Lucene search
+L

64 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-28074

Malicious code in bioql PyPI...

8.2CVSS6.3AI score0.00332EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/24 12:0 a.m.5 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : rustup (SUSE-SU-2025:03298-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03298-1 advisory. - CVE-2024-12224: Fixed improper validation of unsafe equivalence in punycode bsc1243862 -...

8.8CVSS5.3AI score0.00486EPSS
Exploits1References7
OSV
OSV
added 2025/09/23 1:13 p.m.3 views

SUSE-SU-2025:03306-1 Security update for sevctl

This update for sevctl fixes the following issues: - CVE-2024-12224: idna: Fixed improper validation of unsafe equivalence in punycode. bsc1243860 - CVE-2025-3416: openssl: Fixed use-after-free in Md::fetch and Cipher::fetch bsc1242618...

8.8CVSS5.8AI score0.00486EPSS
Exploits1References5
OSV
OSV
added 2025/09/17 12:0 a.m.15 views

ALSA-2025:16046 Moderate: mysql:8.4 security update

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. Security Fixes: openssl: Timing side-channel in ECDSA signature computation CVE-2024-13176 mysql: mysqldump unspecified vulnerability CPU Apr 2025...

7.5CVSS7.1AI score0.01287EPSS
Exploits2References107
OSV
OSV
added 2025/08/15 12:51 p.m.4 views

SUSE-SU-2025:02811-1 Security update for rust-keylime

This update for rust-keylime fixes the following issues: - Update to version 0.2.7+141: CVE-2025-58266: shlex: Fixed command injection bsc1247193 - Update to version 0.2.7+117: CVE-2023-26964: rust-keylime: hyper,h2: stream stacking when H2 processing HTTP2 RSTSTREAM frames bsc1210344...

8.8CVSS5.8AI score0.01121EPSS
Exploits2References14
OSV
OSV
added 2025/07/18 10:34 p.m.10 views

CVE-2025-7394

In the OpenSSL compatibility layer implementation, the function RANDpoll was not behaving as expected and leading to the potential for predictable values returned from RANDbytes after fork is called. This can lead to weak or predictable random numbers generated in applications that are both using...

7CVSS7.3AI score0.00387EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/07/04 6:1 a.m.4 views

CVE-2025-5372 Libssh: incorrect return code handling in ssh_kdf() in libssh

A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenl...

5CVSS6.9AI score0.00407EPSS
Exploits0References7
SUSE Linux
SUSE Linux
added 2025/06/05 1:53 p.m.2 views

Security update for python-cryptography

This update for python-cryptography fixes the following issues: CVE-2025-3416: openssl: use-after-free in Md::fetch and Cipher::fetch when Some... value passed as properties argument to either function bsc1242631. Patch Instructions: To install this SUSE update use the SUSE recommended installati...

6.3CVSS4.6AI score0.00486EPSS
Exploits0References4
CVE
CVE
added 2025/05/22 1:36 p.m.300 views

CVE-2025-4575

OpenSSL CVE-2025-4575 affects the x509 application in OpenSSL 3.5 (and related mentions in 3.0–3.4 are not affected). A copy-paste error during minor refactoring causes the -addreject option to mark a certificate as trusted for a use instead of rejecting it, meaning a certificate intended to be r...

6.5CVSS6.6AI score0.00306EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.9 views

Alibaba Cloud Linux 3 : 0227: openssl (ALINUX3-SA-2024:0227)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0227 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-5535: Issue summary: Calling the OpenSSL A...

9.1CVSS7.6AI score0.05582EPSS
Exploits1References2
NVD
NVD
added 2025/04/22 7:15 p.m.18 views

CVE-2025-23253

NVIDIA NvContainer service for Windows contains a vulnerability in its usage of OpenSSL, where an attacker could exploit a hard-coded constant issue by copying a malicious DLL in a hard-coded path. A successful exploit of this vulnerability might lead to code execution, denial of service,...

2.5CVSS0.0015EPSS
Exploits0References1
CVE
CVE
added 2025/04/22 6:45 p.m.58 views

CVE-2025-23253

CVE-2025-23253 affects NVIDIA NvContainer service for Windows, where a hard-coded path in OpenSSL usage could be exploited by copying a malicious DLL to a fixed path, potentially enabling code execution, DoS, privilege escalation, information disclosure, or data tampering. Affected product: NVIDI...

2.5CVSS7.3AI score0.0015EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/13 12:0 a.m.9 views

Siemens SCALANCE X-200RNA Switch Devices Resource Management Errors (CVE-2015-1792)

The dofreeupto function in crypto/cms/cmssmime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service infinite loop via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an...

5CVSS7.4AI score0.22476EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/03/13 12:0 a.m.8 views

Siemens SCALANCE X-200RNA Switch Devices Use After Free (CVE-2015-0209)

Use-after-free vulnerability in the d2iECPrivateKey function in crypto/ec/ecasn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service memory corruption and application crash or possibly have...

6.8CVSS7.4AI score0.1633EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2015-0286

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ASN1TYPEcmp function in crypto/asn1/atype.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly...

5CVSS6.9AI score0.20706EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2014-3513

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory leak in d1srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service memory consumption via a...

7.1CVSS6.7AI score0.37072EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.16 views

Linux Distros Unpatched Vulnerability : CVE-2016-2109

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The asn1d2ireadbio function in crypto/asn1/ad2ifp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to...

7.8CVSS7AI score0.2921EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2016-2105

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in the EVPEncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a deni...

7.5CVSS7.1AI score0.3965EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2012-2110

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The asn1d2ireadbio function in crypto/asn1/ad2ifp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer...

7.5CVSS7.2AI score0.48298EPSS
Exploits8References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.17 views

Linux Distros Unpatched Vulnerability : CVE-2016-2842

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The doaproutch function in crypto/bio/bprint.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds,...

10CVSS7.4AI score0.53655EPSS
Exploits1References2
Rows per page
Query Builder