89 matches found
SUSE-SU-2025:02810-1 Security update for rust-keylime
This update for rust-keylime fixes the following issues: - Update to version 0.2.7+141: CVE-2025-58266: shlex: Fixed command injection bsc1247193 - Update to version 0.2.7+117: CVE-2023-26964: rust-keylime: hyper,h2: stream stacking when H2 processing HTTP2 RSTSTREAM frames bsc1210344...
CVE-2023-53159
A flaw was found in openssl. An out-of-bounds read can occur within the X509VerifyParamRef::sethost function when processing an empty string. A local attacker can trigger this condition by providing a specially crafted input, resulting in a potential information leak. Mitigation Mitigation for th...
CVE-2025-5987
A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with th...
CVE-2025-5372
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenl...
CVE-2010-1378
OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows remote attackers to bypass X.509 certificate authentication via an arbitrary certificate issued by a legitimate Certification Authority...
CVE-2025-3416 Rust-openssl: rust-openssl use-after-free in `md::fetch` and `cipher::fetch`
A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string...
Linux Distros Unpatched Vulnerability : CVE-2024-9355
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buff...
Linux Distros Unpatched Vulnerability : CVE-2014-8176
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The dtls1clearqueues function in ssl/d1lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering...
Linux Distros Unpatched Vulnerability : CVE-2015-3194
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto/rsa/rsaameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service NULL pointer dereference and...
Linux Distros Unpatched Vulnerability : CVE-2016-7056
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys. CVE-2016-70...
Linux Distros Unpatched Vulnerability : CVE-2019-1559
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respon...
Linux Distros Unpatched Vulnerability : CVE-2014-8275
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to...
Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to multiple vulnerabilities due to IBM Java
Summary IBM Sterling Connect:Direct Web Service uses IBM Java SE. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION: Vulnerability in Java SE component: Serialization. Difficult to exploit vulnerability allows...
Security Bulletin: Multiple vulnerabilities in IBM® Semeru Runtime affect IBM Tivoli Netcool Impact
Summary There are multiple vulnerabilities in IBM® Semuru Runtime used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21217 DESCRIPTION: Vulnerability in Java SE component: Serialization. Difficult to exploit...
CVE-2025-0306 Ruby: openssl: ruby marvin attack
A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service...
openssl: Excessive time spent checking invalid RSA public keys
A flaw was found in OpenSSL. When the EVPPKEYpubliccheck function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large...
Security Bulletin: IBM Master Data Management may provide weaker than expected security due to OpenSSL through a carry propogation flaw (CVE-2021-4160)
Summary IBM Master Data Management v11.6, and v12.0 are vulnerable to a carry propogation flaw found in OpenSSL. OpenSSL could provide weaker than expected security, caused by a carry propagation flaw in the MIPS32 and MIPS64 squaring procedure. An attacker could exploit this vulnerability to...
AZL-52774 CVE-2024-9355 affecting package golang for versions less than 1.22.9-1
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted...
openssl: Possible denial of service in X.509 name checks
A flaw was found in OpenSSL. Applications performing certificate name checks e.g., TLS clients checking server certificates may attempt to read an invalid memory address resulting in abnormal termination of the application process...
openssl: Excessive time spent checking invalid RSA public keys
A flaw was found in OpenSSL. When the EVPPKEYpubliccheck function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large...