Lucene search
K

21 matches found

Oracle linux
Oracle linux
added 2024/11/22 12:0 a.m.51 views

edk2 security update

Mon Sep 09 2024 Aaron Young - Create new 20240909 release for OL9 which includes the following fixed CVEs: - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access Orabug: 36990130 CVE-2024-1298 - EDK...

7.5CVSS7.4AI score0.95764EPSS
Exploits28
OSV
OSV
added 2023/08/31 12:15 p.m.2 views

BELL-CVE-2022-3358 CVE-2022-3358 does not affect BellSoft software

Bulletin has no description...

7.5CVSS5.8AI score0.02846EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/25 1:36 p.m.68 views

Security Bulletin: IBM App Connect Enterprise Certified Container Dashboard operands are vulnerable to denial of service and loss of confidentiality due to multiple vulnerabilities

Summary OpenSSL is present in the IBM App Connect Enterprise Certified Container Dashboard operand image. OpenSSL is vulnerable to denial of service and loss of confidentiality. This bulletin provides patch information to address the reported vulnerability in OpenSSL. CVE-2023-0217, CVE-2023-1255...

7.5CVSS7.2AI score0.02846EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/05/15 12:0 a.m.82 views

Oracle Linux 9 : openssl (ELSA-2023-2523)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-2523 advisory. - Fixed X.509 Name Constraints Read Buffer Overflow Resolves: CVE-2022-4203 - Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed Double free...

10CVSS7.2AI score0.95764EPSS
Exploits14References2
RedHat Linux
RedHat Linux
added 2023/05/09 10:4 a.m.92 views

Low: Red Hat Security Advisory: openssl security and bug fix update

An update for openssl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

7.5CVSS6.8AI score0.02846EPSS
Exploits0References21
OSV
OSV
added 2023/05/09 12:0 a.m.27 views

ALSA-2023:2523 Low: openssl security and bug fix update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: Using a Custom Cipher with NIDundef may lead to NULL encryption CVE-2022-3358 For more details...

7.5CVSS7.4AI score0.02846EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2023/05/09 12:0 a.m.82 views

Low: openssl security and bug fix update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: Using a Custom Cipher with NIDundef may lead to NULL encryption CVE-2022-3358 For more details...

7.5CVSS7.6AI score0.02846EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2023/02/21 6:46 p.m.46 views

K32553170: OpenSSL vulnerability CVE-2022-3358

Security Advisory Description OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom...

7.5CVSS6.7AI score0.02846EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 3:31 a.m.4 views

SUSE CVE-2022-3358

OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0...

6.5CVSS6.8AI score0.02846EPSS
Exploits0References4
Rapid7 Blog
Rapid7 Blog
added 2022/11/11 9:16 p.m.46 views

Metasploit Weekly Wrap-Up

ADCS - ESC Vulnerable certificate template finder Our very own Grant Willcox has developed a new module which allows users to query a LDAP server for vulnerable Active Directory Certificate Services AD CS certificate templates. The module will print the detected certificate details, and the attac...

7.7AI score0.02846EPSS
Exploits0
OpenVAS
OpenVAS
added 2022/11/02 12:0 a.m.33 views

SUSE: Security Advisory (SUSE-SU-2022:3843-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.1AI score0.92488EPSS
Exploits6References2
SonicWall
SonicWall
added 2022/11/01 10:49 p.m.10 views

SonicWall OpenSSL Version 3.x Security Advisory

This advisory is intended to cover the following OpenSSL Vulnerabilities CVE-2022-3358 - Using a Custom Cipher with NIDundef may lead to NULL encryptionFixed in OpenSSL 3.0.6 Affected OpenSSL Versions 3.x, 3.0.0-3.0.5.More vulnerability details are available here...

7.5CVSS7.6AI score0.92488EPSS
Exploits6
OSV
OSV
added 2022/11/01 4:40 p.m.9 views

SUSE-SU-2022:3843-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2022-3358: Fixed vulnerability where a custom cipher passed to EVPCipherInit could lead into NULL encryption being unexpectedly used bsc1204226. - CVE-2022-3602: Fixed a buffer overflow in the X.509 email address. bsc1204714 -...

7.5CVSS7.7AI score0.92488EPSS
Exploits6References6
Tenable Nessus
Tenable Nessus
added 2022/10/18 12:0 a.m.35 views

FreeBSD : OpenSSL -- Potential NULL encryption in NID_undef with Custom Cipher (7392e1e3-4eb9-11ed-856e-d4c9ef517024)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 7392e1e3-4eb9-11ed-856e-d4c9ef517024 advisory. - OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated...

7.5CVSS6.7AI score0.02846EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2022/10/12 12:0 a.m.21 views

OpenSSL: Using a Custom Cipher with NID_undef may lead to NULL encryption (CVE-2022-3358) - Linux

OpenSSL is prone to an information disclosure vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

7.5CVSS7.3AI score0.02846EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2022/10/12 12:0 a.m.29 views

OpenSSL: Using a Custom Cipher with NID_undef may lead to NULL encryption (CVE-2022-3358) - Windows

OpenSSL is prone to an information disclosure vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

7.5CVSS7.3AI score0.02846EPSS
Exploits0References1
Wolfi
Wolfi
added 2022/10/11 3:15 p.m.51 views

CVE-2022-3358 vulnerabilities

Vulnerabilities for packages: openssl...

7.5CVSS7.7AI score0.02846EPSS
Exploits0
Chainguard
Chainguard
added 2022/10/11 3:15 p.m.62 views

CVE-2022-3358 vulnerabilities

Vulnerabilities for packages: openssl...

7.5CVSS7.4AI score0.02846EPSS
Exploits0
CVE
CVE
added 2022/10/11 3:0 p.m.552 views

CVE-2022-3358

Summary: CVE-2022-3358 affects OpenSSL 3.0.0–3.0.5 and occurs when legacy custom ciphers are passed via EVP_CIPHER_meth_new() with NID_undef. The initialization functions EVP_EncryptInit_ex2()/EVP_DecryptInit_ex2()/EVP_CipherInit_ex2() may resolve to the NULL cipher from providers, causing plaint...

7.5CVSS7.3AI score0.02846EPSS
Exploits0References5Affected Software1
AlpineLinux
AlpineLinux
added 2022/10/11 3:0 p.m.57 views

CVE-2022-3358

OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0...

7.5CVSS7.5AI score0.02846EPSS
Exploits0
Rows per page
Query Builder