23341 matches found
PT-2025-30237 · Openssl · Openssl
Name of the Vulnerable Software and Affected Versions: OpenSSL affected versions not specified Description: A locally authenticated, privileged user can create a malicious OpenSSL configuration file, potentially causing the agent to load an arbitrary local library. This could compromise endpoint...
CVE-2025-7394
In the OpenSSL compatibility layer implementation, the function RANDpoll was not behaving as expected and leading to the potential for predictable values returned from RANDbytes after fork is called. This can lead to weak or predictable random numbers generated in applications that are both using...
curl: OpenSSL HTTP/3 bogus CURLINFO_TLS_SSL_PTR
Summary: curleasygetinfo CURLINFOTLSSSLPTR appears to return invalid SSL connection pointer for OpenSSL HTTP/3 connections. Using this SSL connection results in a crash, and potential other impacts. This issue does not happen with libcurl 8.14.1, suggesting that the bug is in libcurl itself or...
CBL Mariner 2.0 Security Update: libssh (CVE-2025-5987)
The version of libssh installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-5987 advisory. - A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to...
CVE-2025-7394
In the OpenSSL compatibility layer implementation, the function RANDpoll was not behaving as expected and leading to the potential for predictable values returned from RANDbytes after fork is called. This can lead to weak or predictable random numbers generated in applications that are both using...
CVE-2025-7394
In the OpenSSL compatibility layer implementation, the function RANDpoll was not behaving as expected and leading to the potential for predictable values returned from RANDbytes after fork is called. This can lead to weak or predictable random numbers generated in applications that are both using...
CVE-2025-7394
In the OpenSSL compatibility layer implementation, the function RANDpoll was not behaving as expected and leading to the potential for predictable values returned from RANDbytes after fork is called. This can lead to weak or predictable random numbers generated in applications that are both using...
CVE-2025-7394
In CVE-2025-7394, the OpenSSL compatibility layer’s RAND_poll() misbehavior can yield predictable random values from RAND_bytes() when fork() occurs, affecting only applications that call RAND_bytes() after forking (not internal TLS operations). WolfSSL implemented a complementary change so RAND_...
CVE-2025-7394
In the OpenSSL compatibility layer implementation, the function RANDpoll was not behaving as expected and leading to the potential for predictable values returned from RANDbytes after fork is called. This can lead to weak or predictable random numbers generated in applications that are both using...
CVE-2025-7394
In the OpenSSL compatibility layer implementation, the function RANDpoll was not behaving as expected and leading to the potential for predictable values returned from RANDbytes after fork is called. This can lead to weak or predictable random numbers generated in applications that are both using...
OpenSSL 安全漏洞
OpenSSL is an open source general-purpose cryptographic library capable of implementing the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols from the OpenSSL team. It supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...
Fedora 41 : php (2025-da047483d8)
The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-da047483d8 advisory. PHP version 8.3.23 03 Jul 2025 Core: Fixed GH-18695 zendastexport - float number is not preserved. Oleg Efimov Do not delete main chunk in zendgc...
CVE-2025-4662
Brocade SANnav before SANnav 2.4.0a logs plaintext passphrases in the Brocade SANnav host server audit logs while executing OpenSSL command using a passphrase from the command line or while providing the passphrase through a temporary file. These audit logs are the local server VM’s audit logs an...
OESA-2025-1802 edk2 security update
EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications th...
CVE-2025-4662
Brocade SANnav before SANnav 2.4.0a logs plaintext passphrases in the Brocade SANnav host server audit logs while executing OpenSSL command using a passphrase from the command line or while providing the passphrase through a temporary file. These audit logs are the local server VM’s audit logs an...
CVE-2025-4662 Plaintext security passwords are logged in the audit logs while executing openssl cmd
Brocade SANnav before SANnav 2.4.0a logs plaintext passphrases in the Brocade SANnav host server audit logs while executing OpenSSL command using a passphrase from the command line or while providing the passphrase through a temporary file. These audit logs are the local server VM’s audit logs an...
CVE-2025-4662 Plaintext security passwords are logged in the audit logs while executing openssl cmd
Brocade SANnav before SANnav 2.4.0a logs plaintext passphrases in the Brocade SANnav host server audit logs while executing OpenSSL command using a passphrase from the command line or while providing the passphrase through a temporary file. These audit logs are the local server VM’s audit logs an...
CVE-2025-4662
Brocade SANnav versions prior to 2.4.0a expose plaintext passphrases by logging them in the host server audit logs during OpenSSL command execution or when passphrases are supplied via temporary files. These audit logs are local to the server VM and not controlled by SANnav, and are only visible ...
Security update for afterburn
This update for afterburn fixes the following issues: Update to version 5.8.2: cargo: Afterburn release 5.8.2 docs/release-notes: update for release 5.8.2 cargo: update dependencies packit: add initial support Update to version 5.7.0: builddeps: bump crossbeam-channel from 0.5.13 to 0.5.15...
SUSE-SU-2025:20474-1 Security update for afterburn
This update for afterburn fixes the following issues: - Update to version 5.8.2: cargo: Afterburn release 5.8.2 docs/release-notes: update for release 5.8.2 cargo: update dependencies packit: add initial support - Update to version 5.7.0: builddeps: bump crossbeam-channel from 0.5.13 to 0.5.15...