Количество 71
Количество 71
GHSA-4fc7-mvrr-wv2c
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or a crash. In particular this issue could result in up to 255 bytes of arbitrary private data from memory being sent to the peer leading to a loss of confidentiality. However, only applications that directly call the SSL_select_next_proto function with a 0 length list of supported client protocols are affected by this issue. This would normally never be a valid scenario and is typically not under attacker control but may occur by accident in the case of a configuration or programming error in the calling application. The OpenSSL API function SSL_select_next_proto is typically used by TLS applications that support ALPN (Application Layer Protocol Negotiation) or NPN (Next Protocol Negotiat...
ELSA-2024-7848
ELSA-2024-7848: openssl security update (LOW)
ELSA-2024-12786
ELSA-2024-12786: openssl security update (IMPORTANT)
BDU:2024-06988
Уязвимость функции SSL_select_next_proto инструментария для протоколов TLS и SSL OpenSSL, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании
SUSE-SU-2025:03632-1
Security update for openssl-1_1-livepatches
SUSE-SU-2025:03523-1
Security update for openssl-1_1-livepatches
ROS-20250203-10
Уязвимость openssl
ROS-20241001-05
Множественные уязвимости openssl3
ROS-20251028-08
Множественные уязвимости edk2-tools
ELSA-2025-1673
ELSA-2025-1673: mysql:8.0 security update (IMPORTANT)
ELSA-2025-1671
ELSA-2025-1671: mysql security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-4fc7-mvrr-wv2c Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or a crash. In particular this issue could result in up to 255 bytes of arbitrary private data from memory being sent to the peer leading to a loss of confidentiality. However, only applications that directly call the SSL_select_next_proto function with a 0 length list of supported client protocols are affected by this issue. This would normally never be a valid scenario and is typically not under attacker control but may occur by accident in the case of a configuration or programming error in the calling application. The OpenSSL API function SSL_select_next_proto is typically used by TLS applications that support ALPN (Application Layer Protocol Negotiation) or NPN (Next Protocol Negotiat... | CVSS3: 9.1 | 6% Низкий | больше 1 года назад |
| ELSA-2024-7848 ELSA-2024-7848: openssl security update (LOW) | около 1 года назад | ||
| ELSA-2024-12786 ELSA-2024-12786: openssl security update (IMPORTANT) | около 1 года назад | ||
 | BDU:2024-06988 Уязвимость функции SSL_select_next_proto инструментария для протоколов TLS и SSL OpenSSL, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании | CVSS3: 9.1 | 6% Низкий | больше 1 года назад |
 | SUSE-SU-2025:03632-1 Security update for openssl-1_1-livepatches | 19 дней назад | ||
| SUSE-SU-2025:03523-1 Security update for openssl-1_1-livepatches | 26 дней назад | ||
 | ROS-20250203-10 Уязвимость openssl | CVSS3: 9.1 | 6% Низкий | около 1 года назад |
| ROS-20241001-05 Множественные уязвимости openssl3 | CVSS3: 9.1 | около 1 года назад | |
| ROS-20251028-08 Множественные уязвимости edk2-tools | CVSS3: 8.1 | 8 дней назад | |
| ELSA-2025-1673 ELSA-2025-1673: mysql:8.0 security update (IMPORTANT) | 9 месяцев назад | ||
| ELSA-2025-1671 ELSA-2025-1671: mysql security update (IMPORTANT) | 9 месяцев назад |
Уязвимостей на страницу