Lucene search
+L

300 matches found

Amazon
Amazon
added 2018/05/10 12:0 a.m.86 views

Medium: openssl

Issue Overview: There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believe...

7.5CVSS7.1AI score0.83645EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2018/04/18 12:0 a.m.67 views

Oracle Linux 7 : openssl (ELSA-2018-0998)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-0998 advisory. - fix CVE-2017-3737 - incorrect handling of fatal error state - fix CVE-2017-3738 - AVX2 Montgomery multiplication bug with 1024 bit modulus Tenable ha...

6.5CVSS6.5AI score0.78675EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2018/03/30 12:0 a.m.46 views

Debian DSA-4157-1 : openssl - security update

Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2017-3738 David Benjamin of Google reported an overflow bug in the AVX2 Montgomery multiplication procedure used in...

6.5CVSS6.2AI score0.19295EPSS
Exploits0References10
FreeBSD
FreeBSD
added 2018/03/27 12:0 a.m.53 views

OpenSSL -- multiple vulnerabilities

The OpenSSL project reports: Constructed ASN.1 types with a recursive definition could exceed the stack CVE-2018-0739 Constructed ASN.1 types with a recursive definition such as can be found in PKCS7 could eventually exceed the stack given malicious input with excessive recursion. This could resu...

6.5CVSS7.2AI score0.19295EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/12/18 12:0 a.m.246 views

Debian DSA-4065-1 : openssl1.0 - security update

Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2017-3737 David Benjamin of Google reported that OpenSSL does not properly handle SSLread and SSLwrite while being...

5.9CVSS6.1AI score0.78675EPSS
Exploits1References8
OpenVAS
OpenVAS
added 2017/12/17 12:0 a.m.44 views

openSUSE: Security Advisory for openssl (openSUSE-SU-2017:3345-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS7.2AI score0.83645EPSS
Exploits2References1
OSV
OSV
added 2017/12/16 11:20 p.m.11 views

MGASA-2017-0453 Updated openssl packages fix security vulnerabilities

OpenSSL 1.0.2 starting from version 1.0.2b introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the...

5.9CVSS6.1AI score0.78675EPSS
Exploits1References4
OPENSUSE Linux
OPENSUSE Linux
added 2017/12/16 3:7 p.m.111 views

Security update for openssl (important)

This update for openssl fixes the following issues: - OpenSSL Security Advisory 07 Dec 2017 CVE-2017-3737: OpenSSL 1.0.2 starting from version 1.0.2b introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error...

5CVSS1.2AI score0.83645EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2017/12/11 12:0 a.m.57 views

FreeBSD : FreeBSD -- OpenSSL multiple vulnerabilities (9f7a0f39-ddc0-11e7-b5af-a4badb2f4699)

Invoking SSLread/SSLwrite while in an error state causes data to be passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSLread/SSLwrite being issued after having...

5.9CVSS6.8AI score0.83645EPSS
Exploits2References4
Slackware Linux
Slackware Linux
added 2017/12/09 3:52 a.m.62 views

[slackware-security] openssl

New openssl packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/openssl-1.0.2n-i586-1slack14.2.txz: Upgraded. This update fixes security issues: Read/write after SSL object in error state...

5.9CVSS7.2AI score0.78675EPSS
Exploits1
FreeBSD
FreeBSD
added 2017/12/09 12:0 a.m.66 views

FreeBSD -- OpenSSL multiple vulnerabilities

Problem Description: Invoking SSLread/SSLwrite while in an error state causes data to be passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSLread/SSLwrite being...

5.9CVSS6.8AI score0.78675EPSS
Exploits1
NVD
NVD
added 2017/12/07 4:29 p.m.39 views

CVE-2017-3738

There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attack...

5.9CVSS6.1AI score0.13411EPSS
Exploits0References27
OSV
OSV
added 2017/12/07 4:29 p.m.4 views

ALPINE-CVE-2017-3738

There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attack...

5.9CVSS8.7AI score0.13411EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2017/12/07 4:0 p.m.58 views

CVE-2017-3738

There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attack...

5.9CVSS6.6AI score0.13411EPSS
Exploits0
CVE
CVE
added 2017/12/07 4:0 p.m.395 views

CVE-2017-3738

CVE-2017-3738 is an overflow bug in the AVX2 Montgomery multiplication used for 1024-bit moduli in OpenSSL. The issue affects x86_64 builds with AVX2 (not ADX) and can, in very unlikely cases, enable private-key recovery on affected architectures. OpenSSL 1.0.2n fixes the flaw; OpenSSL 1.1.0 is n...

5.9CVSS6.4AI score0.13411EPSS
Exploits0References27Affected Software1
Cvelist
Cvelist
added 2017/12/07 4:0 p.m.44 views

CVE-2017-3738

There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attack...

6.4AI score0.13411EPSS
Exploits0References27
AlpineLinux
AlpineLinux
added 2017/12/07 4:0 p.m.66 views

CVE-2017-3738

There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attack...

5.9CVSS6.5AI score0.13411EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2017/12/07 12:0 a.m.61 views

CVE-2017-3738

There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attack...

5.9CVSS6.7AI score0.13411EPSS
Exploits0References4
OSV
OSV
added 2017/11/17 5:29 a.m.9 views

CVE-2017-1000229

Integer overflow bug in function minitiffreadinfo of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service...

7.8CVSS7.7AI score
Exploits0References4
OSV
OSV
added 2017/11/17 5:29 a.m.2 views

DEBIAN-CVE-2017-1000229

Integer overflow bug in function minitiffreadinfo of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service...

7.8CVSS7.9AI score0.01968EPSS
Exploits1References1
Rows per page
Query Builder