GHSA-V446-XWFM-X7MR vulnerabilities

Vulnerabilities for packages: openssl...

CLSA-2026-1779181743 pyOpenSSL: Fix of CVE-2026-27448

CVE-2026-27448: fix fail-open in settlsextservernamecallback when callback raises exception...

CVE-2025-14406

Soda PDF Desktop Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Soda PDF Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system...

CVE-2025-34192

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.893 and Application versions prior to 20.0.2140 macOS/Linux client deployments are built against OpenSSL 1.0.2h-fips released May 2016, which has been end-of-life since 2019 and is no longer supported by the OpenSSL...

CVE-2025-42927

SAP NetWeaver AS Java application uses Adobe Document Service, installed with a vulnerable version of OpenSSL.Successful exploitation of known vulnerabilities in the outdated OpenSSL library would allow user with high system privileges to access and modify system information.This vulnerability ha...

UBUNTU-CVE-2025-27587

OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVPDigestSign API, and then using the private key to extract the K value nonce from the signatures. Next, based on the bit size of t...

The vulnerability in the x509_main function of the apps/x509.c module in the OpenSSL library allows a attacker to replace the trusted certificate.

The vulnerability of the x509main function in the apps/x509.c module of the OpenSSL library is related to errors in the certificate validation process. Exploiting this vulnerability could allow an attacker to replace the trusted certificate...

The vulnerability of the SSLSelect_next_proto function in TLS and SSL OpenSSL protocols relates to information disclosure, which allows attackers to access confidential data and cause service failures.

The vulnerability of the SSLSelectnextproto function in TLS and SSL OpenSSL relates to the disclosure of information. Exploiting this vulnerability allows a remote attacker to gain access to confidential data and also cause service failures...

squid: Denial of Service in SSL Certificate validation

A flaw was found in Squid. Due to an improper validation of the specified index bug, Squid compiled using --with-openssl is vulnerable to a denial of service attack against SSL Certificate validation. This flaw allows a remote server to perform a denial of service against the Squid Proxy by...

The vulnerability of the OpenSSL cryptographic library, related to errors in the certificate validation process, allows a perpetrator to cause a service failure.

The vulnerability of the OpenSSL cryptographic library is related to errors in the certificate validation process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service failures using a specially created certificate chain...

SUSE CVE-2013-4314

The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate...

SUSE CVE-2013-6420

The asn1timetotimet function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse 1 notBefore and 2 notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service memory...

NVIDIA Omniverse 安全漏洞

Nvidia Omniverse Nucleus is the database and collaboration engine for Nvidia's Omniverse. A security vulnerability exists in NVIDIA Omniverse Nucleus and Omniverse Cache that stems from a vulnerability contained in the OpenSSL configuration. An attacker could exploit this vulnerability to cause...

The vulnerability of the asn1_time_to_time_t function (ext/openssl/openssl.c) in the PHP programming language allows a hacker to execute arbitrary code.

The vulnerability of the asn1timetotimet function in the OpenSSL library, a PHP programming language interpreter, arises due to buffer overflow. Exploiting this vulnerability can allow an attacker to execute arbitrary code remotely...

CVE-2020-36167

An issue was discovered in the server in Veritas Backup Exec through 16.2, 20.6 before hotfix 298543, and 21.1 before hotfix 657517. On start-up, it loads the OpenSSL library from the Installation folder. This library in turn attempts to load the /usr/local/ssl/openssl.cnf configuration file, whi...

Multiple vulnerabilities fixed in IBM Aspera

IBM has fixed several vulnerabilities in the Aspera Suite. The vulnerabilities are in the underlying OpenSSL, cURL libcurl and FasterXML jackson databind software. A malicious party could potentially exploit the vulnerabilities to bypassing security measures, accessing sensitive data and from bei...

The vulnerability of the fill-checking function in the AES-NI implementation of the OpenSSL library allows a perpetrator to gain unauthorized access to confidential data.

The vulnerability of the fill-checking function in the AES-NI implementation of the OpenSSL library is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to confidential data...

The vulnerability of the Montgomery quadradic multiplication algorithm implementation in OpenSSL libraries is related to an error in integer transfer on the x86_64 platform, which allows an attacker to gain unauthorized access to sensitive information.

The vulnerability of the Montgomery quadradic multiplication algorithm implementation in the OpenSSL library is related to an error in arithmetic operations on the x8664 platform. Exploiting this vulnerability may allow a malicious actor, operating remotely, to gain unauthorized access to sensiti...

Apache HTTP Server Denial of Service Vulnerability (CNVD-2019-04946)

Apache HTTP Server is the United States Apache Apache Software Foundation, an open source web server. The server is fast, reliable and can be expanded through a simple API. A denial of service vulnerability exists in the handling of client-side renavigation by modssl in httpd in Apache HTTP Serve...

Vulnerabilities of the Alt Linux SPT operating system, which allow a malicious entity to compromise the integrity and accessibility of transmitted protected information

The numerous vulnerabilities of the OpenSSL cryptographic library for the Alt Linux SPT operating system can lead to the compromise of the integrity and accessibility of transmitted protected information. Exploitation of these vulnerabilities can be carried out remotely...