23343 matches found
PT-2025-22646 · Openssl +1 · Openssl +1
Name of the Vulnerable Software and Affected Versions: openssl-3 affected versions not specified Description: The issue concerns a timing side channel vulnerability in the P-384 implementation when used with ECDSA in the PPC architecture. Additionally, there is a missing null pointer check before...
Alibaba Cloud Linux 3 : 0021: openssl (ALINUX3-SA-2021:0021)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0021 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-3449: An OpenSSL TLS server may...
Alibaba Cloud Linux 3 : 0130: compat-openssl10 (ALINUX3-SA-2022:0130)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2022:0130 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-0778: The BNmodsqrt function, which comput...
Alibaba Cloud Linux 3 : 0044: edk2 (ALINUX3-SA-2023:0044)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2023:0044 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-4304: A timing based side channel...
Alibaba Cloud Linux 3 : 0148: openssl (ALINUX3-SA-2022:0148)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0148 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-1292: The crehash script does not...
Alibaba Cloud Linux 3 : 0093: edk2 (ALINUX3-SA-2024:0093)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0093 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-36763: EDK2 is susceptible to a...
Alibaba Cloud Linux 3 : 0254: iperf3 (ALINUX3-SA-2024:0254)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0254 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-7250: A flaw was found in iperf, ...
CVE-2025-47276
Actualizer is a single shell script solution to allow developers and embedded engineers to create Debian operating systems OS. Prior to version 1.2.0, Actualizer uses OpenSSL's "-passwd" function, which uses SHA512 instead of a more suitable password hasher like Yescript/Argon2i. All Actualizer...
CVE-2025-47276 Actualizer Uses OpenSSL's "-passwd" Function Which Uses SHA512 Under The Hood Instead of Proper Password Hasher like Yescript/Argon2i
Actualizer is a single shell script solution to allow developers and embedded engineers to create Debian operating systems OS. Prior to version 1.2.0, Actualizer uses OpenSSL's "-passwd" function, which uses SHA512 instead of a more suitable password hasher like Yescript/Argon2i. All Actualizer...
CVE-2025-47276 Actualizer Uses OpenSSL's "-passwd" Function Which Uses SHA512 Under The Hood Instead of Proper Password Hasher like Yescript/Argon2i
Actualizer is a single shell script solution to allow developers and embedded engineers to create Debian operating systems OS. Prior to version 1.2.0, Actualizer uses OpenSSL's "-passwd" function, which uses SHA512 instead of a more suitable password hasher like Yescript/Argon2i. All Actualizer...
CVE-2025-47276
Actualizer (a Debian OS creator) is affected by CVE-2025-47276 in versions before 1.2.0, due to using OpenSSL’s -passwd which hashes with SHA-512. The vulnerability pertains to password hashing quality for root and Alpha accounts across full OS deployments. Remediation is to upgrade to Actualizer...
nginx: TLS Session Resumption Vulnerability
A flaw was found in nginx. When name-based virtual hosts are configured to share the same IP address and port combination with TLS 1.3 and OpenSSL, a previously authenticated attacker can use session resumption to bypass client certificate authentication requirements on these servers. This...
rust-openssl: rust openssl ssl::select_next_proto use after free
A flaw was found in the rust-openssl package. In certain versions, ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than the client buffer's, this can cau...
rust-openssl: rust openssl ssl::select_next_proto use after free
A flaw was found in the rust-openssl package. In certain versions, ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than the client buffer's, this can cau...
golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads
A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.goL113. The objects leaked are pkey and ctx. That functi...
rust-openssl: rust openssl ssl::select_next_proto use after free
A flaw was found in the rust-openssl package. In certain versions, ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than the client buffer's, this can cau...
Moderate: Red Hat Security Advisory: rpm-ostree security update
An update for rpm-ostree is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
rust-openssl: rust openssl ssl::select_next_proto use after free
A flaw was found in the rust-openssl package. In certain versions, ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than the client buffer's, this can cau...
openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected
A flaw was found in OpenSSL's RFC7250 Raw Public Key RPK authentication. This vulnerability allows man-in-the-middle MITM attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSLVERIFYPEER verification mode being set...
Important: Red Hat Bug Fix Advisory: openssl bug fix and enhancement update
An update for openssl is now available for Red Hat Enterprise Linux 10. For detailed information on changes in this release, see the Red Hat Enterprise Linux 10 Release Notes linked from the References section...