CVE-2026-28390 affecting package openssl for versions less than 3.3.5-5

CVE-2026-28390 affecting package openssl for versions less than 3.3.5-5. A patched version of the package is available...

Security Bulletin: Vulnerability in libssh library (CVE-2025-5372) affects Power HMC.

Summary The libssh library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-5372 DESCRIPTION: A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible...

CVE-2025-69421 affecting package openssl for versions less than 1.1.1k-39

CVE-2025-69421 affecting package openssl for versions less than 1.1.1k-39. A patched version of the package is available...

EulerOS Virtualization 2.10.0 : libssh (EulerOS-SA-2026-1178)

According to the versions of the libssh package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the libssh library. An out-of-bounds read can be triggered in the sftphandle function due to an incorrect...

JLSEC-2025-97 A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ...

A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenl...

Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2025-2201)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2025-5372

A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenl...

CVE-2025-5372

A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenl...

Double Free

Overview Affected versions of this package are vulnerable to Double Free via the pkikeytoblob function when built with OpenSSL versions older than 3.0. The issue can lead to heap corruption or application instability during error handling in low-memory environments. Workaround This vulnerability...

SUSE CVE-2025-48057

Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Prior to versions 2.12.12, 2.13.12, and 2.14.6, the VerifyCertificate function can be tricked into incorrectly treating certificates as vali...

GHSA-5H6X-M52P-23PH Withdrawn Advisory: Improper Certificate Validation in Apache Qpid Proton

Withdrawn Advisory This advisory has been withdrawn because the vulnerability only affects the Qpid Proton C library and not org.apache.qpid:proton-j. This link has been maintained to preserve external references. Original Description While investigating bug PROTON-2014, we discovered that under...

openfortivpn Certificate Validation Mishandling Vulnerability

openfortivpn is a client program for PPP Point-to-Point Protocol + SSL Transport Layer Security Protocol VPN tunneling service. A security vulnerability exists in openfortivpn version 1.11.0 using OpenSSL versions prior to 1.0.2, which stems from a failure to take into account the '' character wh...

PT-2019-2586 · Apache +1 · Apache Qpid Proton +1

Name of the Vulnerable Software and Affected Versions: Apache Qpid Proton versions 0.9 through 0.27.0 Description: The issue is related to errors in the certificate authentication procedure, allowing a remote attacker to implement a man-in-the-middle attack and intercept TLS traffic by anonymousl...

DEBIAN-CVE-2004-0081

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service infinite loop, as demonstrated using the Codenomicon TLS Test Tool...