23343 matches found
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to openssl-0.10.70.crate CVE-2025-3416
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to openssl-0.10.70.crate CVE-2025-3416. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-3416 DESCRIPTION: A flaw was found in OpenSSL's handling of the properties...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to openssl-0.10.64.crate CVE-2025-24898
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to openssl-0.10.64.crate CVE-2025-24898. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-24898 DESCRIPTION: rust-openssl is a set of OpenSSL bindings for the Rust...
SUSE CVE-2025-48057
Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Prior to versions 2.12.12, 2.13.12, and 2.14.6, the VerifyCertificate function can be tricked into incorrectly treating certificates as vali...
GHSA-V8QH-5C5W-48PP vulnerabilities
Vulnerabilities for packages: openssl...
CVE-2025-4575 vulnerabilities
Vulnerabilities for packages: openssl...
GHSA-V8QH-5C5W-48PP vulnerabilities
Vulnerabilities for packages: libcrypto3-2.34, openssl...
CVE-2025-4575 vulnerabilities
Vulnerabilities for packages: libcrypto3-2.34, openssl...
Security update for go1.23-openssl
This update for go1.23-openssl fixes the following issues: Update to version 1.23.9 bsc1229122: Security fixes: CVE-2024-45336: net/http: sensitive headers incorrectly sent after cross-domain redirect bsc1236046 CVE-2024-45341: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints...
SUSE-SU-2025:01731-1 Security update for go1.23-openssl
This update for go1.23-openssl fixes the following issues: Update to version 1.23.9 bsc1229122: Security fixes: - CVE-2024-45336: net/http: sensitive headers incorrectly sent after cross-domain redirect bsc1236046 - CVE-2024-45341: crypto/x509: usage of IPv6 zone IDs can bypass URI name constrain...
CVE-2025-48057
Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Prior to versions 2.12.12, 2.13.12, and 2.14.6, the VerifyCertificate function can be tricked into incorrectly treating certificates as vali...
DEBIAN-CVE-2025-48057
Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Prior to versions 2.12.12, 2.13.12, and 2.14.6, the VerifyCertificate function can be tricked into incorrectly treating certificates as vali...
CVE-2025-48057 Icinga 2 certificate renewal might incorrectly renew an invalid certificate
Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Prior to versions 2.12.12, 2.13.12, and 2.14.6, the VerifyCertificate function can be tricked into incorrectly treating certificates as vali...
CVE-2025-48057
The CVE-2025-48057 issue affects Icinga 2: when built with OpenSSL older than 1.1.0, the VerifyCertificate() function can incorrectly treat a certificate as valid, enabling an attacker to cause a malicious certificate request to be treated as a renewal of an existing certificate and impersonate t...
CVE-2025-48057 Icinga 2 certificate renewal might incorrectly renew an invalid certificate
Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Prior to versions 2.12.12, 2.13.12, and 2.14.6, the VerifyCertificate function can be tricked into incorrectly treating certificates as vali...
CVE-2025-48057 Icinga 2 certificate renewal might incorrectly renew an invalid certificate
Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Prior to versions 2.12.12, 2.13.12, and 2.14.6, the VerifyCertificate function can be tricked into incorrectly treating certificates as vali...
K000151542: OpenSSL vulnerability CVE-2025-4575
Security Advisory Description Issue summary: Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate. Impact summary: If a user intends to make a trusted certificate rejected for a particular use it will be instead marked as truste...
PT-2025-22986
Name of the Vulnerable Software and Affected Versions Icinga 2 versions prior to 2.12.12 Icinga 2 versions prior to 2.13.12 Icinga 2 versions prior to 2.14.6 Description The issue affects Icinga 2, a monitoring system that checks network resource availability and generates performance data. It...
Alibaba Cloud Linux 3 : 0073: compat-openssl10 (ALINUX3-SA-2025:0073)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2025:0073 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-0286: There is a type confusion...
ABB M2M Gateway Information Disclosure in embedded OpenSSL (CVE-2013-0169)
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct...
RHEL 9 : python3.12-cryptography (RHSA-2025:7317)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:7317 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...