149 matches found
OESA-2026-1731 pyOpenSSL security update
pyOpenSSL is a rather thin wrapper around a subset of the OpenSSL library. With thin wrapper we mean that a lot of the object methods do nothing more than calling a corresponding function in the OpenSSL library. Security Fixes: A security vulnerability exists in the PyOpenSSL library's...
OpenSSL 3.5.0 < 3.5.6 Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 3.5.6. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.5.6 advisory. - Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group...
CVE-2025-69419 affecting package openssl for versions less than 1.1.1k-38
CVE-2025-69419 affecting package openssl for versions less than 1.1.1k-38. A patched version of the package is available...
Security Bulletin: OpenSSL stack buffer overflow vulnerability affect IBM Cloud Pak System [CVE-2025-15467]
Summary Stack buffer overflow vulnerability in OpenSSL shipped with OS Image for Red Hat Enterprise Linux System affect IBM Cloud Pak System. Stack buffer overflow that can be exploited by a remote attacker to cause a Denial of Service DoS or potentially allow for remote code execution...
Zabbix Agent Binaries Path Abuse Scanner
This scanner performs automated static analysis of Zabbix Agent binaries to detect hardcoded OpenSSL configuration paths that may enable provider or engine abuse. It identifies embedded OPENSSLDIR, ENGINESDIR, and MODULESDIR values, extracts OpenSSL version information, and checks for dynamic...
Security update for openssl-3 (important)
openSUSE security update: security update for openssl-3 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20152-1 Rating: important References: bsc1256829 bsc1256830 bsc1256831 bsc1256832 bsc1256833 bsc1256834 bsc1256835 bsc1256836 bsc1256837 bsc12568...
📄 Zabbix Agent Binaries 7.4 OpenSSL Path Scanner
This tool performs static analysis on Zabbix Agent binaries to identify hardcoded OpenSSL paths such as OPENSSLDIR, ENGINESDIR, and MODULESDIR. It leverages strings and radare2 to extract embedded configuration paths, OpenSSL version information, and indicators of dynamic engine or module loading...
SUSE SLES15: libopenssl-3-devel / libopenssl-3-devel-32bit / etc (SUSE-SU-2026:0312-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0312-1 advisory. - CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing bsc1256830. - CVE-2025-68160: Heap...
CVE-2025-15468
Issue summary: If an application using the SSLCIPHERfind function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. Impact summary: A NULL pointer dereference leads to abnormal termination of the running process causing Denial of Servic...
MiracleLinux 4 : openssl-1.0.1e-58.0.2.AXS4 (AXSA:2021-2478:04)
The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2478:04 advisory. openssl: integer overflow in CipherUpdate CVE-2021-23840 openssl: NULL pointer dereference in X509issuerandserialhash CVE-2021-23841 Tenable has extracted th...
MiracleLinux 9 : openssl-3.0.7-25.el9_3 (AXSA:2024-7438:02)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-7438:02 advisory. openssl: Incorrect cipher key and IV length processing CVE-2023-5363 Tenable has extracted the preceding description block directly from the MiracleLinux...
MiracleLinux 8 : openssl-1.1.1k-4.el8 (AXSA:2021-2623:05)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2623:05 advisory. openssl: integer overflow in CipherUpdate CVE-2021-23840 openssl: NULL pointer dereference in X509issuerandserialhash CVE-2021-23841 Tenable has...
MiracleLinux 8 : openssl-1.1.1c-15.el8 (AXSA:2020-289:02)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-289:02 advisory. openssl: side-channel weak encryption vulnerability CVE-2019-1547 openssl: information disclosure in fork CVE-2019-1549 openssl: information disclosu...
MiracleLinux 4 : openssl-1.0.1e-42.AXS4.4 (AXSA:2016-119:02)
The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-119:02 advisory. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries...
MiracleLinux 7 : openssl-1.0.1e-60.el7.1 (AXSA:2017-1298:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-1298:01 advisory. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries...
Astra Linux – Vulnerability in OpenSSL
Issue Summary: A TLS 1.3 connection that uses certificate compression can be forced to allocate a large buffer before decompression, without checking against the configured certificate size limit. Impact Summary: An attacker can cause per-connection memory allocations of up to approximately 22 Mi...
EulerOS 2.0 SP10 : libssh (EulerOS-SA-2025-2420)
According to the versions of the libssh package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to sshgetfingerprinthash...
SUSE-SU-2025:20896-1 Security update for openssl-3
This update for openssl-3 fixes the following issues: Security issues: - CVE-2025-9230: Fix out-of-bounds read & write in RFC 3211 KEK unwrap bsc1250232 - Disable LTO for userspace livepatching jscPED-13245...
Amazon Linux 2 : openssl11, --advisory ALAS2-2025-3033 (ALAS-2025-3033)
The version of openssl11 installed on the remote host is prior to 1.1.1zd-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3033 advisory. Issue summary: An application trying to decrypt CMS messages encrypted usingpassword based encryption can trigger an...
SUSE SLED15 / SLES15 Security Update : openssl-3 (SUSE-SU-2025:03546-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03546-1 advisory. - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap bsc1250232. Tenable has extracted the precedi...