23343 matches found
Security Bulletin: Astronomer with IBM is vulnerable to buffer overflow due to the OpenSSL package (CVE-2021-3711).
Summary OpenSSL is used by Astronomer with IBM as part of secure communications. Vulnerability Details CVEID:CVE-2021-3711 DESCRIPTION: OpenSSL is vulnerable to a buffer overflow, caused by improper bounds checking by the EVPPKEYdecrypt function within implementation of the SM2 decryption. By...
openssl: X.400 address type confusion in X.509 GeneralName
A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled for example, the application sets the X509VFLAGCRLCHECK flag, this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call,...
Important: Red Hat Security Advisory: compat-openssl11 security update
An update for compat-openssl11 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
CVE-2025-47276
Actualizer is a single shell script solution to allow developers and embedded engineers to create Debian operating systems OS. Prior to version 1.2.0, Actualizer uses OpenSSL's "-passwd" function, which uses SHA512 instead of a more suitable password hasher like Yescript/Argon2i. All Actualizer...
Security update for rustup
This update for rustup fixes the following issues: CVE-2025-3416: Fixed use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate bsc1242617 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
SUSE-SU-2025:1560-1 Security update for rustup
This update for rustup fixes the following issues: - CVE-2025-3416: Fixed use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate bsc1242617...
Security update for openssl-1_1
This update for openssl-11 fixes the following issues: CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation bsc1236136. Other bugfixes: Non approved PBKDF parameters wrongly resulting as approved bsc1236771. Patch Instructions: To install this SUSE update use the SUSE...
SUSE-SU-2025:0613-2 Security update for openssl-1_1
This update for openssl-11 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation bsc1236136. Other bugfixes: - Non approved PBKDF parameters wrongly resulting as approved bsc1236771...
SUSE-SU-2025:0613-3 Security update for openssl-1_1
This update for openssl-11 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation bsc1236136. Other bugfixes: - Non approved PBKDF parameters wrongly resulting as approved bsc1236771...
SUSE-SU-2025:1555-1 Security update for go1.22-openssl
This update for go1.22-openssl fixes the following issues: Update to version 1.22.12 bsc1218424: Security fixes: - CVE-2024-45336: net/http: sensitive headers incorrectly sent after cross-domain redirect bsc1236046 - CVE-2024-45341: crypto/x509: usage of IPv6 zone IDs can bypass URI name...
SUSE SLED15: libopenssl-3-devel / libopenssl-3-devel-32bit / etc (SUSE-SU-2025:1550-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:1550-1 advisory. Security: - CVE-2025-27587: Timing side channel vulnerability in the P-384 implementation when used with...
Security update for openssl-3
This update for openssl-3 fixes the following issues: Security: CVE-2025-27587: Timing side channel vulnerability in the P-384 implementation when used with ECDSA in the PPC architecture bsc1240366. Missing null pointer check before accessing handshakefunc in ssllib.c bsc1240607. FIPS: Disabling...
PT-2025-22646 · Openssl +1 · Openssl +1
Name of the Vulnerable Software and Affected Versions: openssl-3 affected versions not specified Description: The issue concerns a timing side channel vulnerability in the P-384 implementation when used with ECDSA in the PPC architecture. Additionally, there is a missing null pointer check before...
Alibaba Cloud Linux 3 : 0148: openssl (ALINUX3-SA-2022:0148)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0148 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-1292: The crehash script does not...
Alibaba Cloud Linux 3 : 0047: openssl (ALINUX3-SA-2024:0047)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0047 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-3446: Issue summary: Checking...
Alibaba Cloud Linux 3 : 0231: grafana (ALINUX3-SA-2024:0231)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0231 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-47875: DOMPurify is a DOM-only,...
Alibaba Cloud Linux 3 : 0044: edk2 (ALINUX3-SA-2023:0044)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2023:0044 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-4304: A timing based side channel...
Alibaba Cloud Linux 3 : 0006: openssl (ALINUX3-SA-2021:0006)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2021:0006 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-1971: The X.509 GeneralName type is a...
Alibaba Cloud Linux 3 : 0130: compat-openssl10 (ALINUX3-SA-2022:0130)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2022:0130 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-0778: The BNmodsqrt function, which comput...
Alibaba Cloud Linux 3 : 0254: iperf3 (ALINUX3-SA-2024:0254)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0254 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-7250: A flaw was found in iperf, ...