23343 matches found
CVE-2025-35471
conda-forge openssl-feedstock before 066e83c 2024-05-20, on Microsoft Windows, configures OpenSSL to use an OPENSSLDIR file path that can be written to by non-privilged local users. By writing a specially crafted openssl.cnf file in OPENSSLDIR, a non-privileged local user can execute arbitrary co...
CVE-2025-35471
conda-forge openssl-feedstock before 066e83c 2024-05-20, on Microsoft Windows, configures OpenSSL to use an OPENSSLDIR file path that can be written to by non-privilged local users. By writing a specially crafted openssl.cnf file in OPENSSLDIR, a non-privileged local user can execute arbitrary co...
CVE-2025-35471
CVE-2025-35471 affects the conda-forge openssl-feedstock (pre-066e83c, 2024-05-20) on Windows. The issue arises from configuring OpenSSL to use an OPENSSLDIR path writable by non-privileged local users; an attacker can place a crafted openssl.cnf in OPENSSLDIR and trigger arbitrary code execution...
CVE-2025-35471 conda-forge openssl-feedstock writable OPENSSLDIR
conda-forge openssl-feedstock before 066e83c 2024-05-20, on Microsoft Windows, configures OpenSSL to use an OPENSSLDIR file path that can be written to by non-privilged local users. By writing a specially crafted openssl.cnf file in OPENSSLDIR, a non-privileged local user can execute arbitrary co...
CVE-2025-35471 conda-forge openssl-feedstock writable OPENSSLDIR
conda-forge openssl-feedstock before 066e83c 2024-05-20, on Microsoft Windows, configures OpenSSL to use an OPENSSLDIR file path that can be written to by non-privilged local users. By writing a specially crafted openssl.cnf file in OPENSSLDIR, a non-privileged local user can execute arbitrary co...
openssl-feedstock 安全漏洞
openssl-feedstock is a conda smithy repository for openssl open source by conda-forge. A security vulnerability exists in versions prior to openssl-feedstock 066e83c, which stems from an improperly configured path to the OPENSSLDIR file and could lead to the execution of arbitrary code...
PT-2025-20825 · Openssl +2 · Openssl +2
Name of the Vulnerable Software and Affected Versions: Actualizer versions prior to 1.2.0 Description: The issue concerns the use of OpenSSL's -passwd function, which utilizes SHA512 for password hashing, a less suitable algorithm. All Actualizer users building a full Debian Operating System are...
PT-2025-20824 · Conda Forge +2 · Conda-Forge Openssl-Feedstock +2
Name of the Vulnerable Software and Affected Versions: conda-forge openssl-feedstock versions before 066e83c 2024-05-20 Miniforge versions before 24.5.0 Description: The issue concerns a configuration in conda-forge openssl-feedstock on Microsoft Windows, where OpenSSL uses an OPENSSLDIR file pat...
RHEL 9 : rpm-ostree (RHSA-2025:7147)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:7147 advisory. The rpm-ostree tool binds together the RPM packaging model with the OSTree model of bootable file system trees. It provides commands that can be used...
RHEL 9 : rust-bootupd (RHSA-2025:7241)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:7241 advisory. Bootloader updater Security Fixes: rust-openssl: rust openssl ssl::selectnextproto use after free CVE-2025-24898 For more details about the security...
RHEL 9 : bootc (RHSA-2025:7160)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:7160 advisory. Bootable container system Security Fixes: rust-openssl: rust openssl ssl::selectnextproto use after free CVE-2025-24898 For more details about the...
Moderate: rust-bootupd security update
Bootloader updater Security Fixes: rust-openssl: rust openssl ssl::selectnextproto use after free CVE-2025-24898 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section...
Moderate: python3.12-cryptography security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Moderate: keylime-agent-rust security update
Rust agent for Keylime Security Fixes: rust-openssl: rust openssl ssl::selectnextproto use after free CVE-2025-24898 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References...
Moderate: bootc security update
Bootable container system Security Fixes: rust-openssl: rust openssl ssl::selectnextproto use after free CVE-2025-24898 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References...
ALSA-2025:7317 Moderate: python3.12-cryptography security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
ALSA-2025:7241 Moderate: rust-bootupd security update
Bootloader updater Security Fixes: rust-openssl: rust openssl ssl::selectnextproto use after free CVE-2025-24898 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section...
Moderate: rpm-ostree security update
The rpm-ostree tool binds together the RPM packaging model with the OSTree model of bootable file system trees. It provides commands that can be used both on client systems and on server-side composes. The rpm-ostree-client package provides commands for client systems to perform upgrades and...
ALSA-2025:7313 Moderate: keylime-agent-rust security update
Rust agent for Keylime Security Fixes: rust-openssl: rust openssl ssl::selectnextproto use after free CVE-2025-24898 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References...
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2025-1532)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...