Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in cryptography-44.0.0-cp37-abi3-macosx_10_9_universal2.whl

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in cryptography-44.0.0-cp37-abi3-macosx109universal2.whl Vulnerability Details CVEID:CVE-2024-12797 DESCRIPTION: Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may fa...

CVE-2025-41721

A high privileged remote attacker can influence the parameters passed to the openssl command due to improper neutralization of special elements when adding a password protected self-signed certificate...

CVE-2025-41721

CVE-2025-41721 describes a command-injection-like issue where a high-privilege remote attacker can influence parameters passed to the openssl command when adding a password-protected self-signed certificate, caused by improper neutralization of special elements. The vulnerability is documented ac...

EUVD-2025-35329

A high privileged remote attacker can influence the parameters passed to the openssl command due to improper neutralization of special elements when adding a password protected self-signed certificate...

CVE-2025-41721 Sauter: Command Injection

A high privileged remote attacker can influence the parameters passed to the openssl command due to improper neutralization of special elements when adding a password protected self-signed certificate...

CVE-2025-41721 Sauter: Command Injection

A high privileged remote attacker can influence the parameters passed to the openssl command due to improper neutralization of special elements when adding a password protected self-signed certificate...

Sauter modu680-AS 命令注入漏洞

Sauter modu680-AS is a modular automation station cum web server from Sauter, Switzerland. A command injection vulnerability exists in Sauter modu680-AS that stems from improper neutralization of special elements when adding password-protected self-signed certificates, which could allow an elevat...

CVE-2025-9230 affecting package openssl for versions less than 3.3.5-1

CVE-2025-9230 affecting package openssl for versions less than 3.3.5-1. An upgraded version of the package is available that resolves this issue...

CVE-2025-9232 affecting package openssl for versions less than 3.3.5-1

CVE-2025-9232 affecting package openssl for versions less than 3.3.5-1. An upgraded version of the package is available that resolves this issue...

SUSE SLED15: libopenssl-1_1-devel / libopenssl1_1 / libopenssl1_1-32bit / etc (SUSE-SU-2025:03635-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03635-1 advisory. - CVE-2025-9230: fixed out of bounds read and write in RFC 3211 KEK unwrap bsc1250232 Tenable has extracted the...

SUSE SLES11: libopenssl1-devel / libopenssl1_0_0 / libopenssl1_0_0-32bit / etc (SUSE-SU-2025:03630-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:03630-1 advisory. - CVE-2025-9230: Fixed out-of-bounds read & write in RFC 3211 KEK unwrap bsc1250232. Tenable has extracted the preceding description block directly fr...

SUSE SLES15 Security Update : openssl-1_1-livepatches (SUSE-SU-2025:03632-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03632-1 advisory. - Add livepatch for CVE-2025-9230 bsc1250410. - Use strong externalization for ssl3setupreadbuffer and ssl3releasereadbuffer - Use strong...

Security update for openssl-3

This update for openssl-3 fixes the following issues: CVE-2025-9230: Fix out-of-bounds read & write in RFC 3211 KEK unwrap bsc1250232 Disable LTO for userspace livepatching jscPED-13245 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

SUSE-SU-2025:20867-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2025-9230: Fix out-of-bounds read & write in RFC 3211 KEK unwrap bsc1250232 - Disable LTO for userspace livepatching jscPED-13245...

JLSEC-2025-97 A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ...

A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenl...

OESA-2025-2489 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read an...

OESA-2025-2490 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read an...

OESA-2025-2488 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read an...

OESA-2025-2487 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read an...

OESA-2025-2486 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read an...