CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

31 matches found

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-2698

Malicious code in bioql PyPI...

5.9CVSS6.5AI score0.00067EPSS

Exploits0References11

Tenable Nessus•added 2025/08/20 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2022-1434

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacke...

5.9CVSS6.7AI score0.00067EPSS

Exploits0References2

F5 Networks•added 2023/02/21 6:47 p.m.•43 views

K09413574: OpenSSL vulnerability CVE-2022-1434

Security Advisory Description The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one...

5.9CVSS6.5AI score0.00067EPSS

Exploits0

SUSE CVE•added 2023/02/15 3:33 a.m.•1 views

SUSE CVE-2022-1434

The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipie...

8.8CVSS6.8AI score0.00067EPSS

Exploits0References4

RedHat Linux•added 2023/01/18 10:35 a.m.•60 views

Moderate: Red Hat Security Advisory: java-17-openjdk security and bug fix update

An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

5.3CVSS6.7AI score0.0011EPSS

Exploits0References7

Tenable Nessus•added 2022/09/07 12:0 a.m.•59 views

Amazon Linux 2022 : openssl (ALAS2022-2022-104)

The version of openssl installed on the remote host is prior to 3.0.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-104 advisory. The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is...

10CVSS7.4AI score0.38894EPSS

Exploits5References9

OpenVAS•added 2022/07/07 12:0 a.m.•27 views

openSUSE: Security Advisory for openssl-3 (SUSE-SU-2022:2306-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

10CVSS7.3AI score0.38894EPSS

Exploits6References2

OSV•added 2022/07/06 11:49 a.m.•7 views

SUSE-SU-2022:2306-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in crehash. bsc1200550 - CVE-2022-1292: Properly sanitise shell metacharacters in crehash script. bsc1199166 - CVE-2022-1343: Fixed incorrect signature verification in OCSPbasicverify...

10CVSS7.9AI score0.38894EPSS

Exploits6References14

RedhatCVE•added 2022/05/18 10:42 p.m.•44 views

CVE-2022-1434

5.9CVSS3.6AI score0.00067EPSS

Exploits0References3

Node JS Blog•added 2022/05/05 12:0 a.m.•39 views

OpenSSL update assessment, and Node.js project plans

OpenSSL update assessment, and Node.js project plans Summary The OpenSSL Security releases of May 3 2022 affects Node.js 17.x and 18.x but highest serverity is "Low" Analysis Our assessment of the security advisory is: The crehash script allows command injection CVE-2022-1292 Node.js doesn't use ...

10CVSS6.9AI score0.38894EPSS

Exploits5

Ubuntu•added 2022/05/04 1:21 p.m.•174 views

USN-5402-1: OpenSSL vulnerabilities

Elison Niven discovered that OpenSSL incorrectly handled the crehash script. A local attacker could possibly use this issue to execute arbitrary commands when crehash is run. CVE-2022-1292 Raul Metsma discovered that OpenSSL incorrectly verified certain response signing certificates. A remote...

10CVSS6.9AI score0.38894EPSS

Exploits5

Github Security Blog•added 2022/05/04 12:0 a.m.•27 views

Incorrect MAC key used in the RC4-MD5 ciphersuite

5.9CVSS3.6AI score0.00067EPSS

Exploits0References8Affected Software1

OSV•added 2022/05/04 12:0 a.m.•26 views

GHSA-638M-M8MH-7GW2 Incorrect MAC key used in the RC4-MD5 ciphersuite

5.9CVSS7.2AI score0.00067EPSS

Exploits0References7

OpenVAS•added 2022/05/04 12:0 a.m.•25 views

OpenSSL: Multiple Vulnerabilities (May 2022) - Linux

OpenSSL is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

10CVSS6.8AI score0.38894EPSS

Exploits5References1

OSV•added 2022/05/03 4:15 p.m.•33 views

CVE-2022-1434

5.9CVSS3.6AI score

Exploits0References4

OSV•added 2022/05/03 4:15 p.m.•1 views

ALPINE-CVE-2022-1434

5.9CVSS7AI score0.00067EPSS

Exploits0References1

NVD•added 2022/05/03 4:15 p.m.•17 views

CVE-2022-1434

5.9CVSS0.00067EPSS

Exploits0References4

CVE•added 2022/05/03 3:15 p.m.•195 views

CVE-2022-1434

The CVE-2022-1434 issue affects the RC4-MD5 ciphersuite in OpenSSL 3.0, where the AAD data is incorrectly used as the MAC key, allowing an attacker to modify data in transit without decrypting it. The vulnerability requires both endpoints to negotiate RC4-MD5, and it is not exploitable when TLSv1...

5.9CVSS7.3AI score0.00067EPSS

Exploits0References4Affected Software1