Lucene search
+L

96 matches found

amazon
amazon
added 2025/02/04 12:0 a.m.2 views

Medium: python

Issue Overview: CPython 3.9 and earlier doesn't disallow configuring an empty list for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of low severity due ...

9.1CVSS7AI score0.05582EPSS
Exploits1
redhat
redhat
added 2025/01/09 11:55 a.m.4 views

firefox: Alt-Svc ALPN validation failure when redirected

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site...

4CVSS7.3AI score0.00226EPSS
Exploits0References7
redhat
redhat
added 2025/01/09 6:36 a.m.11 views

firefox: Alt-Svc ALPN validation failure when redirected

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site...

4CVSS7.3AI score0.00226EPSS
Exploits0References7
redhat
redhat
added 2025/01/09 6:26 a.m.15 views

firefox: Alt-Svc ALPN validation failure when redirected

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site...

4CVSS7.3AI score0.00226EPSS
Exploits0References7
susecve
susecve
added 2025/01/08 12:20 a.m.5 views

SUSE CVE-2025-0239

When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6...

4CVSS6.7AI score0.00226EPSS
Exploits0References11
nessus
nessus
added 2024/12/12 12:0 a.m.12 views

SUSE SLED15: postgresql15 / postgresql15-contrib / postgresql15-devel / etc (SUSE-SU-2024:4174-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4174-1 advisory. - CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS appli...

8.8CVSS7.1AI score0.04422EPSS
Exploits1References13
suse
suse
added 2024/12/04 2:50 p.m.3 views

Security update for postgresql15

This update for postgresql15 fixes the following issues: CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiatio...

8.8CVSS6.4AI score0.04422EPSS
Exploits1References16
nessus
nessus
added 2024/07/27 12:0 a.m.84 views

CBL Mariner 2.0 Security Update: cloud-hypervisor-cvm / openssl (CVE-2024-5535)

The version of cloud-hypervisor-cvm / openssl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-5535 advisory. - Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty...

9.1CVSS7.6AI score0.05582EPSS
Exploits1References2
osv
osv
added 2024/07/19 11:8 a.m.4 views

OESA-2024-1879 openssl security update

The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols as well as a full-strength general purpose cryptography library. The project i...

9.1CVSS7AI score0.05582EPSS
Exploits1References2
osv
osv
added 2024/06/27 11:15 a.m.7 views

AZL-47733 CVE-2024-5535 affecting package hvloader for versions less than 1.0.1-6

Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or ...

9.1CVSS7AI score0.05582EPSS
Exploits1References1
osv
osv
added 2024/06/27 11:15 a.m.5 views

AZL-78567 CVE-2024-5535 affecting package openssl-fips-provider 3.1.2-1

Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or ...

9.1CVSS7AI score0.05582EPSS
Exploits1References1
osv
osv
added 2024/06/27 11:15 a.m.3 views

ALPINE-CVE-2024-5535

Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or ...

9.1CVSS7AI score0.05582EPSS
Exploits1References1
osv
osv
added 2024/06/27 11:15 a.m.2 views

DEBIAN-CVE-2024-5535

Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or ...

9.1CVSS7.3AI score0.05582EPSS
Exploits1References1
osv
osv
added 2024/06/27 11:15 a.m.5 views

AZL-43309 CVE-2024-5535 affecting package openssl for versions less than 1.1.1k-33

Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or ...

9.1CVSS7AI score0.05582EPSS
Exploits1References1
osv
osv
added 2024/06/27 11:15 a.m.7 views

AZL-42975 CVE-2024-5535 affecting package openssl for versions less than 3.3.0-2

Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or ...

9.1CVSS6.8AI score0.05582EPSS
Exploits1References1
osv
osv
added 2024/06/27 11:15 a.m.2 views

UBUNTU-CVE-2024-5535

Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or ...

9.1CVSS6.9AI score0.05582EPSS
Exploits1References5
nessus
nessus
added 2024/06/27 12:0 a.m.413 views

OpenSSL 1.0.2 < 1.0.2zk Vulnerability

The version of OpenSSL installed on the remote host is prior to 1.0.2zk. It is, therefore, affected by a vulnerability as referenced in the 1.0.2zk advisory. - Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or...

9.1CVSS7.6AI score0.05582EPSS
Exploits1References2
nessus
nessus
added 2023/12/11 12:0 a.m.18 views

HTTP NTLM Information Disclosure

Windows New Technology LAN Manager NTLM is a suite of Microsoft security protocols designed to offer authentication, integrity and confidentiality to users. In Windows environments, NTLM authentication is often supported over HTTP in order to protect access to specific resources. During the...

7.2AI score
Exploits0References2
ptsecurity
ptsecurity
added 2023/05/07 12:0 a.m.5 views

PT-2023-23703 · Mymail · Mymail

Name of the Vulnerable Software and Affected Versions: myMail app versions through 14.30 for iOS Description: The issue concerns the myMail app sending cleartext credentials in a situation where STARTTLS is expected by a server. This occurs when the app is used with a server that expects a secure...

7.5CVSS7.2AI score0.0042EPSS
Exploits0References7
susecve
susecve
added 2023/02/15 5:36 a.m.5 views

SUSE CVE-2013-4353

The ssl3takemac function in ssl/s3both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service NULL pointer dereference and application crash via a crafted Next Protocol Negotiation record in a TLS handshake...

4.3CVSS6.7AI score0.11851EPSS
Exploits0References11
Rows per page
Query Builder