23343 matches found
openSUSE Security Advisory (SUSE-SU-2025:01884-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM DataPower Gateway affected by timing side-channel in OpenSSL (CVE-2024-13176)
Summary IBM DataPower Gateway uses OpenSSL for most cryptographic operations. Vulnerability Details CVEID:CVE-2024-13176 DESCRIPTION: Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing...
SUSE-SU-2025:01887-1 Security update for perl-Crypt-OpenSSL-RSA
This update for perl-Crypt-OpenSSL-RSA fixes the following issues: - CVE-2024-2467: Side-channel attack in PKCS1 v1.5 padding mode Marvin Attack bsc1221446...
Security update for perl-Crypt-OpenSSL-RSA
This update for perl-Crypt-OpenSSL-RSA fixes the following issues: CVE-2024-2467: Side-channel attack in PKCS1 v1.5 padding mode Marvin Attack bsc1221446 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
SUSE-SU-2025:01884-1 Security update for perl-Crypt-OpenSSL-RSA
This update for perl-Crypt-OpenSSL-RSA fixes the following issues: - CVE-2024-2467: Side-channel attack in PKCS1 v1.5 padding mode Marvin Attack bsc1221446...
SUSE-SU-2025:01879-1 Security update for nodejs22
This update for nodejs22 fixes the following issues: Update to version 22.15.1. Security issues fixed: - CVE-2025-23166: remotely triggerable process crash due to improper error handling in async cryptographic operations bsc1243218. - CVE-2025-23165: memory leak and unbounded memory growth due to...
Trend Micro Worry-Free Business Security Uncontrolled Search Path Element Arbitrary Code Execution Vulnerability
This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Trend Micro Worry-Free Business Security. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The process loads an...
BIT-MARIADB-MIN-2022-0778 Infinite loop in BN_mod_sqrt() reachable when parsing certificates
The BNmodsqrt function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a...
Malicious code in openssl-pkcs11 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 79dc9baa4004010efe414f668e04f952497b63704184784cffcac6e22d8ce16e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-4861 Malicious code in openssl-pkcs11 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 79dc9baa4004010efe414f668e04f952497b63704184784cffcac6e22d8ce16e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
NewStart CGSL MAIN 7.02 : openssl Multiple Vulnerabilities (NS-SA-2025-0049)
The remote NewStart CGSL host, running version MAIN 7.02, has openssl packages installed that are affected by multiple vulnerabilities: - Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes...
NewStart CGSL MAIN 7.02 : openssl Multiple Vulnerabilities (NS-SA-2025-0088)
The remote NewStart CGSL host, running version MAIN 7.02, has openssl packages installed that are affected by multiple vulnerabilities: - Issue summary: Applications performing certificate name checks e.g., TLS clients checking server certificates may attempt to read an invalid memory address...
CVE-2025-5480
Action1 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Action1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to explo...
CVE-2025-5480
Action1 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Action1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to explo...
CVE-2025-5480
Action1 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Action1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to explo...
CVE-2025-5480 Action1 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
Action1 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Action1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to explo...
CVE-2025-5480
CVE-2025-5480 describes an Uncontrolled Search Path Element Local Privilege Escalation in Action1. The root cause is the product loading an OpenSSL configuration file from an unsecured location, enabling a local attacker who can execute low-privileged code to escalate to SYSTEM and potentially ex...
CVE-2025-5480 Action1 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
Action1 Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Action1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to explo...
Action1 代码问题漏洞
Action1 is a patch management software from Action1, Inc. Action1 suffers from a code issue vulnerability that stems from an insecure OpenSSL configuration file loading location that could lead to local elevation of privilege...
Security update for python-cryptography
This update for python-cryptography fixes the following issues: CVE-2025-3416: openssl: use-after-free in Md::fetch and Cipher::fetch when Some... value passed as properties argument to either function bsc1242631. Patch Instructions: To install this SUSE update use the SUSE recommended installati...