Lucene search
K

4229 matches found

The Hacker News
The Hacker News
added 2022/11/01 4:26 p.m.398 views

OpenSSL Releases Patch for 2 New High-Severity Vulnerabilities

The OpenSSL project has rolled out fixes to contain two high-severity flaws in its widely used cryptography library that could result in a denial-of-service DoS and remote code execution. The issues, tracked as CVE-2022-3602 and CVE-2022-3786, have been described as buffer overrun vulnerabilities...

10CVSS0.99999EPSS
Exploits93
Debian CVE
Debian CVE
added 2022/11/01 12:0 a.m.166 views

CVE-2022-3786

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate...

7.5CVSS8.2AI score0.92488EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2022/11/01 12:0 a.m.68 views

Fedora 36 : openssl (2022-502f096dce)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-502f096dce advisory. Security fix for CVE-2022-3602 and CVE-2022-3786 Tenable has extracted the preceding description block directly from the Fedora security advisory...

7.5CVSS8AI score0.92488EPSS
Exploits6References3
AlpineLinux
AlpineLinux
added 2022/11/01 12:0 a.m.86 views

CVE-2022-3602

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...

7.5CVSS8.3AI score0.9077EPSS
Exploits6
AlpineLinux
AlpineLinux
added 2022/11/01 12:0 a.m.69 views

CVE-2022-3786

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate...

7.5CVSS8.2AI score0.92488EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2022/11/01 12:0 a.m.53 views

Oracle Linux 9 : openssl (ELSA-2022-9968)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9968 advisory. - Add units tests for CVE-2022-3786, CVE-2022-3602 patches - Fix CVE-2022-3786, CVE-2022-3602 - CVE-2022-2097: AES OCB fails to encrypt some bytes on...

10CVSS7.2AI score0.95764EPSS
Exploits14References3
Tenable Nessus
Tenable Nessus
added 2022/11/01 12:0 a.m.480 views

OpenSSL 3.0.0 < 3.0.7 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.0.7. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.0.7 advisory. - A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs...

7.5CVSS8.8AI score0.92488EPSS
Exploits6References7
UbuntuCve
UbuntuCve
added 2022/11/01 12:0 a.m.55 views

CVE-2022-3786

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate...

7.5CVSS7.5AI score0.92488EPSS
Exploits2References3
CVE
CVE
added 2022/11/01 12:0 a.m.1072 views

CVE-2022-3786

OpenSSL CVE-2022-3602 and CVE-2022-3786 describe buffer overflows in X.509 name-constraint processing triggered by crafted email addresses in certificates, potentially crashing the TLS client/server and, in some scenarios, enabling remote code execution. Documents confirm the issues affect OpenSS...

7.5CVSS8.1AI score0.92488EPSS
Exploits2References5Affected Software1
OpenSSL
OpenSSL
added 2022/11/01 12:0 a.m.59 views

Vulnerability in OpenSSL - X.509 Email Address Variable Length Buffer Overflow

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate...

8.1AI score0.92488EPSS
Exploits2Affected Software1
OSV
OSV
added 2022/11/01 12:0 a.m.4 views

UBUNTU-CVE-2022-3602

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...

7.5CVSS7.6AI score0.9077EPSS
Exploits6References4
OpenSSL
OpenSSL
added 2022/11/01 12:0 a.m.65 views

Vulnerability in OpenSSL - X.509 Email Address 4-byte Buffer Overflow

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...

8.2AI score0.9077EPSS
Exploits6Affected Software1
UbuntuCve
UbuntuCve
added 2022/11/01 12:0 a.m.52 views

CVE-2022-3602

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...

7.5CVSS7.6AI score0.9077EPSS
Exploits6References3
OSV
OSV
added 2022/11/01 12:0 a.m.2 views

UBUNTU-CVE-2022-3786

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate...

7.5CVSS7.5AI score0.92488EPSS
Exploits2References4
Debian CVE
Debian CVE
added 2022/11/01 12:0 a.m.67 views

CVE-2022-3602

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate...

7.5CVSS8.3AI score0.9077EPSS
Exploits6
CVE
CVE
added 2022/11/01 12:0 a.m.1212 views

CVE-2022-3602

OpenSSL CVE-2022-3602 is a stack-based buffer overrun in X.509 name-contraint verification that can crash a TLS client/server or, potentially, allow RCE. The issue is triggered by crafting an email address and affects OpenSSL 3.0.x (3.0.0–3.0.6). Mitigation is upgrading to OpenSSL 3.0.7 or later ...

7.5CVSS8.2AI score0.9077EPSS
Exploits6References42Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/10/31 12:0 a.m.7 views

The vulnerability of the /goform/form2WizardStep4 component of the D-Link DIR-816 A2 router’s microprogramming system allows a hacker to execute arbitrary code.

The vulnerability of the /goform/form2WizardStep4 component of the D-Link DIR-816 A2 router’s microprogramming system is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using the wizardstep4pskpw...

10CVSS8.5AI score0.01191EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2022/10/28 12:0 a.m.8 views

The vulnerability of the Tunnel Mode mode in the implementation of SSL VPN technology for FortiOS operating systems allows a perpetrator to cause a service failure.

The vulnerability of the Tunnel Mode mode in the FortiOS operating system-based SSL VPN technology stems from the fact that data operations go beyond the buffer in memory when processing LCP packets. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

8.8CVSS5.6AI score0.0077EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/10/28 12:0 a.m.5 views

PT-2022-5306

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.0.0 through 3.0.6 Description A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. This occurs after certificate chain signature verification and requires either a CA...

10CVSS8.2AI score0.92488EPSS
Exploits8References164
Fortinet
Fortinet
added 2022/10/28 12:0 a.m.108 views

Protect

CVE-2022-3602: A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue...

5CVSS8.5AI score0.92488EPSS
Exploits6Affected Software1
Rows per page
Query Builder