cn.herodotus.engine:oauth2-authentication-autoconfigure (>=3.5.5.3 <=3.5.6.2), cn.herodotus.engine:oauth2-authorization-server-autoconfigure (>=3.3.0.5 <=3.5.5.2) +2 more potentially affected by CVE-2026-23967 via org.webjars.npm:sm-crypto (=0.3.13)

org.webjars.npm:sm-crypto MAVEN version =0.3.13 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:sm-crypto and may be impacted: - cn.herodotus.engine:oauth2-authentication-autoconfigure =3.5.5.3, =3.3.0.5, =3.3.0.5, =3.5.5.3, =3.5.6.2...

EulerOS 2.0 SP3 : openssl (EulerOS-SA-2019-2642)

According to the version of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. Th...

Insecure Path Defaults

OpenSSL has Insecure Path Defaults. When installed on a Windows machine, the default OPENSSLDIR is C:/usr/local which is world writable. This allows an attacker to modify OpenSSL's default configuration, insert CA certificates, modify or even replace existing engine modules, etc...

Security updates for all active release lines, September 2016

Security updates for all active release lines, September 2016 Update 27-September-2016 Releases available Updates are now available for all active Node.js release lines. These include the recently published versions of OpenSSL 1.0.1 and 1.0.2 as well as fixes for some Node.js-specific...