64 matches found
Linux Distros Unpatched Vulnerability : CVE-2016-2105
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in the EVPEncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a deni...
Linux Distros Unpatched Vulnerability : CVE-2011-4109
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509VFLAGPOLICYCHECK is enabled, allows remote attackers to have an unspecified impact by...
Linux Distros Unpatched Vulnerability : CVE-2011-4619
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Server Gated Cryptography SGC implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote...
DEBIAN-CVE-2024-12797
Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSLVERIFYPEER verification mode is set. Impact summary: TLS and DTLS connections using raw public keys m...
Azure Linux 3.0 Security Update: cloud-hypervisor / edk2 / hvloader / openssl / rust (CVE-2022-4450)
The version of cloud-hypervisor / edk2 / hvloader / openssl / rust installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-4450 advisory. - The function PEMreadbioex reads a PEM file from a BIO and parses...
PT-2024-40812 · Git +1 · Openssl
Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: A null-dereference read crash was reported, indicating a potential issue where the software attempts to access a null pointer, leading to a crash. The crash type is specified as a...
Security Bulletin: Vulnerability in FOS firmware used by IBM b-type SAN directors and switches.
Summary The b-type products are vulnerable due to an OpenSSL issue in the FOS firmware. The vulnerability has been addressed and can be resolved by applying the FOS code level listed below. Vulnerability Details CVEID:CVE-2023-0466 DESCRIPTION: OpenSSL could allow a remote attacker to bypass...
AZL-42688 CVE-2023-6237 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-1
Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVPPKEYpubliccheck to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an untrusted source this may...
UBUNTU-CVE-2023-6237
Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVPPKEYpubliccheck to check RSA public keys may experience long delays. Where the key that is being checked has been obtained from an untrusted source this may...
SUSE CVE-2014-3567
Memory leak in the tlsdecryptticket function in t1lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service memory consumption via a crafted session ticket that triggers an integrity-check failure...
SUSE-SU-2022:2328-1 Security update for openssl-1_1
This update for openssl-11 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode bsc1201099...
SUSE-SU-2022:2311-1 Security update for openssl-1_1
This update for openssl-11 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode bsc1201099...
GHSA-W6XV-MF6F-R5F6 Scalyr Agent Missing SSL Certificate Validation
The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, the openssl binary is called without the -verifyhostname option...
openssl: Read buffer overruns processing ASN.1 strings
It was found that openssl assumed ASN.1 strings to be NUL terminated. A malicious actor may be able to force an application into calling openssl function with a specially crafted, non-NUL terminated string to deliberately hit this bug, which may result in a crash of the application, causing a...
OPENSUSE-SU-2021:0065-1 Security update for nodejs10
This update for nodejs10 fixes the following issues: - New upstream LTS version 10.23.1: CVE-2020-8265: use-after-free in TLSWrap High bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as...
SUSE-SU-2021:0082-1 Security update for nodejs10
This update for nodejs10 fixes the following issues: - New upstream LTS version 10.23.1: CVE-2020-8265: use-after-free in TLSWrap High bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as...
SUSE-SU-2020:1568-1 Security update for nodejs10
This update for nodejs10 fixes the following issues: nodejs10 was updated to version 10.21.0 - CVE-2020-8174: Fixed multiple memory corruption in napigetvaluestring bsc1172443. - CVE-2020-11080: Fixed a potential denial of service when receiving unreasonably large HTTP/2 SETTINGS frames bsc117244...
DEBIAN-CVE-2016-2390
The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service application crash via a plaintext HTTP message...
OpenSSL: SSLv2 doesn't block disabled ciphers
A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that were disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks...
openssl: DTLS memory leak from zero-length fragments
A flaw was discovered in the way OpenSSL handled DTLS packets. A remote attacker could use this flaw to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory...