Lucene search
+L

18 matches found

Oracle linux
Oracle linux
added 2024/11/22 12:0 a.m.56 views

edk2 security update

Mon Sep 09 2024 Aaron Young - Create new 20240909 release for OL9 which includes the following fixed CVEs: - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access Orabug: 36990130 CVE-2024-1298 - EDK...

7.5CVSS7.4AI score0.96275EPSS
Exploits28
CBLMariner
CBLMariner
added 2024/08/14 8:42 p.m.20 views

CVE-2022-3996 affecting package edk2 for versions less than 20240223gitedc6681206c1-2

CVE-2022-3996 affecting package edk2 for versions less than 20240223gitedc6681206c1-2. A patched version of the package is available...

7.5CVSS7.7AI score0.0123EPSS
Exploits0
OSV
OSV
added 2023/08/31 12:13 p.m.2 views

BELL-CVE-2022-3996 CVE-2022-3996 does not affect BellSoft software

Bulletin has no description...

7.5CVSS5.8AI score0.0123EPSS
Exploits0References1
CloudLinux
CloudLinux
added 2023/05/04 9:42 p.m.126 views

openssl: Fix of 3 CVEs

CVE-2023-0464: Fix excessive resource use verifying X.509 policy constraints - CVE-2023-0466: Fix documentation of X509VERIFYPARAMadd0policy - CVE-2022-3996: Drop redundant flag setting in policycachesetmapping...

7.5CVSS6.6AI score0.03658EPSS
Exploits0
OpenVAS
OpenVAS
added 2023/04/26 12:0 a.m.28 views

Ubuntu: Security Advisory (USN-6039-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.2AI score0.03658EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/04/25 12:0 a.m.45 views

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 : OpenSSL vulnerabilities (USN-6039-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6039-1 advisory. It was discovered that OpenSSL was not properly managing file locks when processing policy constraints. If a...

7.5CVSS7AI score0.03658EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2022/12/21 12:0 a.m.23 views

SUSE: Security Advisory (SUSE-SU-2022:4586-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.1AI score0.92488EPSS
Exploits2References2
OSV
OSV
added 2022/12/20 12:32 p.m.9 views

SUSE-SU-2022:4586-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2022-3996: Fixed X.509 Policy Constraints Double Locking bsc1206374...

7.5CVSS7.7AI score0.92488EPSS
Exploits2References4
Node JS Blog
Node JS Blog
added 2022/12/16 12:0 a.m.59 views

OpenSSL 3.0.7 update assessment

OpenSSL 3.0.7 update assessment Summary The vulnerability in the OpenSSL Security Advisory of Dec 13 2022 do not affect any active Node.js release lines. Analysis Our assessment of the security advisory is: X.509 Policy Constraints Double Locking CVE-2022-3996 Node.js doesn't call OpenSSL as a...

7.5CVSS6.2AI score0.0123EPSS
Exploits0
OpenVAS
OpenVAS
added 2022/12/14 12:0 a.m.25 views

OpenSSL: X.509 Policy Constraints Double Locking Vulnerability (Dec 2022) - Windows

OpenSSL is prone to a denial of service DoS vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; yo...

7.5CVSS7.4AI score0.0123EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2022/12/14 12:0 a.m.22 views

OpenSSL: X.509 Policy Constraints Double Locking Vulnerability (Dec 2022) - Linux

OpenSSL is prone to a denial of service DoS vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; yo...

7.5CVSS7.4AI score0.0123EPSS
Exploits0References1
OSV
OSV
added 2022/12/13 4:15 p.m.8 views

AZL-40306 CVE-2022-3996 affecting package edk2 for versions less than 20240223gitedc6681206c1-2

If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems most widely: Windows this results in a denial of service when the affected process hangs. Policy processing being enabled o...

7.5CVSS5.7AI score0.0123EPSS
Exploits0References1
Wolfi
Wolfi
added 2022/12/13 4:15 p.m.35 views

CVE-2022-3996 vulnerabilities

Vulnerabilities for packages: openssl...

7.5CVSS8.6AI score0.0123EPSS
Exploits0
Chainguard
Chainguard
added 2022/12/13 4:15 p.m.30 views

CVE-2022-3996 vulnerabilities

Vulnerabilities for packages: openssl-provider-fips, openssl...

7.5CVSS7AI score0.0123EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2022/12/13 3:43 p.m.27 views

CVE-2022-3996 X.509 Policy Constraints Double Locking

If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems most widely: Windows this results in a denial of service when the affected process hangs. Policy processing being enabled o...

7.2AI score0.0123EPSS
Exploits0References2
OSV
OSV
added 2022/12/13 3:43 p.m.41 views

CVE-2022-3996 X.509 Policy Constraints Double Locking

If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems most widely: Windows this results in a denial of service when the affected process hangs. Policy processing being enabled o...

7.5CVSS7AI score0.0123EPSS
Exploits0References5
CVE
CVE
added 2022/12/13 3:43 p.m.597 views

CVE-2022-3996

CVE-2022-3996 describes an OpenSSL policy-contraint processing issue where a malformed certificate policy can trigger a write lock to be taken recursively, enabling DoS for affected processes. The vulnerability is tied to OpenSSL policy checks and the use of policy processing via -policy or X509_...

7.5CVSS6.8AI score0.0123EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2022/12/13 12:0 a.m.88 views

CVE-2022-3996

If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems most widely: Windows this results in a denial of service when the affected process hangs. Policy processing being enabled o...

7.5CVSS7AI score0.0123EPSS
Exploits0References3
Rows per page
Query Builder