1572 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-5363
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns during...
Linux Distros Unpatched Vulnerability : CVE-2025-3416
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may resu...
Linux Distros Unpatched Vulnerability : CVE-2021-3449
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the...
Security Bulletin: IBM i is affected by errors in OpenSSL resulting in denial-of-service attacks and incorrect X.509 certificate verification due to multiple vulnerabilities.
Summary IBM i is affected by errors in OpenSSL as part of IBM Portable Utilities for i resulting in denial-of-service attacks CVE-2023-0464, CVE-2023-2650, CVE-2023-3817 and incorrect X.509 certificate verification CVE-2023-0465, CVE-2023-0466 as described in the vulnerability details section. Th...
Linux Distros Unpatched Vulnerability : CVE-2024-5535
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be se...
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Rational ClearQuest
Summary OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-9143 DESCRIPTION: Issue summary: Use of the low-level GF2^m elliptic curve APIs with...
Duplicate Advisory: `openssl` `X509VerifyParamRef::set_host` buffer over-read
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xcf7-rvmh-g6q4. This link is maintained to preserve external references. Original Description The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to...
CVE-2023-53159
The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::sethost...
CVE-2025-0664
A locally authenticated, privileged user can craft a malicious OpenSSL configuration file, potentially leading the agent to load an arbitrary local library. This may impair endpoint defenses and allow the attacker to achieve code execution with SYSTEM-level privileges...
CVE-2025-0664
A locally authenticated, privileged user can craft a malicious OpenSSL configuration file, potentially leading the agent to load an arbitrary local library. This may impair endpoint defenses and allow the attacker to achieve code execution with SYSTEM-level privileges...
CVE-2025-0664
CVE-2025-0664 affects Trellix Endpoint Security HX Agent. A locally authenticated, privileged user can craft a malicious OpenSSL configuration file, potentially causing the agent to load an arbitrary local library and execute code with SYSTEM privileges. Evidence from multiple sources confirms th...
CVE-2025-0664
A locally authenticated, privileged user can craft a malicious OpenSSL configuration file, potentially leading the agent to load an arbitrary local library. This may impair endpoint defenses and allow the attacker to achieve code execution with SYSTEM-level privileges...
PT-2025-30237 · Openssl · Openssl
Name of the Vulnerable Software and Affected Versions: OpenSSL affected versions not specified Description: A locally authenticated, privileged user can create a malicious OpenSSL configuration file, potentially causing the agent to load an arbitrary local library. This could compromise endpoint...
CVE-2025-7394
In the OpenSSL compatibility layer implementation, the function RANDpoll was not behaving as expected and leading to the potential for predictable values returned from RANDbytes after fork is called. This can lead to weak or predictable random numbers generated in applications that are both using...
CVE-2025-7394
In the OpenSSL compatibility layer implementation, the function RANDpoll was not behaving as expected and leading to the potential for predictable values returned from RANDbytes after fork is called. This can lead to weak or predictable random numbers generated in applications that are both using...
CVE-2025-7394
In the OpenSSL compatibility layer implementation, the function RANDpoll was not behaving as expected and leading to the potential for predictable values returned from RANDbytes after fork is called. This can lead to weak or predictable random numbers generated in applications that are both using...
CVE-2025-7394
In CVE-2025-7394, the OpenSSL compatibility layer’s RAND_poll() misbehavior can yield predictable random values from RAND_bytes() when fork() occurs, affecting only applications that call RAND_bytes() after forking (not internal TLS operations). WolfSSL implemented a complementary change so RAND_...
CVE-2025-7394
In the OpenSSL compatibility layer implementation, the function RANDpoll was not behaving as expected and leading to the potential for predictable values returned from RANDbytes after fork is called. This can lead to weak or predictable random numbers generated in applications that are both using...
OpenSSL 安全漏洞
OpenSSL is an open source general-purpose cryptographic library capable of implementing the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols from the OpenSSL team. It supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...
curl: Use-After-Free in OpenSSL Keylog Callback via SSL_get_ex_data() in libcurl
Summary: A Use-After-Free UAF vulnerability exists in libcurl when the OpenSSL SSLCTXsetkeylogcallback is set. The callback may be invoked after the associated SSL object has been freed via SSLfree, leading to access to a dangling pointer and potential crash or information leak via SSLgetexdata...