Lucene search
+L

40 matches found

ibm
ibm
added 2026/07/04 12:31 a.m.3 views

Security Bulletin: Potential denial of service in X.509 name checks in OpenSSL affect Cloud Pak System [CVE-2024-6119]

Summary Potential denial of service in X.509 name checks in OpenSSL affect Cloud Pak System. Vulnerability was addressed by IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-6119 DESCRIPTION: Issue summary: Applications performing certificate name checks e.g., TLS clients checking server...

7.5CVSS6.7AI score0.66594EPSS
Exploits0Affected Software2
debiancve
debiancve
added 2026/06/11 2:30 p.m.15 views

CVE-2026-9648

The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA’s permitted subtrees. This oversight enables an attacker who compromises a name-constrained sub-CA to...

9.1CVSS5.4AI score0.00223EPSS
Exploits0
osv
osv
added 2026/04/27 6:33 p.m.12 views

JLSEC-2026-253 Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server...

Issue summary: Applications performing certificate name checks e.g., TLS clients checking server certificates may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of...

7.5CVSS6.6AI score0.66594EPSS
Exploits0References11
osv
osv
added 2026/01/30 4:8 p.m.19 views

CLEANSTART-2026-GL70025 Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate

Multiple security vulnerabilities affect the argo-cd-fips package. Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. See references for individual vulnerability details...

9.8CVSS5.8AI score0.04518EPSS
Exploits3References43
nessus
nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 9 : openssl-3.0.7-28.el9_4.ML.1 (AXSA:2024-8829:06)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8829:06 advisory. openssl: Possible denial of service in X.509 name checks CVE-2024-6119 Tenable has extracted the preceding description block directly from the MiracleLinux...

7.5CVSS7.5AI score0.66594EPSS
Exploits0References2
nessus
nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 9 : edk2-20231122-6.el9_4.4 (AXSA:2024-8977:11)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8977:11 advisory. openssl: Possible denial of service in X.509 name checks CVE-2024-6119 Tenable has extracted the preceding description block directly from the MiracleLinux...

7.5CVSS6.7AI score0.66594EPSS
Exploits0References2
nessus
nessus
added 2025/06/16 12:0 a.m.8 views

TencentOS Server 4: openssl (TSSA-2024:0532)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0532 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

7.5CVSS6.7AI score0.66594EPSS
Exploits0References3
nessus
nessus
added 2025/06/09 12:0 a.m.8 views

NewStart CGSL MAIN 7.02 : openssl Multiple Vulnerabilities (NS-SA-2025-0088)

The remote NewStart CGSL host, running version MAIN 7.02, has openssl packages installed that are affected by multiple vulnerabilities: - Issue summary: Applications performing certificate name checks e.g., TLS clients checking server certificates may attempt to read an invalid memory address...

7.5CVSS6.3AI score0.66594EPSS
Exploits0References13
suse
suse
added 2025/05/08 1:17 p.m.4 views

Security update for openssl-3

This update for openssl-3 fixes the following issues: CVE-2024-6119: Fixed denial of service in X.509 name checks bsc1229465 Other fixes: FIPS: Deny SHA-1 signature verification in FIPS provider bsc1221365. FIPS: RSA keygen PCT requirements. FIPS: Check that the fips provider is available before...

8.2CVSS7.3AI score0.66594EPSS
Exploits0References34
nessus
nessus
added 2025/03/06 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2024-6119

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: Applications performing certificate name checks e.g., TLS clients checking server certificates may attempt to read an invalid memory address...

7.5CVSS6.5AI score0.66594EPSS
Exploits0References3
nessus
nessus
added 2025/02/24 12:0 a.m.6 views

Siemens SIMATIC and SCALANCE Type Confusion (CVE-2024-6119)

Applications performing certificate name checks e.g., TLS clients checking server certificates may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of service...

7.5CVSS6.8AI score0.66594EPSS
Exploits0References5
f5
f5
added 2025/02/19 8:4 p.m.15 views

K000149304: OpenSSL vulnerability CVE-2024-6119

Security Advisory Description Issue summary: Applications performing certificate name checks e.g., TLS clients checking server certificates may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an...

7.5CVSS7.7AI score0.66594EPSS
Exploits0Affected Software3
nessus
nessus
added 2025/02/19 12:0 a.m.12 views

F5 Networks BIG-IP : OpenSSL vulnerability (K000149304)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000149304 advisory. Issue summary: Applications performing certificate name checks e.g., TLS clients checking server certificates may...

7.5CVSS6.8AI score0.66594EPSS
Exploits0References2
astralinux
astralinux
added 2025/02/11 7:35 a.m.1 views

Astra Linux – Vulnerability in OpenSSL

Issue summary: Applications that perform certificate name checks e.g., TLS clients checking server certificates may attempt to read an invalid memory address, resulting in an abnormal termination of the application process. Impact summary: An abnormal termination of an application can cause a...

7.5CVSS6.7AI score0.66594EPSS
Exploits0References3
ibm
ibm
added 2025/01/28 10:8 p.m.29 views

Security Bulletin: IBM MQ for HPE NonStop Server is affected by OpenSSL vulnerability CVE-2024-6119

Summary IBM MQ for HPE NonStop Server is affected by OpenSSL vulnerability CVE-2024-6119 caused by an error when performing certificate name checks. Vulnerability Details CVEID:CVE-2024-6119 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when performing certificate...

7.5CVSS6.8AI score0.66594EPSS
Exploits0Affected Software1
ibm
ibm
added 2025/01/28 10:8 p.m.29 views

Security Bulletin:cryptography-42.0.7-cp39-abi3-manylinux_2_28_x86_64.whl Vulnerability Affects IBM Data Observability by Databand (CVE-2024-6119)

Summary A vulnerability in cryptography-42.0.7-cp39-abi3-manylinux228x8664.whl was addressed in IBM Data Observability by Databand Vulnerability Details CVEID:CVE-2024-6119 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when performing certificate name checks e.g.,...

7.5CVSS6.6AI score0.66594EPSS
Exploits0Affected Software1
ibm
ibm
added 2024/10/29 1:46 p.m.21 views

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to OpenSSL and libexpat

Summary OpenSSL and Libexpat used by IBM MQ Operator and Queue Manager container images are vulnerable to denial of service due to improper memory allocation, and providing weaker than expected security which might allow an attacker to execute arbitrary code on the system. This bulletin identifie...

9.8CVSS8.3AI score0.66594EPSS
Exploits0Affected Software1
amazon
amazon
added 2024/10/14 12:0 a.m.2 views

Medium: openssl

Issue Overview: Issue summary: Applications performing certificate name checks e.g., TLS clients checking server certificates may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a...

7.5CVSS6.9AI score0.66594EPSS
Exploits0
ibm
ibm
added 2024/10/02 3:37 p.m.18 views

Security Bulletin: z/Transaction Processing Facility is affected by an OpenSSL vulnerability

Summary The z/TPF version of OpenSSL was updated to address the vulnerability described by CVE-2024-6119. Vulnerability Details CVEID:CVE-2024-6119 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by an error when performing certificate name checks e.g., TLS clients checking serv...

7.5CVSS7.5AI score0.66594EPSS
Exploits0Affected Software1
osv
osv
added 2024/09/27 11:9 a.m.3 views

OESA-2024-2179 openssl security update

The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols as well as a full-strength general purpose cryptography library. The project i...

7.5CVSS6.8AI score0.66594EPSS
Exploits0References2
Rows per page
Query Builder