Lucene search
+L

64 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2016-2105

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in the EVPEncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a deni...

7.5CVSS7.1AI score0.3965EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/03/03 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2011-4109

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509VFLAGPOLICYCHECK is enabled, allows remote attackers to have an unspecified impact by...

9.3CVSS8.3AI score0.17687EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/03 12:0 a.m.17 views

Linux Distros Unpatched Vulnerability : CVE-2011-4619

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Server Gated Cryptography SGC implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote...

5CVSS7.2AI score0.16645EPSS
Exploits0References2
OSV
OSV
added 2025/02/11 4:15 p.m.3 views

DEBIAN-CVE-2024-12797

Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSLVERIFYPEER verification mode is set. Impact summary: TLS and DTLS connections using raw public keys m...

6.3CVSS6.6AI score0.02439EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/02/10 12:0 a.m.14 views

Azure Linux 3.0 Security Update: cloud-hypervisor / edk2 / hvloader / openssl / rust (CVE-2022-4450)

The version of cloud-hypervisor / edk2 / hvloader / openssl / rust installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-4450 advisory. - The function PEMreadbioex reads a PEM file from a BIO and parses...

7.5CVSS8AI score0.20444EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/13 12:0 a.m.2 views

PT-2024-40812 · Git +1 · Openssl

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: A null-dereference read crash was reported, indicating a potential issue where the software attempts to access a null pointer, leading to a crash. The crash type is specified as a...

6.8AI score
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/01 9:19 p.m.38 views

Security Bulletin: Vulnerability in FOS firmware used by IBM b-type SAN directors and switches.

Summary The b-type products are vulnerable due to an OpenSSL issue in the FOS firmware. The vulnerability has been addressed and can be resolved by applying the FOS code level listed below. Vulnerability Details CVEID:CVE-2023-0466 DESCRIPTION: OpenSSL could allow a remote attacker to bypass...

5.3CVSS6.4AI score0.01625EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/04/25 7:15 a.m.4 views

AZL-42688 CVE-2023-6237 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1

Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVPPKEYpubliccheck to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an untrusted source this may...

5.9CVSS6.5AI score0.02303EPSS
Exploits0References1
OSV
OSV
added 2024/01/15 12:0 a.m.9 views

UBUNTU-CVE-2023-6237

Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVPPKEYpubliccheck to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an untrusted source this may...

5.9CVSS6.7AI score0.02303EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:28 a.m.6 views

SUSE CVE-2014-3567

Memory leak in the tlsdecryptticket function in t1lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service memory consumption via a crafted session ticket that triggers an integrity-check failure...

7.1CVSS8.2AI score0.23598EPSS
Exploits0References16
OSV
OSV
added 2022/07/07 1:7 p.m.5 views

SUSE-SU-2022:2328-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode bsc1201099...

5.3CVSS6.3AI score0.04425EPSS
Exploits0References3
OSV
OSV
added 2022/07/06 1:16 p.m.5 views

SUSE-SU-2022:2311-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode bsc1201099...

5.3CVSS6.3AI score0.04425EPSS
Exploits0References3
OSV
OSV
added 2022/05/24 5:26 p.m.11 views

GHSA-W6XV-MF6F-R5F6 Scalyr Agent Missing SSL Certificate Validation

The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, the openssl binary is called without the -verifyhostname option...

9.8CVSS9.5AI score0.00951EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2021/11/30 2:28 p.m.3 views

openssl: Read buffer overruns processing ASN.1 strings

It was found that openssl assumed ASN.1 strings to be NUL terminated. A malicious actor may be able to force an application into calling openssl function with a specially crafted, non-NUL terminated string to deliberately hit this bug, which may result in a crash of the application, causing a...

7.4CVSS6.7AI score0.50445EPSS
Exploits0References5
OSV
OSV
added 2021/01/15 9:23 a.m.12 views

OPENSUSE-SU-2021:0065-1 Security update for nodejs10

This update for nodejs10 fixes the following issues: - New upstream LTS version 10.23.1: CVE-2020-8265: use-after-free in TLSWrap High bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as...

8.1CVSS6.7AI score0.16296EPSS
Exploits6References7
OSV
OSV
added 2021/01/12 1:9 p.m.7 views

SUSE-SU-2021:0082-1 Security update for nodejs10

This update for nodejs10 fixes the following issues: - New upstream LTS version 10.23.1: CVE-2020-8265: use-after-free in TLSWrap High bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as...

8.1CVSS6.2AI score0.16296EPSS
Exploits6References7
OSV
OSV
added 2020/06/09 9:12 a.m.7 views

SUSE-SU-2020:1568-1 Security update for nodejs10

This update for nodejs10 fixes the following issues: nodejs10 was updated to version 10.21.0 - CVE-2020-8174: Fixed multiple memory corruption in napigetvaluestring bsc1172443. - CVE-2020-11080: Fixed a potential denial of service when receiving unreasonably large HTTP/2 SETTINGS frames bsc117244...

9.3CVSS7.2AI score0.07646EPSS
Exploits3References10
OSV
OSV
added 2016/04/19 9:59 p.m.2 views

DEBIAN-CVE-2016-2390

The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service application crash via a plaintext HTTP message...

5.9CVSS6.8AI score0.2555EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2016/03/14 8:0 p.m.6 views

OpenSSL: SSLv2 doesn't block disabled ciphers

A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that were disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks...

5.9CVSS6.8AI score0.10731EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2014/08/14 4:44 a.m.5 views

openssl: DTLS memory leak from zero-length fragments

A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory...

5CVSS6.8AI score0.51436EPSS
Exploits0References5
Rows per page
Query Builder