1573 matches found
Ubuntu: Security Advisory (USN-7786-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE CVE-2025-9232
Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'noproxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash...
OpenSSL DoS Vulnerability (20250930, CVE-2025-9232) - Linux
OpenSSL is prone to a denial of service DoS vulnerability due to an out-of-bounds read in HTTP client noproxy handling. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
OpenSSL DoS Vulnerability (20250930, CVE-2025-9232) - Windows
OpenSSL is prone to a denial of service DoS vulnerability due to an out-of-bounds read in HTTP client noproxy handling. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
OpenSSL DoS Vulnerability (20250930, CVE-2025-9230) - Windows
OpenSSL is prone to a denial of service DoS vulnerability due to a out-of-bounds read & write in RFC 3211 KEK Unwrap. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
OpenSSL DoS Vulnerability (20250930, CVE-2025-9230) - Linux
OpenSSL is prone to a denial of service DoS vulnerability due to a out-of-bounds read & write in RFC 3211 KEK Unwrap. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
OpenSSL 1.1.1 < 1.1.1zd Vulnerability
The version of OpenSSL installed on the remote host is prior to 1.1.1zd. It is, therefore, affected by a vulnerability as referenced in the 1.1.1zd advisory. - Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read...
SUSE SLES15 Security Update : sevctl (SUSE-SU-2025:03306-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03306-1 advisory. - CVE-2024-12224: idna: Fixed improper validation of unsafe equivalence in punycode. bsc1243860 - CVE-2025-3416: openssl: Fixed...
Security update for sevctl
This update for sevctl fixes the following issues: CVE-2025-3416: openssl: Fixed Use-After-Free in Md::fetch and Cipher::fetch bsc1242618 CVE-2024-12224: idna: Fixed Punycode improper validation bsc1243860 Patch Instructions: To install this SUSE update use the SUSE recommended installation metho...
CISA Releases Eight Industrial Control Systems Advisories
CISA released eight Industrial Control Systems ICS advisories on September 16, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-259-01 Schneider Electric Altivar Products, ATVdPAC Module, ILC992 InterLink...
Moderate: Red Hat Security Advisory: mysql-selinux and mysql8.4 security update
An update for multiple packages is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
CVE-2025-42927
CVE-2025-42927 affects SAP NetWeaver AS Java via the Adobe Document Service, where a vulnerable OpenSSL version is bundled. Root cause is outdated OpenSSL in the SAP NetWeaver AS Java platform; exploitation could enable a high-privilege user to access and modify system information. Impact is low ...
CVE-2025-42927 Information Disclosure due to Outdated OpenSSL Version in SAP NetWeaver AS Java (Adobe Document Service)
SAP NetWeaver AS Java application uses Adobe Document Service, installed with a vulnerable version of OpenSSL.Successful exploitation of known vulnerabilities in the outdated OpenSSL library would allow user with high system privileges to access and modify system information.This vulnerability ha...
CVE-2025-42927 Information Disclosure due to Outdated OpenSSL Version in SAP NetWeaver AS Java (Adobe Document Service)
SAP NetWeaver AS Java application uses Adobe Document Service, installed with a vulnerable version of OpenSSL.Successful exploitation of known vulnerabilities in the outdated OpenSSL library would allow user with high system privileges to access and modify system information.This vulnerability ha...
SAP NetWeaver AS Java 安全漏洞
SAP NetWeaver AS Java is a platform system from SAP, a German company. A security vulnerability exists in SAP NetWeaver AS Java that stems from the use of a vulnerable version of OpenSSL and could lead to accessing and modifying system information...
Exploit for Expression Language Injection in Atlassian Confluence_Data_Center
This repository is a collection of proof-of-concept PoC exploits from Datadog Security Labs. The exploits are designed to demonstrate vulnerabilities in various software products, including Confluence, OpenSSL, and Spring. The repository contains code and instructions for running the exploits, as...
Security Bulletin: OpenSSL 3.2 RPK Verification Bypass May Allow MITM Attacks in TLS/DTLS Connections, which affects IBM watsonx.data
Summary Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSLVERIFYPEER verification mode is set. Impact summary: TLS and DTLS connections using raw public keys may be...
PT-2025-34550 · Undefined · Undefined
CVE-2023-4131 - CVE-2022-1234: OpenSSL SSL/TLS Denial of Service CVE ID : CVE-2023-4131 Published : Aug. 21, 2025, 11:15 p.m. | 1 hour ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Severity: 0.0 | NA Visit the link for more details,...
Security Bulletin: A Security vulnerability in OpenSSL affects IBM DevOps Code ClearCase
Summary OpenSSL vulnerability were disclosed by the OpenSSL Project. OpenSSL is used by IBM DevOps Code ClearCase.CVE-2024-9143 Vulnerability Details CVEID:CVE-2024-9143 DESCRIPTION: Issue summary: Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field...
Linux Distros Unpatched Vulnerability : CVE-2022-3358
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0 an...