EUVD-2025-204994

Soda PDF Desktop Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Soda PDF Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system...

Soda PDF Desktop 代码问题漏洞

Soda PDF Desktop is a full-featured PDF editing software from Soda Canada. A code issue vulnerability exists in Soda PDF Desktop that stems from an OpenSSL configuration that loads a configuration file from an insecure location, which could result in local elevation of privilege...

Photon OS 4.0: Openssl PHSA-2025-4.0-0895

An update of the openssl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0895. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

ISC BIND 安全漏洞

ISC BIND is a suite of open source software that implements the DNS protocol from the US company ISC. A security vulnerability in ISC BIND versions 9.18.x prior to 9.18.7 and 9.19.x prior to 9.19.5, which stems from changes between OpenSSL 1.x and OpenSSL 3.0 exposes a flaw in the naming, which c...

UBUNTU-CVE-2020-1967

Server or client applications that call the SSLcheckchain function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signaturealgorithmscert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm i...

openssl: Read/write after SSL object in error state

OpenSSL 1.0.2 starting from version 1.0.2b introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the...

DEBIAN-CVE-2016-2177

OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service integer overflow and application crash or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3srvr....

The vulnerability of the OpenSSL library, which allows a hacker to trigger a service failure

The vulnerability of the ssl3writebytes function in the OpenSSL library is related to errors in the code. Exploiting this vulnerability can allow a remote attacker to cause service interruptions due to errors in processing a series of input/output operations...

McAfee Email Gateway - Three SSLv3 Vulnerabilities

McAfee Email Gateway is vulnerable to one or more of the three Open Secure Sockets Layer OpenSSL 3.0 SSLv3 vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

DEBIAN-CVE-2014-0198

The dossl3write function in s3pkt.c in OpenSSL 1.x through 1.0.1g, when SSLMODERELEASEBUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service NULL pointer dereference and application crash via vectors...

DEBIAN-CVE-2003-0544

OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service crash via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used...