Lucene search
+L

31 matches found

CVE
CVE
added 2026/01/27 4:1 p.m.60 views

CVE-2025-69418

CVE-2025-69418 affects OpenSSL when using the low-level OCB API (CRYPTO_ocb128_encrypt/decrypt) with non-block-aligned lengths on hardware-accelerated builds. The trailing 1–15 bytes of a message may be left unencrypted and unauthenticated, exposing or tampering with data. The issue does not affe...

4CVSS5.7AI score0.00115EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2025/10/24 2:33 p.m.8 views

OESA-2025-2502 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary:...

7.5CVSS7.2AI score0.01744EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/30 12:0 a.m.7 views

PT-2025-39986

Name of the Vulnerable Software and Affected Versions: OpenSSL versions prior to 3.5.4, 3.4.3, 3.3.5, 3.2.6, 3.0.18, 1.1.1zd, and 1.0.2zm. Description: OpenSSL contains vulnerabilities due to out-of-bounds read and write issues. Specifically, an out-of-bounds read and write can occur when...

7.8CVSS8.1AI score0.01744EPSS
Exploits0References223
F5 Networks
F5 Networks
added 2025/05/27 4:7 p.m.19 views

K000151542: OpenSSL vulnerability CVE-2025-4575

Security Advisory Description Issue summary: Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate. Impact summary: If a user intends to make a trusted certificate rejected for a particular use it will be instead marked as truste...

6.5CVSS7.5AI score0.00306EPSS
Exploits0
Cvelist
Cvelist
added 2025/05/22 1:36 p.m.37 views

CVE-2025-4575 The x509 application adds trusted use instead of rejected use

Issue summary: Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate. Impact summary: If a user intends to make a trusted certificate rejected for a particular use it will be instead marked as trusted for that use. A copy & paste...

0.00306EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2024-4741

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: Calling the OpenSSL API function SSLfreebuffers may cause memory to be accessed that was previously freed in some situations Impact summary: A us...

7.5CVSS7.3AI score0.02945EPSS
Exploits0References3
OSV
OSV
added 2024/11/13 11:15 a.m.5 views

AZL-42952 CVE-2024-4741 affecting package openssl for versions less than 1.1.1k-31

Issue summary: Calling the OpenSSL API function SSLfreebuffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code...

7.5CVSS7.1AI score0.02945EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:9 a.m.4 views

SUSE CVE-2019-14846

In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible...

2.3CVSS8.8AI score0.00509EPSS
Exploits0References8
OSV
OSV
added 2022/05/24 4:58 p.m.12 views

GHSA-PM48-CVV2-29Q5 Ansible Uses Plugins That Disclose Credentials

Ansible, all ansibleengine-2.x versions and ansibleengine-3.x up to ansibleengine-3.5, was logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed i...

8.5CVSS7.1AI score0.00509EPSS
Exploits0References18
RedHat Linux
RedHat Linux
added 2019/10/24 8:41 p.m.5 views

ansible: secrets disclosed on logs when no_log enabled

Ansible was logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process...

7.8CVSS7.2AI score0.00509EPSS
Exploits0References4
OSV
OSV
added 2019/10/08 7:15 p.m.4 views

ALPINE-CVE-2019-14846

In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible...

7.8CVSS6.5AI score0.00509EPSS
Exploits0References1
Rows per page
Query Builder