65 matches found
CLSA-2026-1773999595 compat-openssl11: Fix of CVE-2025-69419
CVE-2025-69419: Fix heap buffer overflow in PKCS12 Unicode to UTF-8 conversion...
CVE-2026-3229
CVE-2026-3229 describes an integer overflow in wolfSSL’s certificate chain allocation. The heap corruption arises in the static function wolfssl_add_to_chain when certificate data is written beyond the bounds of an insufficiently sized certificate buffer. The issue is triggered via APIs used for ...
PT-2026-26365
Name of the Vulnerable Software and Affected Versions wolfssl affected versions not specified Description An integer overflow issue was identified in the wolfssl add to chain function, leading to heap corruption when certificate data exceeded the bounds of the certificate buffer. The function is...
RHEL 9 : compat-openssl11 (RHSA-2026:4824)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:4824 advisory. The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries from the...
RHEL 9 : compat-openssl11 (RHSA-2026:4825)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:4825 advisory. The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries from the...
compat-openssl11 security update
An update is available for compat-openssl11. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The OpenSSL toolkit provides support for secure communications betwe...
Moderate: compat-openssl11 security update
The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries from the 1.1.1 version and is provided for compatibility with previous releases. Security Fixes: openssl: OpenSSL: Arbitrary code execution due to...
SUSE SLES15: libqat4 / libqatzip3 / libusdm0 / qatengine / qatlib / qatlib-devel / etc (SUSE-SU-2025:3942-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3942-1 advisory. Note that the 1.6.1 release included in 1.7.0 fixes the following vulnerabilities: bsc1233363 CVE-2024-28885 bsc1233365...
SUSE SLES15: libqat4 / libqatzip3 / libusdm0 / qatengine / qatlib / qatlib-devel / etc (SUSE-SU-2025:3943-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3943-1 advisory. Note that the 1.6.1 release included in 1.7.0 fixes the following vulnerabilities: bsc1233363 CVE-2024-28885 bsc1233365...
EUVD-2025-21938
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-7394
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the OpenSSL compatibility layer implementation, the function RANDpoll was not behaving as expected and leading to the potential for predictable values return...
CVE-2025-45765
ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is "keysize is not something that is enforced by this library. Currently more recent versions of OpenSSL are enforcing some key sizes and those restrictions apply to the users of this gem also."...
CVE-2025-7394
In the OpenSSL compatibility layer implementation, the function RANDpoll was not behaving as expected and leading to the potential for predictable values returned from RANDbytes after fork is called. This can lead to weak or predictable random numbers generated in applications that are both using...
UBUNTU-CVE-2025-5372
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenl...
SUSE-SU-2025:01879-1 Security update for nodejs22
This update for nodejs22 fixes the following issues: Update to version 22.15.1. Security issues fixed: - CVE-2025-23166: remotely triggerable process crash due to improper error handling in async cryptographic operations bsc1243218. - CVE-2025-23165: memory leak and unbounded memory growth due to...
SUSE-SU-2024:4029-1 Security update for SUSE Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: - Security fixes on Python 3.11 interpreter: CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes bsc1229873, bsc1230059 CVE-2024-8088: Prevent malformed payload to cause infinite loops in zipfile.Pat...
SUSE-SU-2024:1074-1 Security update for qpid-proton
This update for qpid-proton fixes the following issues: - CVE-2019-0223: Fixed TLS Man in the Middle Vulnerability bsc1133158. The following non-security bugs were fixed: - Fix build with OpenSSL 3.0.0 bsc1172267 - Sort linked .o files to make package build reproducible bsc1041090 - Fix build wit...
SUSE-SU-2024:0947-1 Security update for python-uamqp
This update for python-uamqp fixes the following issues: - CVE-2024-27099: Fixed potential double-free in linkframereceived bsc1220535. Bug fixes: - Fixed compatibility with OpenSSL 3.x bsc1217782...
SUSE CVE-2012-6093
The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fai...
SUSE-RU-2022:4567-1 Recommended update for python-crcmod, python-cryptography, python-cryptography-vectors
This update for python-crcmod, python-cryptography, python-cryptography-vectors contains the following fixes: python-cryptography: - Update in SLE-15 bsc1177083, jscPM-2730, jscSLE-18312 - Refresh patches for new version Using the Fernet class to symmetrically encrypt multi gigabyte values...