Lucene search
K

12 matches found

SUSE CVE
SUSE CVE
added 2026/06/13 2:19 a.m.7 views

SUSE CVE-2026-42767

Issue summary: An attacker-controlled CMP Certificate Management Protocol server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server or acti...

6.5CVSS5.4AI score0.00349EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-42767

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: An attacker-controlled CMP Certificate Management Protocol server could trigger a NULL pointer dereference in a CMP client application. Impact...

5.9CVSS5.5AI score0.00349EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.14 views

PT-2026-47837

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description A NULL pointer dereference can occur in a CMP client application when processing a crafted CMP response. An attacker controlling a CMP server or acting as a man-in-the-middle can send a CRMF...

9.1CVSS5.5AI score0.00595EPSS
Exploits0References102
Chainguard
Chainguard
added 2026/05/21 1:18 a.m.9 views

GHSA-PHQJ-4MHP-Q6MQ vulnerabilities

Vulnerabilities for packages: sccache, deno, guestproxyagent, rustls-openssl-client, sqlx, typst, vector, rustup, sdp-k8s-injector, bootc, rpm-sequoia, ztunnel-fips, komodo, valkey-ldap, sentry-cli...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2026/05/21 1:18 a.m.16 views

CVE-2026-45784 vulnerabilities

Vulnerabilities for packages: sccache, deno, guestproxyagent, rustls-openssl-client, sqlx, typst, vector, rustup, sdp-k8s-injector, bootc, rpm-sequoia, ztunnel-fips, komodo, valkey-ldap, sentry-cli...

5.8AI score0.00019EPSS
Exploits0
Chainguard
Chainguard
added 2026/05/06 7:17 p.m.12 views

CVE-2026-41898 vulnerabilities

Vulnerabilities for packages: sccache, deno, guestproxyagent, rustls-openssl-client, sqlx, typst, vector, rustup, sdp-k8s-injector, bootc, rpm-sequoia, ztunnel-fips, komodo, valkey-ldap, sentry-cli...

9.8CVSS5.8AI score0.00412EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/09/30 1:17 p.m.2 views

CVE-2025-9232 Out-of-bounds read in HTTP client no_proxy handling

Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'noproxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash...

6.7AI score0.02016EPSS
Exploits0References6
OSV
OSV
added 2024/06/13 7:39 p.m.24 views

GHSA-X268-QPG6-W9G2 CrateDB has a Client initialized Session-Renegotiation DoS

Summary Client-Initiated TLS Renegotiation Denial of Service DoS Vulnerability at Port 4200 Details A high-risk vulnerability has been identified where the TLS endpoint port 4200 permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly request...

5.3CVSS5.2AI score0.00704EPSS
Exploits1References5
NVD
NVD
added 2024/06/13 2:15 p.m.16 views

CVE-2024-37309

CrateDB is a distributed SQL database. A high-risk vulnerability has been identified in versions prior to 5.7.2 where the TLS endpoint port 4200 permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly request renegotiation of security parameter...

5.3CVSS0.00704EPSS
Exploits1References3
OSV
OSV
added 2015/01/09 2:59 a.m.3 views

DEBIAN-CVE-2015-0204

The ssl3getkeyexchange function in s3clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORTRSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to...

4.3CVSS7.2AI score0.98685EPSS
Exploits0References1
OSV
OSV
added 2010/08/17 8:0 p.m.8 views

CVE-2010-2939

Double free vulnerability in the ssl3getkeyexchange function in the OpenSSL client ssl/s3clnt.c in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted...

8.1AI score
Exploits0References22
Prion
Prion
added 2010/08/17 8:0 p.m.26 views

Double free

Double free vulnerability in the ssl3getkeyexchange function in the OpenSSL client ssl/s3clnt.c in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted...

4.3CVSS7.8AI score0.09977EPSS
Exploits0References22Affected Software1
Rows per page
Query Builder