CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

284 matches found

CNNVD•added 2025/06/16 12:0 a.m.•4 views

OpenSSL 安全漏洞

OpenSSL is an open source general-purpose cryptographic library capable of implementing the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols from the OpenSSL team. It supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...

5.3CVSS7.3AI score0.00361EPSS

Exploits0References4

BDU FSTEC•added 2025/05/19 12:0 a.m.•3 views

The vulnerability of the SSLManagerOpenSSL class in the MongoDB database management system allows a hacker to circumvent security restrictions.

The vulnerability of the SSLManagerOpenSSL class in the MongoDB database management system is related to the lack of verification for certificate revocation. Exploiting this vulnerability allows a malicious actor to circumvent security restrictions remotely...

8.1CVSS6.3AI score0.00365EPSS

Exploits0References6Affected Software2

RedHat Linux•added 2025/05/06 2:31 p.m.•4 views

io.netty:netty-handler: SslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngine

A flaw was found in Netty's SslHandler. This vulnerability allows a native crash via a specially crafted packet that bypasses proper validation...

7.5CVSS6.6AI score0.01966EPSS

Exploits1References6

BDU FSTEC•added 2025/01/13 12:0 a.m.•4 views

The vulnerability of the SSL VPN remote access technology for SonicOS operating systems allows a hacker to increase their privileges.

The vulnerability of the SSL VPN remote access technology implemented on SonicOS is related to the bypassing of authentication due to a fundamental error in the implementation. Exploiting this vulnerability allows a malicious actor to enhance their privileges remotely...

9.4CVSS6.6AI score0.00397EPSS

Exploits0References3Affected Software1

BDU FSTEC•added 2024/12/02 12:0 a.m.•1 views

The vulnerability of the Intel QuickAssist driver package (Intel QAT Engine for OpenSSL) arises from manipulating an unknown input, leading to a timing-related flaw that allows an attacker to disclose protected information.

The vulnerability of the Intel QuickAssist Driver Package Intel QAT Engine for OpenSSL is related to manipulating an unknown input, resulting in a timing-related flaw. Exploiting this vulnerability could allow an attacker to disclose protected information...

5.9CVSS5.4AI score0.00509EPSS

Exploits0References3Affected Software1

CNNVD•added 2024/11/08 12:0 a.m.•4 views

Intelligent Freenow 安全漏洞

Intelligent Freenow is a cab booking software from Intelligent. A security vulnerability exists in Intelligent Freenow version 12.10.0, which stems from the parameter DEFAULTKEYSTOREPASSWORD in the file ch/qos/logback/core/net/ssl/SSL.java that can lead to the use of hard-coded passwords...

7.4CVSS4.8AI score0.0063EPSS

Exploits1References4

Positive Technologies•added 2023/12/29 12:0 a.m.•3 views

PT-2023-8494 · Curl +2 · Curl +2

Name of the Vulnerable Software and Affected Versions: curl affected versions not specified Description: The issue is related to a flaw in curl where it inadvertently keeps the SSL session ID for connections in its cache even when the verify status OCSP stapling test failed. This allows a...

5.3CVSS4.9AI score0.01102EPSS

Exploits1References45

BDU FSTEC•added 2023/11/08 12:0 a.m.•2 views

The vulnerability of Java Secure Socket Extension (JSSE) and IBMJCEPlus, components of the IBM SDK Java Technology development environment, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of Java Secure Socket Extension JSSE and IBMJCEPlus, part of the IBM SDK Java Technology development tools, is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability could allow an attacker, operating remotely, to gain...

7.8CVSS7.1AI score0.00609EPSS

Exploits0References8Affected Software6

Amazon•added 2023/10/19 12:0 a.m.•4 views

Medium: java-1.8.0-amazon-corretto

Issue Overview: Vulnerability in Oracle Java SE component: CORBA. Supported versions that are affected are Oracle Java SE: 8u381 and 8u381-perf. Easily exploitable vulnerability allows unauthenticated attacker with network access via CORBA to compromise Oracle Java SE. Successful attacks of this...

5.3CVSS5.8AI score0.01412EPSS

Exploits0

RedHat Linux•added 2023/06/29 8:7 p.m.•2 views

Undertow: Infinite loop in SslConduit during close

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates...

7.5CVSS7.1AI score0.01771EPSS

Exploits0References5

CNNVD•added 2023/06/08 12:0 a.m.•2 views

多款Cisco产品安全漏洞

Cisco Firepower Threat Defense FTD is a suite of unified software from Cisco that provides next-generation firewall services. A security vulnerability exists in Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software that stems from a vulnerability in the hardware-based...

8.6CVSS7.3AI score0.00919EPSS

Exploits0References4