Lucene search
K

23343 matches found

NVD
NVD
added 2025/05/13 2:15 a.m.21 views

CVE-2025-35471

conda-forge openssl-feedstock before 066e83c 2024-05-20, on Microsoft Windows, configures OpenSSL to use an OPENSSLDIR file path that can be written to by non-privilged local users. By writing a specially crafted openssl.cnf file in OPENSSLDIR, a non-privileged local user can execute arbitrary co...

7.8CVSS0.00187EPSS
Exploits1References2
OSV
OSV
added 2025/05/13 2:15 a.m.4 views

CVE-2025-35471

conda-forge openssl-feedstock before 066e83c 2024-05-20, on Microsoft Windows, configures OpenSSL to use an OPENSSLDIR file path that can be written to by non-privilged local users. By writing a specially crafted openssl.cnf file in OPENSSLDIR, a non-privileged local user can execute arbitrary co...

7.8CVSS7.4AI score
Exploits0References2
CVE
CVE
added 2025/05/13 1:13 a.m.49 views

CVE-2025-35471

CVE-2025-35471 affects the conda-forge openssl-feedstock (pre-066e83c, 2024-05-20) on Windows. The issue arises from configuring OpenSSL to use an OPENSSLDIR path writable by non-privileged local users; an attacker can place a crafted openssl.cnf in OPENSSLDIR and trigger arbitrary code execution...

7.8CVSS7.3AI score0.00187EPSS
Exploits1References2Affected Software2
Cvelist
Cvelist
added 2025/05/13 1:13 a.m.18 views

CVE-2025-35471 conda-forge openssl-feedstock writable OPENSSLDIR

conda-forge openssl-feedstock before 066e83c 2024-05-20, on Microsoft Windows, configures OpenSSL to use an OPENSSLDIR file path that can be written to by non-privilged local users. By writing a specially crafted openssl.cnf file in OPENSSLDIR, a non-privileged local user can execute arbitrary co...

7.3CVSS0.00187EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/05/13 1:13 a.m.10 views

CVE-2025-35471 conda-forge openssl-feedstock writable OPENSSLDIR

conda-forge openssl-feedstock before 066e83c 2024-05-20, on Microsoft Windows, configures OpenSSL to use an OPENSSLDIR file path that can be written to by non-privilged local users. By writing a specially crafted openssl.cnf file in OPENSSLDIR, a non-privileged local user can execute arbitrary co...

7.3CVSS7.2AI score0.00187EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/05/13 12:0 a.m.2 views

openssl-feedstock 安全漏洞

openssl-feedstock is a conda smithy repository for openssl open source by conda-forge. A security vulnerability exists in versions prior to openssl-feedstock 066e83c, which stems from an improperly configured path to the OPENSSLDIR file and could lead to the execution of arbitrary code...

7.8CVSS6.8AI score0.00187EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/05/13 12:0 a.m.4 views

PT-2025-20825 · Openssl +2 · Openssl +2

Name of the Vulnerable Software and Affected Versions: Actualizer versions prior to 1.2.0 Description: The issue concerns the use of OpenSSL's -passwd function, which utilizes SHA512 for password hashing, a less suitable algorithm. All Actualizer users building a full Debian Operating System are...

7.5CVSS6.5AI score0.00243EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2025/05/13 12:0 a.m.4 views

PT-2025-20824 · Conda Forge +2 · Conda-Forge Openssl-Feedstock +2

Name of the Vulnerable Software and Affected Versions: conda-forge openssl-feedstock versions before 066e83c 2024-05-20 Miniforge versions before 24.5.0 Description: The issue concerns a configuration in conda-forge openssl-feedstock on Microsoft Windows, where OpenSSL uses an OPENSSLDIR file pat...

7.3CVSS7AI score0.00187EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2025/05/13 12:0 a.m.3 views

RHEL 9 : rpm-ostree (RHSA-2025:7147)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:7147 advisory. The rpm-ostree tool binds together the RPM packaging model with the OSTree model of bootable file system trees. It provides commands that can be used...

6.3CVSS5.4AI score0.00623EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/05/13 12:0 a.m.4 views

RHEL 9 : rust-bootupd (RHSA-2025:7241)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:7241 advisory. Bootloader updater Security Fixes: rust-openssl: rust openssl ssl::selectnextproto use after free CVE-2025-24898 For more details about the security...

6.3CVSS5.4AI score0.00623EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/05/13 12:0 a.m.4 views

RHEL 9 : bootc (RHSA-2025:7160)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:7160 advisory. Bootable container system Security Fixes: rust-openssl: rust openssl ssl::selectnextproto use after free CVE-2025-24898 For more details about the...

6.3CVSS5.4AI score0.00623EPSS
Exploits0References9
AlmaLinux
AlmaLinux
added 2025/05/13 12:0 a.m.10 views

Moderate: rust-bootupd security update

Bootloader updater Security Fixes: rust-openssl: rust openssl ssl::selectnextproto use after free CVE-2025-24898 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section...

6.3CVSS7AI score0.00623EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2025/05/13 12:0 a.m.6 views

Moderate: python3.12-cryptography security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

6.3CVSS7AI score0.00623EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2025/05/13 12:0 a.m.8 views

Moderate: keylime-agent-rust security update

Rust agent for Keylime Security Fixes: rust-openssl: rust openssl ssl::selectnextproto use after free CVE-2025-24898 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References...

6.3CVSS7AI score0.00623EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2025/05/13 12:0 a.m.5 views

Moderate: bootc security update

Bootable container system Security Fixes: rust-openssl: rust openssl ssl::selectnextproto use after free CVE-2025-24898 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References...

6.3CVSS7AI score0.00623EPSS
Exploits0References4
OSV
OSV
added 2025/05/13 12:0 a.m.6 views

ALSA-2025:7317 Moderate: python3.12-cryptography security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

6.3CVSS5.4AI score0.00623EPSS
Exploits0References4
OSV
OSV
added 2025/05/13 12:0 a.m.5 views

ALSA-2025:7241 Moderate: rust-bootupd security update

Bootloader updater Security Fixes: rust-openssl: rust openssl ssl::selectnextproto use after free CVE-2025-24898 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section...

6.3CVSS5AI score0.00623EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2025/05/13 12:0 a.m.4 views

Moderate: rpm-ostree security update

The rpm-ostree tool binds together the RPM packaging model with the OSTree model of bootable file system trees. It provides commands that can be used both on client systems and on server-side composes. The rpm-ostree-client package provides commands for client systems to perform upgrades and...

6.3CVSS7.2AI score0.00623EPSS
Exploits0References4
OSV
OSV
added 2025/05/13 12:0 a.m.5 views

ALSA-2025:7313 Moderate: keylime-agent-rust security update

Rust agent for Keylime Security Fixes: rust-openssl: rust openssl ssl::selectnextproto use after free CVE-2025-24898 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References...

6.3CVSS5.4AI score0.00623EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2025/05/13 12:0 a.m.6 views

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2025-1532)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.1CVSS7.5AI score0.00601EPSS
Exploits0References2
Rows per page
Query Builder