23343 matches found
CVE-2018-20997
An issue was discovered in the openssl crate before 0.10.9 for Rust. A use-after-free occurs in CMS Signing...
CVE-2010-2450
The keygen.sh script in Shibboleth SP 2.0 located in /usr/local/etc/shibboleth by default uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask default 22 instead of chmoding the resulting file itself, so the generated private key is world readable by...
CVE-2013-7373
Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within multiple applications...
CVE-2010-1378
OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows remote attackers to bypass X.509 certificate authentication via an arbitrary certificate issued by a legitimate Certification Authority...
CVE-2025-4575
Issue summary: Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate. Impact summary: If a user intends to make a trusted certificate rejected for a particular use it will be instead marked as trusted for that use. A copy & paste...
OpenSSL Security Advisory 20250522
OpenSSL Security Advisory 20250522 - Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate...
OpenSSL 安全漏洞
OpenSSL is an open source general-purpose cryptographic library capable of implementing the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols from the OpenSSL team. It supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...
Oracle Linux 9 : keylime-agent-rust (ELSA-2025-7313)
The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-7313 advisory. 0.2.2-2 - Update openssl crate to version 0.10.70 to fix CVE-2025-24898 Tenable has extracted the preceding description block directly from the Oracle Linux...
OpenSSL 3.5.0 < 3.5.1 Vulnerability
The version of OpenSSL installed on the remote host is prior to 3.5.1. It is, therefore, affected by a vulnerability as referenced in the 3.5.1 advisory. - Issue summary: Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate...
SUSE: Security Advisory (SUSE-SU-2025:1555-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2009-5057
The S/MIME feature in Open Ticket Request System OTRS before 2.3.4 does not configure the RANDFILE and HOME environment variables for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations,...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation through incorrect assignment of trusted use instead of a rejected use for a certificate when using the -addreject option with the openssl x509 application. If a user intends to make a trusted certificate...
CVE-2009-0130
lib/crypto/csrc/cryptodrv.c in erlang does not properly check the return value from the OpenSSL DSAdoverify function, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a package...
CVE-2009-0128
plugins/crypto/openssl/cryptoopenssl.c in Simple Linux Utility for Resource Management aka SLURM or slurm-llnl does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS...
CVE-2008-7278
The S/MIME feature in Open Ticket Request System OTRS before 2.2.5, and 2.3.x before 2.3.0-beta1, does not properly configure the RANDFILE environment variable for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available fo...
curl: Stack Buffer Overflow in curl's OpenSSL Provider Handling
Summary Hello curl Team, I found a stack buffer overflow in curl's OpenSSL provider handling code. The bug is in osslsetprovider function located in lib/vtls/openssl.c. When a provider name longer than MAXPROVIDERLEN is passed, the function copies it to a fixed-size buffer without proper length...
Security update for python-maturin
This update for python-maturin fixes the following issues: CVE-2025-3416: openssl: use-after-free in Md::fetch and Cipher::fetch when Some... value passed as properties argument to either function bsc1242631. CVE-2025-4574: crossbeam-channel: double-free leading to possible memory corruption in...
Important: Red Hat Security Advisory: compat-openssl11 security update
An update for compat-openssl11 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...
openssl: X.400 address type confusion in X.509 GeneralName
A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled for example, the application sets the X509VFLAGCRLCHECK flag, this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call,...
Important: Red Hat Security Advisory: compat-openssl10 security update
An update for compat-openssl10 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...