23343 matches found
CVE-2025-46551
JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. Starting in JRuby-OpenSSL version 0.12.1 and prior to version 0.15.4 corresponding to JRuby versions starting in 9.3.4.0 prior to 9.4.12.1 and 10.0.0.0 prior to 10.0.0.1, when verifying SSL certificates,...
SUSE CVE-2025-3416
A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string...
The vulnerability of the Platform V Pangolin DB database management system, related to data conflicts in BIO structures of OpenSSL, allows attackers to overwrite critical data, limit the ability to establish SSL connections, and cause data leaks from the process’s memory.
The vulnerability of the Platform V Pangolin DB database management system is related to a data conflict in the BIO structures of OpenSSL. Exploiting this vulnerability can allow an attacker to overwrite critical data, limit the ability to establish SSL connections, and cause data leaks from the...
NVIDIA NvContainer Trust Management Issue Vulnerability
NVIDIA NvContainer is a container management service from NVIDIA. NVIDIA NvContainer suffers from a trust management issue vulnerability that stems from a hard-coded path issue in the use of OpenSSL, which could be exploited by an attacker to cause code execution, denial of service, elevation of...
PT-2025-20241 · Jruby · Jruby +1
Name of the Vulnerable Software and Affected Versions: JRuby-OpenSSL versions 0.12.1 through 0.15.3 JRuby versions 9.3.4.0 through 9.4.12.0 JRuby version 10.0.0.0 Description: The issue concerns the verification of SSL certificates. When verifying these certificates, the hostname presented in the...
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2025-1432)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2025-1431)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Enable the haveged Service
The haveged service can generate an unpredictable stream of random numbers in a simple way. These random numbers can fill the system entropy pool, which can solve the problem of low system entropy in some cases. You are advised to enable this service to meet the needs of encryption, decryption, o...
Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to a Denial of Service (CVE-2024-6119) due to the use of OpenSSL
Summary IBM Virtualization Engine TS7700 is susceptible to a denial of service due to the use of OpenSSL CVE-2024-6119. OpenSSL is used in TS7700 to encrypt data in flight during EKM communications, Secure Data Transfer between clusters, and for TS7700 Advanced Object Store for DS8000...
K000151201: OpenSSL vulnerability CVE-2024-12797
Security Advisory Description Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSLVERIFYPEER verification mode is set. Impact summary: TLS and DTLS...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to cryptography-43.0.1-cp37-abi3-manylinux_2_28_x86_64.whl CVE-2024-12797
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to cryptography-43.0.1-cp37-abi3-manylinux228x8664.whl CVE-2024-12797. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-12797 DESCRIPTION: Issue summary: Clients...
EulerOS 2.0 SP12 : openssl (EulerOS-SA-2025-1432)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact...
EulerOS 2.0 SP12 : openssl (EulerOS-SA-2025-1431)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact...
CVE-2025-2545
Vulnerability in Best Practical Solutions, LLC's Request Tracker prior to v5.0.8, where the Triple DES 3DES cryptographic algorithm is used to protect emails sent with S/MIME encryption. Triple DES is considered obsolete and insecure due to its susceptibility to birthday attacks, which could...
Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in OpenSSL (CVE-2024-9143)
Summary A vulnerability in OpenSSL that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-9143 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds memory read or write flaw due to the...
PT-2025-22478
Name of the Vulnerable Software and Affected Versions OpenSSL version 3.5 Description The issue arises from the use of the -addreject option with the openssl x509 application, which adds a trusted use instead of a rejected use for a certificate. This means if a user intends to make a trusted...
[R2] Sensor Proxy Version 1.2.0 Fixes Multiple Vulnerabilities
R2 Sensor Proxy Version 1.2.0 Fixes Multiple Vulnerabilities Arnie Cabral Wed, 04/30/2025 - 12:50 Sensor Proxy leverages third-party software to help provide underlying functionality. Several of the third-party components OpenSSL, Go were found to contain vulnerabilities, and updated versions hav...
Advisory ROSA-SA-2025-2858
Software: openssl 1.1.1k OS: ROSA Virtualization 3.0 packageevrstring: openssl-1.1.1k-14.0.2.rv30 CVE-ID: CVE-2020-1971 BDU-ID: 2021-00872 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the GENERALNAMEcmp function of the OpenSSL library is related to pointer dereferencing errors. Exploitation of...
Advisory ROSA-SA-2025-2857
Software: openssl 1.1.1k OS: ROSA Virtualization 2.1 packageevrstring: openssl-1.1.1.1k-14.0.1.rv3 CVE-ID: CVE-2020-1971 BDU-ID: 2021-00872 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the GENERALNAMEcmp function of the OpenSSL library is related to pointer dereferencing errors. Exploitation of...
Advisory ROSA-SA-2025-2853
Software: openssl 1.1.1k OS: ROSA Virtualization 2.1 packageevrstring: openssl-1.1.1.1k-14.0.1.rv3 CVE-ID: CVE-2024-5535 BDU-ID: 2024-06988 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the SSLselectnextproto function of the TLS and SSL OpenSSL protocol toolkit is related to information disclosure...