Количество 1 008
Количество 1 008
BDU:2021-00883
Уязвимость реализации метода DoWrite программной платформы Node.js, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
openSUSE-SU-2022:0856-1
Security update for openssl-1_0_0
SUSE-SU-2022:14916-1
Security update for openssl1
SUSE-SU-2022:14915-1
Security update for openssl
SUSE-SU-2022:0935-1
Security update for nodejs12
SUSE-SU-2022:0860-1
Security update for openssl-1_1
SUSE-SU-2022:0859-1
Security update for compat-openssl098
SUSE-SU-2022:0857-1
Security update for openssl-1_0_0
SUSE-SU-2022:0856-1
Security update for openssl-1_0_0
SUSE-SU-2022:0854-1
Security update for openssl
SUSE-SU-2022:0853-1
Security update for openssl-1_1
SUSE-SU-2022:0851-1
Security update for openssl-1_1
SUSE-RU-2022:0861-1
Security update for openssl-1_1
RLSA-2022:5326
Low: compat-openssl10 security update
RLSA-2022:4899
Important: compat-openssl11 security and bug fix update
RLSA-2022:1065
Important: openssl security update
GHSA-x3mh-jvjw-3xwx
openssl-src's infinite loop in `BN_mod_sqrt()` reachable when parsing certificates
GHSA-gcvv-7whm-pv7c
napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.
GHSA-84gm-v5wh-659w
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.
CVE-2022-0778
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2021-00883 Уязвимость реализации метода DoWrite программной платформы Node.js, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие | CVSS3: 8.1 | 1% Низкий | больше 4 лет назад |
 | openSUSE-SU-2022:0856-1 Security update for openssl-1_0_0 | 6% Низкий | больше 3 лет назад | |
| SUSE-SU-2022:14916-1 Security update for openssl1 | 6% Низкий | больше 3 лет назад | |
| SUSE-SU-2022:14915-1 Security update for openssl | 6% Низкий | больше 3 лет назад | |
| SUSE-SU-2022:0935-1 Security update for nodejs12 | 6% Низкий | около 3 лет назад | |
| SUSE-SU-2022:0860-1 Security update for openssl-1_1 | 6% Низкий | больше 3 лет назад | |
| SUSE-SU-2022:0859-1 Security update for compat-openssl098 | 6% Низкий | больше 3 лет назад | |
| SUSE-SU-2022:0857-1 Security update for openssl-1_0_0 | 6% Низкий | больше 3 лет назад | |
| SUSE-SU-2022:0856-1 Security update for openssl-1_0_0 | 6% Низкий | больше 3 лет назад | |
| SUSE-SU-2022:0854-1 Security update for openssl | 6% Низкий | больше 3 лет назад | |
| SUSE-SU-2022:0853-1 Security update for openssl-1_1 | 6% Низкий | больше 3 лет назад | |
| SUSE-SU-2022:0851-1 Security update for openssl-1_1 | 6% Низкий | больше 3 лет назад | |
| SUSE-RU-2022:0861-1 Security update for openssl-1_1 | 6% Низкий | больше 3 лет назад | |
 | RLSA-2022:5326 Low: compat-openssl10 security update | 6% Низкий | почти 3 года назад | |
| RLSA-2022:4899 Important: compat-openssl11 security and bug fix update | 6% Низкий | около 3 лет назад | |
| RLSA-2022:1065 Important: openssl security update | 6% Низкий | около 3 лет назад | |
| GHSA-x3mh-jvjw-3xwx openssl-src's infinite loop in `BN_mod_sqrt()` reachable when parsing certificates | CVSS3: 7.5 | 6% Низкий | больше 3 лет назад |
| GHSA-gcvv-7whm-pv7c napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0. | CVSS3: 8.1 | 1% Низкий | около 3 лет назад |
| GHSA-84gm-v5wh-659w OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. | CVSS3: 7.4 | 93% Критический | около 3 лет назад |
 | CVE-2022-0778 The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities... | CVSS3: 7.5 | 6% Низкий | больше 3 лет назад |
Уязвимостей на страницу