23341 matches found
CLSA-2025-1751271968 openssl: Fix of CVE-2019-1563
CVE-2019-1563: fix information disclosure in PKCS7dataDecode and CMSdecryptset1pkey...
Security update for himmelblau
This update for himmelblau fixes the following issues: CVE-2025-5791: Fixed using deprecated users crate bsc1244202 CVE-2025-3416: Fixed use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate bsc1242648 Update to version 0.7.17+git.0.1ebdab0 Update sccache-action version to use new...
SUSE: Security Advisory (SUSE-SU-2025:02120-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2025-39425
Name of the Vulnerable Software and Affected Versions glib-networking affected versions not specified Description The OpenSSL backend in glib-networking does not correctly validate the return value from the BIO write function call, which can lead to an out-of-bounds read. Recommendations At the...
OESA-2025-1673 perl-Crypt-OpenSSL-RSA security update
encoding and decoding according to using the openSSL libraries Security Fixes: A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an...
[SECURITY] Fedora 41 Update: perl-Crypt-OpenSSL-RSA-0.35-1.fc41
Crypt::OpenSSL::RSA - RSA encoding and decoding, using the openSSL libraries...
[SECURITY] Fedora 42 Update: perl-Crypt-OpenSSL-RSA-0.35-1.fc42
Crypt::OpenSSL::RSA - RSA encoding and decoding, using the openSSL libraries...
SUSE SLES12 Security Update : perl-Crypt-OpenSSL-RSA (SUSE-SU-2025:01887-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:01887-1 advisory. - CVE-2024-2467: Side-channel attack in PKCS1 v1.5 padding mode Marvin Attack bsc1221446 Tenable has extracted the preceding description block directl...
Fedora 41 : perl-Crypt-OpenSSL-RSA (2025-043b7fdbaf)
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-043b7fdbaf advisory. Update to 0.35, fixes CVE-2024-2467 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has no...
SUSE SLED15: libekmfweb1 / libekmfweb1-devel / libkmipclient1 / osasnmpd / etc (SUSE-SU-2025:02017-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02017-1 advisory. Security issues fixed: - CVE-2025-3416: Fixed Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate...
Fedora: Security Advisory (FEDORA-2025-52b352c9cd)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : perl-Crypt-OpenSSL-RSA (SUSE-SU-2025:01884-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:01884-1 advisory. - CVE-2024-2467: Side-channel attack in PKCS1 v1.5 padding mode Marvin Attack bsc1221446 Tenable has...
Security update for go1.24-openssl
This update for go1.24-openssl fixes the following issues: Update to version 1.24.4 bsc1236217: CVE-2025-22874 crypto/x509: ExtKeyUsageAny bypasses policy validation bsc1244158. CVE-2025-0913 os: inconsistent handling of OCREATE|OEXCL on Unix and Windows bsc1244157. CVE-2025-4673 net/http:...
SUSE SLES15: libpython3_11-1_0 / python311 / python311-base / python311-curses / etc (SUSE-SU-2025:02049-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02049-1 advisory. python311 was updated from version 3.11.10 to 3.11.13: - Security issues fixed: CVE-2025-4516: Fixed blocking DecodeError handling...
Fedora 42 : perl-Crypt-OpenSSL-RSA (2025-52b352c9cd)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-52b352c9cd advisory. Update to 0.35, fixes CVE-2024-2467 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has no...
SUSE SLED15: libopenssl-3-devel / libopenssl-3-fips-provider / etc (SUSE-SU-2025:02042-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02042-1 advisory. - CVE-2025-27587: timing side-channel vulnerability in the P-384 implementation when used with ECDSA...
wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL
A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. This flaw allows an attacker to cause an Out of memory OOM issue, leading to a denial of service. The highest threat from this vulnerability is to system availability...
UBUNTU-CVE-2025-5372
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenl...
Double Free
Overview Affected versions of this package are vulnerable to Double Free via the pkikeytoblob function when built with OpenSSL versions older than 3.0. The issue can lead to heap corruption or application instability during error handling in low-memory environments. Workaround This vulnerability...
Use of a Broken or Risky Cryptographic Algorithm
Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm via the sshkdf function when built with OpenSSL versions older than 3.0. An attacker can compromise the confidentiality, integrity, and availability of SSH sessions by triggering...