10 matches found
EUVD-2022-3826
Malicious code in bioql PyPI...
Amazon Linux 2 : openssl-snapsafe (ALASOPENSSL-SNAPSAFE-2024-006)
The version of openssl-snapsafe installed on the remote host is prior to 1.0.2k-24. It is, therefore, affected by a vulnerability as referenced in the ALAS2OPENSSL-SNAPSAFE-2024-006 advisory. Issue summary: Calling the OpenSSL API function SSLselectnextproto with anempty supported client protocol...
EulerOS 2.0 SP9 : openssl (EulerOS-SA-2024-2375)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in OpenSSL up to 1.1.1x/3.0.13/3.1.5/3.2.1/3.3.0 Network Encryption Software. It has been declared as very critical...
Amazon Linux 2 : openssl (ALAS-2024-2604)
The version of openssl installed on the remote host is prior to 1.0.2k-24. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2604 advisory. Issue summary: Calling the OpenSSL API function SSLselectnextproto with anempty supported client protocols buffer may cause a cra...
Medium: edk2
Issue Overview: Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected applicati...
CVE-2024-5535
Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or ...
OpenSSL 3.2.0 < 3.2.3 Vulnerability
The version of OpenSSL installed on the remote host is prior to 3.2.3. It is, therefore, affected by a vulnerability as referenced in the 3.2.3 advisory. - Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memor...
MGASA-2021-0200 Updated qtbase5 packages fix security vulnerability
QSslSocket incorrectly calls SSLshutdown in OpenSSL mid-handshake causing denial of service in TLS applications CVE-2020-13962 This update provides additionals fixes: - Check that the sizes are even representable when checking if clipping is necessary P300 - Multiply instead of shifting, The shif...
Updated qtbase5 packages fix security vulnerability
QSslSocket incorrectly calls SSLshutdown in OpenSSL mid-handshake causing denial of service in TLS applications CVE-2020-13962 This update provides additionals fixes: - Check that the sizes are even representable when checking if clipping is necessary P300 - Multiply instead of shifting, The...
Denial Of Service (DoS)
qt5 is vulnerable to denial of service. An incorrect call to SSLshutdown during mid-handshake causes a denial of service condition in TLS applications...