Lucene search
+L

389 matches found

OSV
OSV
added 2025/06/25 12:0 a.m.3 views

UBUNTU-CVE-2025-5987

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with th...

8.1CVSS6.4AI score0.0144EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2025/06/24 11:24 p.m.6 views

SUSE CVE-2025-5987

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with th...

5CVSS6.8AI score0.0144EPSS
Exploits0References8
OSV
OSV
added 2025/06/16 10:15 p.m.5 views

UBUNTU-CVE-2025-27587

OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVPDigestSign API, and then using the private key to extract the K value nonce from the signatures. Next, based on the bit size of t...

5.3CVSS7.1AI score0.0037EPSS
Exploits0References3
Metasploit
Metasploit
added 2025/06/09 6:51 p.m.414 views

OS Command Exec, Unix Command Shell, Double Reverse TCP SSL (openssl)

Execute an OS command from PHP. Creates an interactive shell through two inbound connections Module Options msf use payload/php/unix/cmd/reverseopenssl msf payloadreverseopenssl show actions ...actions... msf payloadreverseopenssl set ACTION msf payloadreverseopenssl show options ...show and set...

5.8AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/06/05 12:0 a.m.12 views

The vulnerability in the x509_main function of the apps/x509.c module in the OpenSSL library allows a attacker to replace the trusted certificate.

The vulnerability of the x509main function in the apps/x509.c module of the OpenSSL library is related to errors in the certificate validation process. Exploiting this vulnerability could allow an attacker to replace the trusted certificate...

6.5CVSS7.2AI score0.00306EPSS
Exploits0References7Affected Software3
OSV
OSV
added 2025/05/27 5:15 p.m.9 views

UBUNTU-CVE-2025-48057

Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Prior to versions 2.12.12, 2.13.12, and 2.14.6, the VerifyCertificate function can be tricked into incorrectly treating certificates as vali...

9.8CVSS7.2AI score0.00429EPSS
Exploits0References8
Packet Storm News
Packet Storm News
added 2025/05/22 12:0 a.m.6 views

Energy Consumption Framework and Analysis of Post-Quantum Key-Generation on Embedded Devices

The emergence of quantum computing and Shor's algorithm necessitates an imminent shift from current public key cryptography techniques to post-quantum robust techniques. NIST has responded by standardising Post-Quantum Cryptography PQC algorithms, with ML-KEM FIPS-203 slated to replace ECDH...

7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2025/05/13 8:49 a.m.6 views

golang-fips: Golang FIPS zeroed buffer

A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted...

6.5CVSS5.8AI score0.00298EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/05/07 12:0 a.m.5 views

JRuby-OpenSSL 安全漏洞

JRuby-OpenSSL is an add-on gem for JRuby from the JRuby team. A security vulnerability exists in JRuby-OpenSSL versions prior to 0.12.1 through 0.15.4, which stems from insufficient certificate hostname validation and could lead to a man-in-the-middle attack...

7.1CVSS6.3AI score0.0016EPSS
Exploits1References4
OSV
OSV
added 2025/04/23 5:16 p.m.4 views

CVE-2025-2769

Bdrive NetDrive Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Bdrive NetDrive. An attacker must first obtain the ability to execute low-privileged code on the target system i...

7.8CVSS6.2AI score
Exploits0References1
CNNVD
CNNVD
added 2025/04/23 12:0 a.m.3 views

Bdrive NetDrive 代码问题漏洞

Bdrive NetDrive is a network drive from Bdrive that connects to various cloud services or remote file storage. A code issue vulnerability exists in Bdrive NetDrive that stems from loading an OpenSSL configuration file from a non-secure location, which could result in local elevation of privilege...

7.8CVSS7.5AI score0.00195EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/22 12:0 a.m.6 views

NVIDIA NvContainer 安全漏洞

NVIDIA NvContainer is a container management service from NVIDIA. NVIDIA NvContainer suffers from a trust management issue vulnerability that stems from a hard-coded path issue in the use of OpenSSL, which could be exploited by an attacker to cause code execution, denial of service, elevation of...

2.5CVSS7AI score0.0015EPSS
Exploits0References1
HPE Security Bulletins
HPE Security Bulletins
added 2025/03/12 12:0 a.m.5 views

HPESBHF04810 rev.1 - HPE ProLiant DX Servers Using OpenSSL, Multiple Vulnerabilities

Potential Security Impact: Local: Denial of Service DoS; Remote: Denial of Service DoS SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. HPE ProLiant DX170r Gen10 server - Prior to v3.2005-27-2024 HPE ProLiant DX190r Gen10 server - Prior to v3.2005-27-2024 HPE ProLiant DX360 Gen10...

5.5CVSS6.6AI score0.04459EPSS
Exploits0
OSV
OSV
added 2025/02/11 4:15 p.m.8 views

AZL-56761 CVE-2024-12797 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-5

Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSLVERIFYPEER verification mode is set. Impact summary: TLS and DTLS connections using raw public keys m...

6.3CVSS6.6AI score0.02439EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:8 a.m.6 views

CVE-2024-6975

Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file. This issue affects SDP Client before 5.10.34...

8.8CVSS7AI score0.00268EPSS
Exploits1References1
OSV
OSV
added 2025/01/20 9:15 p.m.5 views

UBUNTU-CVE-2024-13454

Weak encryption algorithm in Easy-RSA version 3.0.5 through 3.1.7 allows a local attacker to more easily bruteforce the private CA key when created using OpenSSL 3...

5.3CVSS5.8AI score0.00081EPSS
Exploits0References3
OSV
OSV
added 2025/01/09 3:15 p.m.2 views

DEBIAN-CVE-2023-24010

An attacker can arbitrarily craft malicious DDS Participants or ROS 2 Nodes with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7 certificate’s validation. This is caused by a...

8.2CVSS5.4AI score0.00332EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/09 12:0 a.m.5 views

PT-2025-1382 · Openssl · Openssl

Name of the Vulnerable Software and Affected Versions: Data Distribution Service DDS affected versions not specified Description: The issue allows an attacker to compromise and gain full control of a secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7...

8.2CVSS7AI score0.00332EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.4 views

PT-2026-4949

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.1.1, 3.0, 3.3, 3.4, 3.5 and 3.6 Description A flaw exists in the handling of maliciously crafted PKCS12 files when using the PKCS12 get friendlyname API. Specifically, processing a PKCS12 file with a BMPString UTF-16BE...

9.8CVSS5.9AI score0.47621EPSS
Exploits7References112
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.13 views

PT-2026-4940

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.4.0 through 3.6.0 Description The vulnerability relates to improper validation of PBMAC1 parameters within PKCS12 files. Specifically, the PBKDF2 salt and keylength parameters are used without sufficient validation during MA...

7.5CVSS7.9AI score0.00768EPSS
Exploits1References131
Rows per page
Query Builder