Lucene search
+L

389 matches found

Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.5 views

Unity Linux 20.1070e Security Update: nodejs (UTSA-2025-680624)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680624 advisory. The X509VFLAGX509STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL...

7.4CVSS7.7AI score0.18339EPSS
Exploits1References4
OSV
OSV
added 2025/10/04 12:11 a.m.9 views

RLSA-2025:7937 Important: compat-openssl11 security update

The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries from the 1.1.1 version and is provided for compatibility with previous releases. Security Fixes: openssl: X.400 address type confusion in X.509 GeneralName...

7.4CVSS7AI score0.59501EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-31120

Malicious code in bioql PyPI...

4.8CVSS6.3AI score0.00288EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-28141

Malicious code in bioql PyPI...

9.3CVSS8.7AI score0.00429EPSS
Exploits0References6
CVE
CVE
added 2025/10/03 11:28 a.m.41 views

CVE-2025-27237

CVE-2025-27237 affects Zabbix Agent and Agent 2 on Windows. The OpenSSL configuration is loaded from a path writable by low-privileged users, enabling an attacker to plant a malicious openssl.cnf that loads an arbitrary DLL at service restart, potentially achieving Local Privilege Escalation. The...

7.3CVSS6.5AI score0.00325EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/10/03 11:28 a.m.2 views

CVE-2025-27237 DLL injection in Zabbix Agent and Agent 2 via OpenSSL configuration

In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL...

7.3CVSS6.5AI score0.00325EPSS
Exploits2References1
NVD
NVD
added 2025/09/30 2:15 p.m.6 views

CVE-2025-9232

Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'noproxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash...

5.9CVSS0.02093EPSS
Exploits0References13
AlpineLinux
AlpineLinux
added 2025/09/30 1:17 p.m.6 views

CVE-2025-9232

Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'noproxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash...

5.9CVSS7AI score0.02093EPSS
Exploits0
OSV
OSV
added 2025/09/30 12:0 a.m.5 views

UBUNTU-CVE-2025-9232

Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'noproxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash...

5.9CVSS6.5AI score0.02093EPSS
Exploits0References4
OSV
OSV
added 2025/09/26 1:8 p.m.4 views

OESA-2025-2325 openssl security update

The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols as well as a full-strength general purpose cryptography library. The project i...

7.5CVSS8.5AI score0.01083EPSS
Exploits0References2
OSV
OSV
added 2025/09/19 7:15 p.m.7 views

CVE-2025-34192

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.893 and Application versions prior to 20.0.2140 macOS/Linux client deployments are built against OpenSSL 1.0.2h-fips released May 2016, which has been end-of-life since 2019 and is no longer supported by the OpenSSL...

9.8CVSS5.7AI score0.00898EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/09/19 6:36 p.m.37 views

CVE-2025-34203 Vasion Print (formerly PrinterLogic) Use of Outdated, End-Of-Life, and Vulnerable Third-Party Components

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.1002 and Application versions prior to 20.0.2614 VA and SaaS deployments contain multiple Docker containers that include outdated, end-of-life, unsupported, or otherwise vulnerable third-party components examples:...

9.3CVSS0.00813EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/09/11 3:19 a.m.6 views

CVE-2025-42927

SAP NetWeaver AS Java application uses Adobe Document Service, installed with a vulnerable version of OpenSSL.Successful exploitation of known vulnerabilities in the outdated OpenSSL library would allow user with high system privileges to access and modify system information.This vulnerability ha...

3.4CVSS6.7AI score0.00127EPSS
Exploits0References1
NVD
NVD
added 2025/09/09 2:15 a.m.5 views

CVE-2025-42927

SAP NetWeaver AS Java application uses Adobe Document Service, installed with a vulnerable version of OpenSSL.Successful exploitation of known vulnerabilities in the outdated OpenSSL library would allow user with high system privileges to access and modify system information.This vulnerability ha...

3.4CVSS0.00127EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.6 views

PT-2025-36557

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS Java application versions affected versions not specified Description: The SAP NetWeaver AS Java application utilizes Adobe Document Service, which includes a vulnerable version of OpenSSL. Exploitation of known vulnerabiliti...

3.4CVSS6AI score0.00127EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.6 views

SAP NetWeaver AS Java 安全漏洞

SAP NetWeaver AS Java is a platform system from SAP, a German company. A security vulnerability exists in SAP NetWeaver AS Java that stems from the use of a vulnerable version of OpenSSL and could lead to accessing and modifying system information...

3.4CVSS6.4AI score0.00127EPSS
Exploits0References2
NVD
NVD
added 2025/09/02 8:15 p.m.8 views

CVE-2025-8614

NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

7.8CVSS0.00244EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2022-3602

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain...

7.5CVSS8.5AI score0.9077EPSS
Exploits6References2
OSV
OSV
added 2025/07/18 11:15 p.m.3 views

DEBIAN-CVE-2025-7394

In the OpenSSL compatibility layer implementation, the function RANDpoll was not behaving as expected and leading to the potential for predictable values returned from RANDbytes after fork is called. This can lead to weak or predictable random numbers generated in applications that are both using...

9.8CVSS5.4AI score0.00387EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2025/07/17 7:0 a.m.3 views

Libssh: invalid return code for chacha20 poly1305 with openssl backend

...

8.1CVSS7AI score0.0144EPSS
Exploits0
Rows per page
Query Builder