-2022-02)

The version of Nessus Network Monitor NNM installed on the remote host is prior to 6.0.0. It is, therefore, affected by multiple vulnerabilities: - ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holdin...

9.8CVSS7.3AI score0.87816EPSS
Exploits1References3
openvas
openvas
added 2022/02/13 12:0 a.m.24 views

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2022-1088)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.4AI score0.87816EPSS
Exploits1References2
nessus
nessus
added 2022/02/12 12:0 a.m.275 views

EulerOS Virtualization 3.0.6.0 : openssl (EulerOS-SA-2022-1088)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an...

9.8CVSS7.3AI score0.87816EPSS
Exploits1References3
nessus
nessus
added 2021/11/17 12:0 a.m.61 views

EulerOS Virtualization 2.9.1 : openssl (EulerOS-SA-2021-2733)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an...

9.8CVSS7.3AI score0.87816EPSS
Exploits1References3
openvas
openvas
added 2021/11/17 12:0 a.m.26 views

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2021-2733)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.2AI score0.87816EPSS
Exploits1References2
openvas
openvas
added 2021/11/17 12:0 a.m.25 views

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2021-2770)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.2AI score0.87816EPSS
Exploits1References2
openvas
openvas
added 2021/11/12 12:0 a.m.28 views

Huawei EulerOS: Security Advisory for openssl111d (EulerOS-SA-2021-2668)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.2AI score0.87816EPSS
Exploits1References2
nessus
nessus
added 2021/11/11 12:0 a.m.35 views

EulerOS 2.0 SP5 : openssl111d (EulerOS-SA-2021-2668)

According to the versions of the openssl111d packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will ca...

9.8CVSS7.3AI score0.87816EPSS
Exploits1References3
nessus
nessus
added 2021/11/11 12:0 a.m.53 views

EulerOS 2.0 SP9 : openssl (EulerOS-SA-2021-2717)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call...

9.8CVSS7.3AI score0.87816EPSS
Exploits1References3
thn
thn
added 2021/11/10 6:24 a.m.216 views

Microsoft Issues Patches for Actively Exploited Excel, Exchange Server 0-Day Bugs

Microsoft has released security updates as part of its monthly Patch Tuesday release cycle to address 55 vulnerabilities across Windows, Azure, Visual Studio, Windows Hyper-V, and Office, including fixes for two actively exploited zero-day flaws in Excel and Exchange Server that could be abused t...

9.8CVSS9.8AI score0.90388EPSS
Exploits11
mscve
mscve
added 2021/11/09 8:0 a.m.117 views

OpenSSL: CVE-2021-3711 SM2 Decryption Buffer Overflow

...

9.8CVSS9.9AI score0.87816EPSS
Exploits1
openvas
openvas
added 2021/11/03 12:0 a.m.17 views

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2021-2639)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.2AI score0.87816EPSS
Exploits1References2
ibm
ibm
added 2021/11/01 4:46 p.m.49 views

Security Bulletin: OpenSSL publicly disclosed vulnerability affects MessageGateway (CVE-2021-3711)

Summary MessageGateway has addressed the following vulnerabilityies by updating the version of OpenSSL. Vulnerability Details CVEID: CVE-2021-3711 DESCRIPTION: OpenSSL is vulnerable to a buffer overflow, caused by improper bounds checking by the EVPPKEYdecrypt function within implementation of th...

9.8CVSS10AI score0.87816EPSS
Exploits1Affected Software1
hackerone
hackerone
added 2021/09/27 1:47 p.m.142 views

Internet Bug Bounty: CVE-2021-3711: SM2 decrypt buffer overflow

CVE-2021-3711 In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the...

7.5CVSS9.5AI score0.87816EPSS
Exploits1
Rows per page
Query Builder