23343 matches found
ZTE ZXCLOUD iRAI 代码问题漏洞
The ZTE ZXCLOUD iRAI is a virtualized device from China’s ZTE Corporation. The ZTE ZXCLOUD iRAI has a code vulnerability, which stems from an issue with the openssl.cnf permission escalation. This vulnerability could allow attackers to execute arbitrary code locally and escalate their privileges...
RHEL 9 : Satellite 6.18.5 Async Update (Important) (RHSA-2026:14835)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:14835 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity t...
RHEL 9 : Satellite 6.17.8 Async Update (Important) (RHSA-2026:14873)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:14873 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity t...
PT-2026-38328
There exists an openssl.cnf privilege escalation vulnerability in ZTE Cloud PC client uSmartview. An attacker can execute arbitrary code locally and escalate privileges...
curl: CURLOPT_PROXY_CRLFILE / CURLOPT_PROXY_ISSUERCERT / CURLOPT_PROXY_ISSUERCERT_BLOB silently ignored on backends that don't support them
From the Mythos report 2026-05-06 F1. CURLOPTPROXYCRLFILE / CURLOPTPROXYISSUERCERT / CURLOPTPROXYISSUERCERTBLOB silently ignored on backends that don't support them — severity Low https://github.com/curl/curl/blob/455bebc2c7/lib/setopt.cL1786-L1797...
CVE-2026-41898 vulnerabilities
Vulnerabilities for packages: sccache, deno, guestproxyagent, rustls-openssl-client, sqlx, typst, vector, rustup, sdp-k8s-injector, bootc, rpm-sequoia, ztunnel-fips, komodo, valkey-ldap, sentry-cli...
[SECURITY] Fedora 43 Update: pyOpenSSL-26.1.0-1.fc43
High-level wrapper around a subset of the OpenSSL library, includes among oth ers SSL.Connection objects, wrapping the methods of Python's portable sockets Callbacks written in Python Extensive error-handling mechanism, mirroring OpenSSL's error codes...
Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: openssl: openssl-3.5.6-0.3.hum1 aarch64, x8664 openssl-config-fips-3.5.6-0.3.hum1 aarch64, x8664 openssl-devel-3.5.6-0.3.hum1 aarch64, x8664 openssl-devel-engine-3.5.6-0.3.hum1 aarch64, x8664...
CLSA-2026-1778072039 openssl: Fix of CVE-2026-31790
CVE-2026-31790: fix RSA KEM RSASVE encapsulation memory leak by validating RSApublicencrypt return value and cleansing secret on failure...
CLSA-2026-1778071148 openssl: Fix of 4 CVEs
CVE-2026-28387: fix use of OPENSSLfree instead of X509free on dane-mcert in danematch X509 reference-count bypass / UAF - CVE-2026-28388: fix NULL deref in checkdeltabase when a delta CRL carries the Delta CRL Indicator extension but lacks a CRL Number - CVE-2026-28389: fix NULL deref in...
Security update for openssl-3
This update for openssl-3 fixes the following issue: CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo bsc1261678. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
SUSE-SU-2026:1711-1 Security update for openssl-3
This update for openssl-3 fixes the following issue: - CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo bsc1261678...
[SECURITY] Fedora 44 Update: pyOpenSSL-26.1.0-1.fc44
High-level wrapper around a subset of the OpenSSL library, includes among oth ers SSL.Connection objects, wrapping the methods of Python's portable sockets Callbacks written in Python Extensive error-handling mechanism, mirroring OpenSSL's error codes...
PT-2026-37625
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 OpenSSL 3.x Description An inappropriate implementation in Tint within Google Chrome allows a remote attacker to potentially perform a sandbox escape using a crafted HTML page. In OpenSSL, a...
Fedora 43 : krb5 (2026-684396998a)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-684396998a advisory. - Fix NegoEx parsing vulnerabilities CVE-2026-40355, CVE-2026-40356 - Add upstream patches to build against openssl 4.0 - Make configure.ac work wit...
CLSA-2026-1778020314 openssl: Fix of CVE-2026-28388
CVE-2026-28388: fix NULL pointer dereference in checkdeltabase when delta CRL lacks CRL Number extension...
CLSA-2026-1778020035 openssl: Fix of CVE-2026-28388
CVE-2026-28388: fix NULL pointer dereference in checkdeltabase when delta CRL lacks CRL Number extension...
rust-openssl has undefined behavior in X509Ref::ocsp_responders for certificates with non-UTF-8 OCSP URLs
X509Ref::ocspresponders returns OCSP responder URLs from a certificate's AIA extension as OpensslString, whose Deref wraps the raw bytes with str::fromutf8unchecked. OpenSSL does not enforce that the underlying IA5String is ASCII, so a certificate with non-UTF-8 bytes in its OCSP accessLocation...
CLSA-2026-1777566580 openssl: Fix of CVE-2026-28390
CVE-2026-28390: fix NULL pointer dereference in rsacmsdecrypt when CMS RSA-OAEP pSourceFunc is missing its parameter...
CLSA-2026-1777948139 openssl: Fix of CVE-2026-31790
CVE-2026-31790: fix RSA KEM RSASVE encapsulation memory leak by validating RSApublicencrypt return value and cleansing secret on failure...