rust-openssl 安全漏洞

rust-openssl is a library from Rust for interacting with the OpenSSL library. A security vulnerability exists in rust-openssl versions prior to 0.10.55, which stems from an out-of-bounds read of X509VerifyParamRef::sethost...

CVE-2023-53159

The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::sethost...

Exploit for Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Openssl

Debian OpenSSL Predictable PRNG - - - Links Original URL: http://metasploit.com/users/hdm/tools/debian-openssl/1 Mirror2 Exploit: + https://www.exploit-db.com/exploits/5622/ Perl3 + https://www.exploit-db.com/exploits/5720/ Python4 + https://www.exploit-db.com/exploits/5632/ Ruby12 Recommend Tool...

CVE-2025-8069

During the AWS Client VPN client installation on Windows devices, the install process references the C:\usr\local\windows-x8664-openssl-localbuild\ssl directory location to fetch the OpenSSL configuration file. As a result, a non-admin user could place arbitrary code in the configuration file. If...

NewStart CGSL MAIN 7.02 : tongsuo Vulnerability (NS-SA-2025-0197)

The remote NewStart CGSL host, running version MAIN 7.02, has tongsuo packages installed that are affected by a vulnerability: - Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platfo...

NewStart CGSL MAIN 7.02 : openssl Multiple Vulnerabilities (NS-SA-2025-0124)

The remote NewStart CGSL host, running version MAIN 7.02, has openssl packages installed that are affected by multiple vulnerabilities: - Issue summary: A bug has been identified in the processing of key and initialisation vector IV lengths. This can lead to potential truncation or overruns durin...

Security Bulletin: IBM i is affected by errors in OpenSSL as part of IBM Portable Utilities for i due to multiple vulnerabilities.

Summary IBM i is affected by errors in OpenSSL as part of IBM Portable Utilities for i as described in the vulnerability details section CVE-2024-9143, CVE-2023-5678, CVE-2024-5535, CVE-2024-0727, CVE-2023-6129, CVE-2023-6237, CVE-2024-2511, CVE-2024-6119, CVE-2024-4603, CVE-2023-5363,...

Amazon AWS Client VPN Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Amazon AWS Client VPN. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

CVE-2025-8069

During the AWS Client VPN client installation on Windows devices, the install process references the C:\usr\local\windows-x8664-openssl-localbuild\ssl directory location to fetch the OpenSSL configuration file. As a result, a non-admin user could place arbitrary code in the configuration file. If...

CVE-2025-8069 Local Privilege Escalation Vulnerability in AWS Client VPN Windows Client

During the AWS Client VPN client installation on Windows devices, the install process references the C:\usr\local\windows-x8664-openssl-localbuild\ssl directory location to fetch the OpenSSL configuration file. As a result, a non-admin user could place arbitrary code in the configuration file. If...

CVE-2025-0664

A locally authenticated, privileged user can craft a malicious OpenSSL configuration file, potentially leading the agent to load an arbitrary local library. This may impair endpoint defenses and allow the attacker to achieve code execution with SYSTEM-level privileges...

PT-2025-30596 · Openssl +1 · Openssl +1

Name of the Vulnerable Software and Affected Versions: AWS Client VPN versions 4.1.0 through 5.2.1 Description: A high-severity vulnerability exists in AWS Client VPN for Windows that allows local privilege escalation. During the client installation process, the software references the directory...

Amazon AWS VPN Client 安全漏洞

Amazon AWS VPN Client is a fully managed remote access VPN solution from Amazon.com, Inc. A security vulnerability exists in Amazon AWS VPN Client versions prior to 5.2.2 that originates from referencing an unprotected OpenSSL configuration file during installation, which could lead to arbitrary...

SUSE CVE-2025-7394

In the OpenSSL compatibility layer implementation, the function RANDpoll was not behaving as expected and leading to the potential for predictable values returned from RANDbytes after fork is called. This can lead to weak or predictable random numbers generated in applications that are both using...

curl: Use after free (or assert triggered) with failed allocations in openssl

Summary: summary of the vulnerability A heap use after free or assertion can be triggered if some allocations fail I am not sure you consider allocations failures to be part of security issues, and I am not sure the issue lies in curl or in openssl, but I still think you want something to be fixe...

CVE-2025-0664

A locally authenticated, privileged user can craft a malicious OpenSSL configuration file, potentially leading the agent to load an arbitrary local library. This may impair endpoint defenses and allow the attacker to achieve code execution with SYSTEM-level privileges...

CVE-2025-0664

A locally authenticated, privileged user can craft a malicious OpenSSL configuration file, potentially leading the agent to load an arbitrary local library. This may impair endpoint defenses and allow the attacker to achieve code execution with SYSTEM-level privileges...

CVE-2025-0664

CVE-2025-0664 affects Trellix Endpoint Security HX Agent. A locally authenticated, privileged user can craft a malicious OpenSSL configuration file, potentially causing the agent to load an arbitrary local library and execute code with SYSTEM privileges. Evidence from multiple sources confirms th...

CVE-2025-0664

A locally authenticated, privileged user can craft a malicious OpenSSL configuration file, potentially leading the agent to load an arbitrary local library. This may impair endpoint defenses and allow the attacker to achieve code execution with SYSTEM-level privileges...

Trellix Endpoint Security 代码注入漏洞

Trellix Endpoint Security ENS is an endpoint security solution from FireEye Trellix USA. A code injection vulnerability exists in the Trellix Endpoint Security HX Agent that originates from a privileged user being able to create a malicious OpenSSL configuration file that could lead to the loadin...