Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2026-1034)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2026-1096)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2026-1076)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MiracleLinux 4 : openssl-1.0.0-20.AXS4.1 (AXSA:2012-76:02)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-76:02 advisory. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries...

MiracleLinux 3 : openssl-0.9.8e-12AXS3 (AXSA:2009-388:03)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2009-388:03 advisory. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries...

MiracleLinux 8 : openssl-1.1.1k-14.el8_10 (AXSA:2026-025:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-025:02 advisory. openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap CVE-2025-9230 Tenable has extracted the preceding description block directly from the MiracleLinux...

Oracle Linux 10 : postgresql16 (ELSA-2026-0525)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-0525 advisory. 16.11-1.0.1 - Replace upstream reference Orabug: 37044148 16.11-1 - Update to 16.11 16.10-3 - Add tmpfiles.d configuration for PostgreSQL 16 - Ensures proper...

Linux Distros Unpatched Vulnerability : CVE-2025-59464

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A memory leak in Node.js's OpenSSL integration occurs when converting X.509 certificate fields to UTF-8 without freeing the allocated buffer. When applications...

MiracleLinux 3 : openssl-0.9.8e-12.AXS3.7 (AXSA:2010-510:02)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2010-510:02 advisory. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries...

MiracleLinux 4 : openssl-1.0.0-10.AXS4 (AXSA:2011-715:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-715:01 advisory. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which...

Astra Linux – Vulnerability in OpenSSL

Issue summary: Calling the PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code points can trigger a one-byte write before the allocated buffer. This out-of-bounds write can cause memory corruption, potentially...

Astra Linux – Vulnerability in OpenSSL

Issue Summary: A TLS 1.3 connection that uses certificate compression can be forced to allocate a large buffer before decompression, without checking against the configured certificate size limit. Impact Summary: An attacker can cause per-connection memory allocations of up to approximately 22 Mi...

Astra Linux – Vulnerability in libssh

A flaw was discovered in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected, and libssh may use a partially initialized cipher context. This occurs because the OpenSSL error code returns aliases with the SSH...

Astra Linux – Vulnerability in OpenSSL

Issue summary: Writing large, newline-free data into a BIO chain using the line-buffer filter, where the next BIO performs short writes, can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption, typically resulting in a crash, leading to a...

Astra Linux – Vulnerability in libssh

A flaw was discovered in libssh versions built with OpenSSL versions older than 3.0. The issue lies with the sshkdf function, which is responsible for key derivation. Due to inconsistent interpretation of return values, OpenSSL uses 0 to indicate failure, while libssh uses 0 for success. As a...

Astra Linux – Vulnerability in OpenSSL

Issue summary: Processing a malformed PKCS12 file can lead to a NULL pointer dereference in the PKCS12itemdecryptd2iex function. This can cause a crash, resulting in a Denial of Service for applications processing PKCS12 files. Impact summary: A NULL pointer dereference can trigger a crash, leadi...

Astra Linux – Vulnerability in OpenSSL

Issue summary: There is a type confusion vulnerability in the TimeStamp Response verification code. This vulnerability occurs when accessing a member of the ASN1TYPE union without first validating the type, resulting in an invalid or NULL pointer dereference during processing of a malformed...

Astra Linux – Vulnerability in OpenSSL

Issue Summary: Validation of PBMAC1 parameters in PKCS12 files is missing. This can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereferencing during MAC verification. Impact Summary: The stack buffer overflow or NULL pointer dereferencing may cause a crash, leading to a...

Astra Linux – Vulnerability in OpenSSL

Issue summary: If an application using the SSLCIPHERfind function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL pointer dereference occurs. Impact summary: A NULL pointer dereference leads to abnormal termination of the running process, causing a Denia...

SUSE-SU-2026:20091-1 Security update for hawk2

This update for hawk2 fixes the following issues: - Bump ruby gem rack to 3.1.18 bsc1251939. - Bump ruby gem uri to 1.0.4. - Fix the mtime in manifest.json bsc1230275. - Make builds determinitstic bsc1230275. - Bump rails version from 8.0.2 to 8.0.2.1 bsc1248100. - Require openssl explicitly...