23278 matches found
OpenSSL 安全漏洞
OpenSSL is an open-source encryption library developed by the OpenSSL team that enables the implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure has...
OpenSSL 安全漏洞
OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...
OpenSSL 安全漏洞
OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...
OpenSSL 1.0.2 < 1.0.2zp Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 1.0.2zp. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.2zp advisory. - Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereferenc...
OpenSSL 1.1.1 < 1.1.1zg Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 1.1.1zg. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.1.1zg advisory. - Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon...
OpenSSL 3.3.0 < 3.3.7 Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 3.3.7. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.3.7 advisory. - Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit...
OpenSSL 3.4.0 < 3.4.5 Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 3.4.5. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.4.5 advisory. - Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit...
OpenSSL 3.0.0 < 3.0.20 Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 3.0.20. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.0.20 advisory. - Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bi...
OpenSSL Security Advisory 20260407
OpenSSL Security Advisory 20260407 - Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigge...
PT-2026-31035
Name of the Vulnerable Software and Affected Versions OpenSSL FIPS Module version 3.6 Description Applications utilizing AES-CFB128 encryption or decryption on systems equipped with AVX-512 and VAES support may experience an out-of-bounds read of up to 15 bytes when handling partial cipher blocks...
OpenSSL 安全漏洞
OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...
Security Bulletin: Vulnerability in libssh library (CVE-2025-5372) affects Power HMC.
Summary The libssh library is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-5372 DESCRIPTION: A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible...
Security update for osslsigncode (critical)
openSUSE Security Update: Security update for osslsigncode Announcement ID: openSUSE-SU-2026:0115-1 Rating: critical References: 1260680 Cross-References: CVE-2025-70888 Affected Products: openSUSE Backports SLE-15-SP6 An update that fixes one vulnerability is now available. Description: This...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.16.59 bug fix and security update
Red Hat OpenShift Container Platform release 4.16.59 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...
Incorrect Authorization
Overview openssl-encrypt is an A package for secure file encryption and decryption based on modern ciphers using heavy-compute-load chaining of hashing and KDF to generate strong encryption password based on users provided password to ensure secure encryption of files Affected versions of this...
GHSA-4RH7-JWG9-M28M openssl-encrypt accepts refresh tokens as URL query parameters causing token leakage
Summary Refresh tokens are accepted as URL query parameters in the keyserver and telemetry server routes. Affected Code python opensslencryptserver/modules/keyserver/routes.py:214-215 opensslencryptserver/modules/telemetry/routes.py:90-91 async def refreshtoken request: Request, refreshtoken: str...
Use of GET Request Method With Sensitive Query Strings
Overview openssl-encrypt is an A package for secure file encryption and decryption based on modern ciphers using heavy-compute-load chaining of hashing and KDF to generate strong encryption password based on users provided password to ensure secure encryption of files Affected versions of this...
openssl-encrypt accepts refresh tokens as URL query parameters causing token leakage
Summary Refresh tokens are accepted as URL query parameters in the keyserver and telemetry server routes. Affected Code python opensslencryptserver/modules/keyserver/routes.py:214-215 opensslencryptserver/modules/telemetry/routes.py:90-91 async def refreshtoken request: Request, refreshtoken: str...
Insertion of Sensitive Information Into Sent Data
Overview openssl-encrypt is an A package for secure file encryption and decryption based on modern ciphers using heavy-compute-load chaining of hashing and KDF to generate strong encryption password based on users provided password to ensure secure encryption of files Affected versions of this...
Missing Authorization
Overview openssl-encrypt is an A package for secure file encryption and decryption based on modern ciphers using heavy-compute-load chaining of hashing and KDF to generate strong encryption password based on users provided password to ensure secure encryption of files Affected versions of this...