Lucene search
K

196 matches found

OpenVAS
OpenVAS
added 2023/07/31 12:0 a.m.34 views

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2023-2464)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.4AI score0.59501EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/07/26 12:0 a.m.30 views

EulerOS Virtualization 3.0.6.6 : shim (EulerOS-SA-2023-2435)

According to the versions of the shim package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to...

7.5CVSS7.7AI score0.04494EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/07/18 8:24 a.m.9 views

openssl: use-after-free following BIO_new_NDEF

A use-after-free vulnerability was found in OpenSSL's BIOnewNDEF function. The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally by OpenSSL to support the SMIME, CMS, and PKCS7 streaming capabilities, but it may also be...

7.5CVSS6.6AI score0.04494EPSS
Exploits0References5
Amazon
Amazon
added 2023/06/27 12:0 a.m.37 views

Medium: openssl11

Issue Overview: Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may...

6.5CVSS7AI score0.73461EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/06/22 12:0 a.m.94 views

Ubuntu 16.04 ESM : OpenSSL vulnerability (USN-6188-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6188-1 advisory. Matt Caswell discovered that OpenSSL incorrectly handled certain ASN.1 object identifiers. A remote attacker could possibly use this issue to cause OpenSSL to...

6.5CVSS7AI score0.73461EPSS
Exploits0References2
OSV
OSV
added 2023/06/20 2:4 p.m.9 views

CLSA-2023-1687269849 openssl: Fix of CVE-2023-2650

CVE-2023-2650: Restrict the size of OBJECT IDENTIFIERs that OBJobj2txt will translate - Update expired smime/SM2 certificates that affect tests...

6.5CVSS6.8AI score0.73461EPSS
Exploits0References1
OSV
OSV
added 2023/06/20 1:54 p.m.9 views

CLSA-2023-1687269261 openssl: Fix of CVE-2023-2650

CVE-2023-2650: Restrict the size of OBJECT IDENTIFIERs that OBJobj2txt will translate - Update expired smime/SM2 certificates that affect tests...

6.5CVSS6.8AI score0.73461EPSS
Exploits0References1
OSV
OSV
added 2023/06/20 1:49 p.m.7 views

CLSA-2023-1687268961 openssl: Fix of CVE-2023-2650

CVE-2023-2650: Restrict the size of OBJECT IDENTIFIERs that OBJobj2txt will translate - Update expired smime/SM2 certificates that affect tests...

6.5CVSS6.8AI score0.73461EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/06/09 12:0 a.m.30 views

EulerOS 2.0 SP5 : shim (EulerOS-SA-2023-2169)

According to the versions of the shim package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to...

7.5CVSS7.7AI score0.04494EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/06/05 4:29 p.m.4 views

openssl: use-after-free following BIO_new_NDEF

A use-after-free vulnerability was found in OpenSSL's BIOnewNDEF function. The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally by OpenSSL to support the SMIME, CMS, and PKCS7 streaming capabilities, but it may also be...

7.5CVSS6.6AI score0.04494EPSS
Exploits0References5
OSV
OSV
added 2023/06/02 5:15 p.m.1 views

DEBIAN-CVE-2023-0547

OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug. This vulnerability affects Thunderbird 102.10...

6.5CVSS6.5AI score0.00372EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/05/30 1:40 p.m.36 views

CVE-2023-2650 Possible DoS translating ASN.1 object identifiers

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...

6.9AI score0.73461EPSS
Exploits0References12
OSV
OSV
added 2023/05/30 1:40 p.m.39 views

CVE-2023-2650 Possible DoS translating ASN.1 object identifiers

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...

6.5CVSS6.7AI score0.73461EPSS
Exploits0References14
Debian CVE
Debian CVE
added 2023/05/30 1:40 p.m.210 views

CVE-2023-2650

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience...

6.5CVSS6.5AI score0.73461EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/05/14 12:0 a.m.48 views

AlmaLinux 9 : edk2 (ALSA-2023:2165)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2165 advisory. - Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize. CVE-2021-38578 - A timing based side channel exists in t...

9.8CVSS7.9AI score0.59501EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2023/05/10 12:0 a.m.33 views

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2023-1875)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.59501EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/04/29 2:15 a.m.1 views

SUSE CVE-2023-0547

OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug. This vulnerability affects Thunderbird 102.10...

6.5CVSS8.9AI score0.00372EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/04/17 2:15 p.m.6 views

Thunderbird: Revocation status of S/Mime recipient certificates was not checked

The Mozilla Foundation Security Advisory describes this flaw as: OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug...

6.5CVSS7.3AI score0.00372EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/04/17 2:1 p.m.7 views

Thunderbird: Revocation status of S/Mime recipient certificates was not checked

The Mozilla Foundation Security Advisory describes this flaw as: OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug...

6.5CVSS7.3AI score0.00372EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/04/17 1:56 p.m.6 views

Thunderbird: Revocation status of S/Mime recipient certificates was not checked

The Mozilla Foundation Security Advisory describes this flaw as: OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug...

6.5CVSS7.3AI score0.00372EPSS
Exploits0References5
Rows per page
Query Builder