RHEL 9 : compat-openssl11 (RHSA-2026:5214)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:5214 advisory. The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries from the...

Advisory ROSA-SA-2026-3241

software: openssl 1.1.1w OS: ROSA-CHROME unaffected versions = openssl-1.1.1.1w-5 affected versions openssl-1.1.1.1w-5 CVE-ID: CVE-2025-68160 BDU-ID: 2026-01216 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the BIOflinebuffer function of the OpenSSL library is related to an operation exceeding...

EUVD-2026-14017

Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS7 data where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS7 data. Impact summary: An application...

TLS Connection Bypass

pyOpenSSL is vulnerable to TLS connection bypass. The vulnerability is due to an unhandled exception in a user-provided settlsextservernamecallback, where the exception is not caught and results in the connection being accepted, allowing attackers to bypass security-sensitive checks...

CLSA-2026-1773999595 compat-openssl11: Fix of CVE-2025-69419

CVE-2025-69419: Fix heap buffer overflow in PKCS12 Unicode to UTF-8 conversion...

Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues: Update to go 1.25.8 bsc1244485, jscSLE-18320: CVE-2025-61732: cmd/cgo: discrepancy between Go and C/C++ comment parsing allows for C code smuggling bsc1257692. CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated sessio...

OESA-2026-1664 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code...

OESA-2026-1662 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code...

OESA-2026-1661 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code...

curl: Function `do_pubkey()` can have out-of-bound read issue

Summary A 1-byte out-of-bounds heap read in dopubkey in lib/vtls/x509asn1.c. When parsing an RSA public key with a zero-length or all-zero modulus, the loop dereferences a pointer before checking bounds. Requires a non-OpenSSL TLS backend e.g., Mbed/Gnu. A certificate chain verification can trigg...

KeePassXC < 2.7.12 Local Privilege Escalation

The version of KeePassXC installed on the remote Windows host is prior to 2.7.12. It is, therefore, affected by a local privilege escalation vulnerability due to loading OpenSSL configuration from an unsecured location. A local attacker with low-privileged access could leverage this vulnerability...

CVE-2026-3229

CVE-2026-3229 describes an integer overflow in wolfSSL’s certificate chain allocation. The heap corruption arises in the static function wolfssl_add_to_chain when certificate data is written beyond the bounds of an insufficiently sized certificate buffer. The issue is triggered via APIs used for ...

GHSA-WJ64-GH9J-XM82 vulnerabilities

Vulnerabilities for packages: openssl...

CVE-2026-2673 vulnerabilities

Vulnerabilities for packages: openssl...

CVE-2026-2673 vulnerabilities

Vulnerabilities for packages: openssl, libcrypto3-2.34...

GHSA-WJ64-GH9J-XM82 vulnerabilities

Vulnerabilities for packages: openssl, libcrypto3-2.34...

pyOpenSSL DTLS cookie callback buffer overflow

...

pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback

...

K000160399: Node.js vulnerability CVE-2025-59464

Security Advisory Description A memory leak in Node.js’s OpenSSL integration occurs when converting X.509 certificate fields to UTF-8 without freeing the allocated buffer. When applications call socket.getPeerCertificatetrue, each certificate field leaks memory, allowing remote clients to trigger...

SUSE CVE-2026-27459

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to setcookiegeneratecallback returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0....