Lucene search
K

90 matches found

OSV
OSV
added 2021/01/06 1:15 a.m.5 views

CVE-2020-36160

An issue was discovered in Veritas System Recovery before 21.2. On start-up, it loads the OpenSSL library from \usr\local\ssl. This library attempts to load the from \usr\local\ssl\openssl.cnf configuration file, which does not exist. By default, on Windows systems, users can create directories...

8.8CVSS6.3AI score0.00431EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/01/06 1:15 a.m.5 views

CVE-2020-36167

An issue was discovered in the server in Veritas Backup Exec through 16.2, 20.6 before hotfix 298543, and 21.1 before hotfix 657517. On start-up, it loads the OpenSSL library from the Installation folder. This library in turn attempts to load the /usr/local/ssl/openssl.cnf configuration file, whi...

9.3CVSS6.3AI score0.00462EPSS
Exploits0References3
NCSC
NCSC
added 2020/12/10 12:0 a.m.5 views

Multiple vulnerabilities fixed in IBM Aspera

IBM has fixed several vulnerabilities in the Aspera Suite. The vulnerabilities are in the underlying OpenSSL, cURL libcurl and FasterXML jackson databind software. A malicious party could potentially exploit the vulnerabilities to bypassing security measures, accessing sensitive data and from bei...

10CVSS9.2AI score0.14298EPSS
Exploits4
BDU FSTEC
BDU FSTEC
added 2020/06/26 12:0 a.m.4 views

The vulnerability of the fill-checking function in the AES-NI implementation of the OpenSSL library allows a perpetrator to gain unauthorized access to confidential data.

The vulnerability of the fill-checking function in the AES-NI implementation of the OpenSSL library is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to confidential data...

5.9CVSS7.1AI score0.27261EPSS
Exploits1References9Affected Software21
BDU FSTEC
BDU FSTEC
added 2020/06/22 12:0 a.m.7 views

The vulnerability of the Montgomery quadradic multiplication algorithm implementation in OpenSSL libraries is related to an error in integer transfer on the x86_64 platform, which allows an attacker to gain unauthorized access to sensitive information.

The vulnerability of the Montgomery quadradic multiplication algorithm implementation in the OpenSSL library is related to an error in arithmetic operations on the x8664 platform. Exploiting this vulnerability may allow a malicious actor, operating remotely, to gain unauthorized access to sensiti...

7.1CVSS6.8AI score0.15934EPSS
Exploits1References6Affected Software11
Veracode
Veracode
added 2020/04/10 12:47 a.m.37 views

Denial Of Service (DoS)

OpenSSL is vulnerable to denial of service. It was found that the OpenSSL library did not properly re-initialize its internal state in the SSLlibraryinit function after previous calls to the CRYPTOcleanupallexdata function, which would cause a memory leak for each subsequent SSL connection. This...

5CVSS0.9AI score0.08941EPSS
Exploits0References32Affected Software1
OSV
OSV
added 2020/02/27 6:15 p.m.2 views

UBUNTU-CVE-2020-7041

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509checkhost negative error code is interpreted as a successful return value...

5.3CVSS5.8AI score0.01702EPSS
Exploits0References5
Prion
Prion
added 2019/11/18 6:15 p.m.22 views

Information disclosure

An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by...

4.3CVSS5.6AI score0.00781EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/11/18 5:59 p.m.108 views

CVE-2019-5101

OpenWrt vulnerability CVE-2019-5101 affects the ustream-ssl library (used by tools like wget) in OpenWrt 18.06.4 and 15.05.1. The issue allows information disclosure via MITM because the server certificate is checked but no action is taken for invalid certificates; after SSL initialization and in...

5.9CVSS5.9AI score0.00781EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/02/19 12:0 a.m.56 views

Amazon Linux 2 : curl (ALAS-2019-1162)

libcurl is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages lib/vauth/ntlm.c:ntlmdecodetype2target does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM serv...

9.8CVSS8AI score0.12771EPSS
Exploits3References13
CNVD
CNVD
added 2019/01/24 12:0 a.m.24 views

Apache HTTP Server Denial of Service Vulnerability (CNVD-2019-04946)

Apache HTTP Server is the United States Apache Apache Software Foundation, an open source web server. The server is fast, reliable and can be expanded through a simple API. A denial of service vulnerability exists in the handling of client-side renavigation by modssl in httpd in Apache HTTP Serve...

7.5CVSS8.7AI score0.59942EPSS
Exploits0References1
ArchLinux
ArchLinux
added 2017/11/30 12:0 a.m.72 views

[ASA-201711-37] lib32-libcurl-gnutls: multiple issues

Arch Linux Security Advisory ASA-201711-37 ========================================== Severity: High Date : 2017-11-30 CVE-ID : CVE-2017-8816 CVE-2017-8817 CVE-2017-8818 Package : lib32-libcurl-gnutls Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-523 Summary ======...

9.8CVSS0.3AI score0.11175EPSS
Exploits0References13
NVD
NVD
added 2017/11/29 6:29 p.m.23 views

CVE-2017-8818

curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service out-of-bounds access and application crash or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library...

9.8CVSS9.9AI score0.03995EPSS
Exploits0References5
OSV
OSV
added 2017/11/29 6:29 p.m.27 views

CVE-2017-8818

curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service out-of-bounds access and application crash or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library...

9.8CVSS7.5AI score0.03995EPSS
Exploits0References5
Prion
Prion
added 2017/11/29 6:29 p.m.26 views

Out-of-bounds

curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service out-of-bounds access and application crash or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library...

7.5CVSS9.7AI score0.03995EPSS
Exploits0References5Affected Software2
CVE
CVE
added 2017/11/29 6:0 p.m.114 views

CVE-2017-8818

CVE-2017-8818 affects curl/libcurl prior to 7.57.0 on 32-bit platforms. The issue is an SSL/connection memory allocation bug that allocates too little memory for SSL-related structures, causing an out-of-bounds access and potential crash. The vulnerability is a 32-bit memory calculation flaw in t...

9.8CVSS9.6AI score0.03995EPSS
Exploits0References5Affected Software2
Cvelist
Cvelist
added 2017/11/29 6:0 p.m.26 views

CVE-2017-8818

curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service out-of-bounds access and application crash or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library...

9.8AI score0.03995EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2017/11/29 6:0 p.m.81 views

CVE-2017-8818

curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service out-of-bounds access and application crash or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library...

9.8CVSS9.9AI score0.03995EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2017/11/29 12:0 a.m.31 views

CVE-2017-8818

curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service out-of-bounds access and application crash or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library...

9.8CVSS7.2AI score0.03995EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2016/09/27 1:46 p.m.4 views

openssl: Non-constant time codepath followed for certain operations in DSA implementation

It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm DSA signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system...

5.5CVSS7.2AI score0.01174EPSS
Exploits1References6
Rows per page
Query Builder