Lucene search
K

74 matches found

ATTACKERKB
ATTACKERKB
added 2022/09/05 4:15 a.m.8 views

CVE-2022-39829

There is a NULL pointer dereference in aes256encrypt in Samsung mTower through 0.3.0 due to a missing check on the return value of EVPCIPHERCTXnew...

7.5CVSS5.8AI score0.01068EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2022/02/09 12:0 a.m.36 views

AlmaLinux 8 : openssl (ALSA-2021:4424)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:4424 advisory. - Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to...

7.5CVSS6.5AI score0.50732EPSS
Exploits0References3
OSV
OSV
added 2021/08/25 8:52 p.m.51 views

GHSA-84RM-QF37-FGC2 Integer Overflow in openssl-src

Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...

5.9CVSS7.1AI score0.07471EPSS
Exploits0References27
OSV
OSV
added 2021/08/24 3:15 p.m.5 views

DEBIAN-CVE-2021-3711

In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size...

9.8CVSS7.2AI score0.87816EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2021/07/01 12:0 a.m.38 views

EulerOS Virtualization 3.0.6.6 : openssl098e (EulerOS-SA-2021-2044)

According to the versions of the openssl098e package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The OpenSSL public API function X509issuerandserialhash attempts to create a unique hash value based on the issuer and serial...

7.5CVSS6.5AI score0.50732EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2021/06/03 12:0 a.m.18 views

EulerOS 2.0 SP9 : openssl (EulerOS-SA-2021-1956)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The OpenSSL public API function X509issuerandserialhash attempts to create a unique hash value based on the issuer and serial number data...

7.5CVSS6.5AI score0.50732EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2021/06/03 12:0 a.m.32 views

EulerOS 2.0 SP9 : openssl (EulerOS-SA-2021-1935)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The OpenSSL public API function X509issuerandserialhash attempts to create a unique hash value based on the issuer and serial number data...

7.5CVSS6.5AI score0.50732EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2021/05/18 12:0 a.m.40 views

EulerOS 2.0 SP5 : openssl111d (EulerOS-SA-2021-1909)

According to the versions of the openssl111d packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input lengt...

7.5CVSS6.5AI score0.50732EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2021/02/18 12:22 p.m.189 views

USN-4738-1: OpenSSL vulnerabilities

Paul Kehrer discovered that OpenSSL incorrectly handled certain input lengths in EVP functions. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. CVE-2021-23840 Tavis Ormandy discovered that OpenSSL incorrectly handled parsing issuer...

7.5CVSS6.6AI score0.50732EPSS
Exploits0
OpenSSL
OpenSSL
added 2021/02/16 12:0 a.m.269 views

Vulnerability in OpenSSL - Integer overflow in CipherUpdate

Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 indicating succes...

8AI score0.50732EPSS
Exploits0Affected Software1
FreeBSD
FreeBSD
added 2021/02/16 12:0 a.m.83 views

OpenSSL -- Multiple vulnerabilities

The OpenSSL project reports: Null pointer deref in X509issuerandserialhash CVE-2021-23841Moderate The OpenSSL public API function X509issuerandserialhash attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to...

7.5CVSS7AI score0.50732EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/06/26 12:0 a.m.4 views

The vulnerability of the EVP_EncodeUpdate function (crypto/evp/encode.c) in the OpenSSL library, related to an error in processing numbers, allows a hacker to trigger a service failure.

The vulnerability of the EVPEncodeUpdate function in the OpenSSL library is related to errors in number processing. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

7.8CVSS7AI score0.3965EPSS
Exploits1References8Affected Software21
BDU FSTEC
BDU FSTEC
added 2020/06/26 12:0 a.m.5 views

The vulnerability of the EVP_EncodeUpdate function (crypto/evp/evp_enc.c) in the OpenSSL library, related to an error in processing a number, allows a perpetrator to trigger a service failure.

The vulnerability of the EVPEncodeUpdate function crypto/evp/evpenc.c in the OpenSSL library is related to an error in processing numbers. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

7.8CVSS7AI score0.27261EPSS
Exploits1References9Affected Software21
CNVD
CNVD
added 2020/02/24 12:0 a.m.1 views

Memory Corruption Vulnerability in HollySys HD2000 of Beijing Hollis Automation Drive Technology Co.

Founded in 1993, HOLLIS is an automation and information technology solution provider in China. Ltd. A memory corruption vulnerability exists in the HollySys HD2000, which can be exploited by an attacker to construct a malformed evp file that can cause the program to crash...

6.8AI score
Exploits0
CNVD
CNVD
added 2020/02/24 12:0 a.m.1 views

Memory Corruption Vulnerability in HollySys HD2000 (CNVD-2020-18679) at Beijing Helisys Automation Drive Technology Co.

Founded in 1993, HOLLIS is an automation and information technology solution provider in China. A memory corruption vulnerability exists in HollySys HD2000, which can be exploited by an attacker to construct a malformed evp file that can cause the program to crash...

6.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2020/01/24 12:0 a.m.6 views

PT-2021-3610

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.1.1i and below OpenSSL versions 1.0.2x and below Description The issue is related to the functions EVP CipherUpdate, EVP EncryptUpdate, and EVP DecryptUpdate in OpenSSL, which may overflow the output length argument when the...

7.5CVSS6.4AI score0.50732EPSS
Exploits0References322
Tenable Nessus
Tenable Nessus
added 2017/05/09 12:0 a.m.68 views

openSUSE Security Update : libressl (openSUSE-2017-560)

This update for libressl to version 2.5.1 fixes the following issues : These security issues were fixed : - CVE-2016-0702: Prevent side channel attack on modular exponentiation boo968050. - CVE-2016-7056: Avoid a side-channel cache-timing attack that can leak the ECDSA private keys when signing...

5.5CVSS7.1AI score0.0191EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2016/10/18 7:8 a.m.9 views

openssl: EVP_EncodeUpdate overflow

An integer overflow flaw, leading to a buffer overflow, was found in the way the EVPEncodeUpdate function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of th...

7.5CVSS7.8AI score0.3965EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2016/08/22 6:7 p.m.6 views

openssl: EVP_EncodeUpdate overflow

An integer overflow flaw, leading to a buffer overflow, was found in the way the EVPEncodeUpdate function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of th...

7.5CVSS7.8AI score0.3965EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2016/08/22 6:7 p.m.6 views

openssl: EVP_EncodeUpdate overflow

An integer overflow flaw, leading to a buffer overflow, was found in the way the EVPEncodeUpdate function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of th...

7.5CVSS7.8AI score0.3965EPSS
Exploits1References5
Rows per page
Query Builder