Lucene search
K

1572 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2 days ago3 views

Security Bulletin: Potential denial of service in X.509 name checks in OpenSSL affect Cloud Pak System [CVE-2024-6119]

Summary Potential denial of service in X.509 name checks in OpenSSL affect Cloud Pak System. Vulnerability was addressed by IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-6119 DESCRIPTION: Issue summary: Applications performing certificate name checks e.g., TLS clients checking server...

7.5CVSS6.7AI score0.66594EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 3 days ago4 views

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to Out-of-bounds Write due to OpenSSL (CVE-2025-15467)

Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS Database node users are vulnerable to Out-of-bounds Write due to OpenSSL. Vulnerability Details CVEID:CVE-2025-15467 DESCRIPTION: Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD...

9.8CVSS7.9AI score0.47621EPSS
Exploits7Affected Software3
Tenable Nessus
Tenable Nessus
added 5 days ago6 views

EulerOS 2.0 SP15 : pyOpenSSL (EulerOS-SA-2026-2458)

According to the versions of the pyOpenSSL packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback t...

9.8CVSS5.9AI score0.00704EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.5 views

SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2026:2404-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2404-1 advisory. - CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify bsc1266357. - CVE-2026-42766: Possible NULL Dereference in...

8.8CVSS5.9AI score0.02719EPSS
Exploits0References16
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in OpenSSL

The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally by OpenSSL to support SMIME, CMS, and PKCS7 streaming capabilities. However, it can also be called directly by end-user applications. This function receives a BIO from...

7.5CVSS7AI score0.04494EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in openssl1.0

In situations where an attacker receives automated notifications of the success or failure of a decryption attempt, an attacker can recover the CMS/PKCS7 transport encryption key after sending a very large number of messages to be decrypted. They can also decrypt any RSA-encrypted message encrypt...

4.3CVSS6.6AI score0.03838EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in openssl1.0

Calls to the EVPCipherUpdate, EVPEncryptUpdate, and EVPDecryptUpdate functions may cause the output length argument to overflow in some cases where the input length is close to the maximum permissible length for integers on the platform. In such cases, the return value from the function call will...

7.5CVSS6.6AI score0.50732EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in OpenSSL

Issue summary: Calling the OpenSSL API function SSLSelectNextProto with an empty supported client protocols buffer may cause a crash or cause memory contents to be sent to the peer. Impact summary: An overreading of the buffer can have a range of potential consequences, such as unexpected...

9.1CVSS7.2AI score0.05582EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in OpenSSL

A security vulnerability has been identified in all supported versions of OpenSSL, related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use o...

7.5CVSS6.5AI score0.03658EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in OpenSSL

Issue summary: Generating excessively long X9.42 DH keys or checking overly long X9.42 DH keys or parameters can be very slow. Applications that use functions like DHgeneratekey to generate an X9.42 DH key may experience prolonged delays. Similarly, applications that use functions like...

5.3CVSS6.6AI score0.04459EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in openssl1.0

Normally, in OpenSSL, EC groups always contain a co-factor, and this co-factor is used in code paths that resist side channels. However, in some cases, it is possible to create a group using explicit parameters instead of a named curve. In these cases, the group may not contain a co-factor. This...

4.7CVSS6.7AI score0.01188EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in OpenSSL

Issue summary: Checking excessively long DH keys or parameters can be very slow. Applications that use functions such as DHcheck, DHcheckex, or EVPPKEYparamcheck to check DH keys or parameters may experience prolonged delays. If the keys or parameters being checked were obtained from an untrusted...

5.3CVSS6.6AI score0.02577EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in OpenSSL

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJobj2txt directly, or use any of the OpenSSL subsystems such as OCSP, PKCS7/SMIME, CMS, CMP/CRMF, or TS without a message size limit may...

6.5CVSS6.5AI score0.73461EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in OpenSSL

Issue Summary: Checking excessively long DH keys or parameters can be very slow. Impact Summary: Applications that use functions like DHcheck, DHcheckex, or EVPPKEYparamcheck to check DH keys or parameters may experience prolonged delays. If the keys or parameters are obtained from an untrusted...

5.3CVSS6.5AI score0.05533EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in openssl1.0

The X.509 GENERALNAME type is a generic type used to represent various types of names. One of these name types is known as EDIPARTYNAME. OpenSSL provides a function called GENERALNAMEcmp, which compares different instances of a GENERALNAME to determine whether they are equal. This function behave...

5.9CVSS6.6AI score0.06968EPSS
Exploits3References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in OpenSSL

AES OCB mode for 32-bit x86 platforms, using the AES-NI assembly-optimized implementation, may not encrypt all of the data under certain circumstances. This could reveal sixteen bytes of data that were already present in the memory but were not written. In the special case of “in-place” encryptio...

5.3CVSS6.6AI score0.02024EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 5:57 p.m.26 views

Security Bulletin: Aspera Applications are affected by an OpenSSL vulnerability (CVE-2016-8610)

Question Security Bulletin: Aspera Applications are affected by an OpenSSL vulnerability CVE-2016-8610 "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"Al...

7.5CVSS6.8AI score0.39657EPSS
Exploits1Affected Software1
OSV
OSV
added 2026/06/15 8:12 p.m.70 views

GHSA-537C-GMF6-5CCF Vulnerable OpenSSL included in cryptography wheels

pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in wheels prior to cryptograph 48.01 are vulnerable to a security issue. More details about the vulnerability itself can be found in https://openssl-library.org/news/secadv/20260609.txt. If yo...

7.5CVSS5.3AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.10 views

EulerOS Virtualization 2.13.0 : openssl (EulerOS-SA-2026-2412)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can...

8.1CVSS9AI score0.00885EPSS
Exploits0References5
Wolfi
Wolfi
added 2026/06/11 7:48 p.m.6 views

GHSA-GXHG-7JX8-M22J vulnerabilities

Vulnerabilities for packages: openssl...

5.4AI score
Exploits0
Rows per page
Query Builder