CVE-2025-41721

CVE-2025-41721 describes a command-injection-like issue where a high-privilege remote attacker can influence parameters passed to the openssl command when adding a password-protected self-signed certificate, caused by improper neutralization of special elements. The vulnerability is documented ac...

CVE-2025-41721 Sauter: Command Injection

A high privileged remote attacker can influence the parameters passed to the openssl command due to improper neutralization of special elements when adding a password protected self-signed certificate...

CVE-2025-4662

Brocade SANnav before SANnav 2.4.0a logs plaintext passphrases in the Brocade SANnav host server audit logs while executing OpenSSL command using a passphrase from the command line or while providing the passphrase through a temporary file. These audit logs are the local server VM’s audit logs an...

CVE-2025-4662

Brocade SANnav before SANnav 2.4.0a logs plaintext passphrases in the Brocade SANnav host server audit logs while executing OpenSSL command using a passphrase from the command line or while providing the passphrase through a temporary file. These audit logs are the local server VM’s audit logs an...

CVE-2025-4662 Plaintext security passwords are logged in the audit logs while executing openssl cmd

Brocade SANnav before SANnav 2.4.0a logs plaintext passphrases in the Brocade SANnav host server audit logs while executing OpenSSL command using a passphrase from the command line or while providing the passphrase through a temporary file. These audit logs are the local server VM’s audit logs an...

CVE-2025-4662

Brocade SANnav versions prior to 2.4.0a expose plaintext passphrases by logging them in the host server audit logs during OpenSSL command execution or when passphrases are supplied via temporary files. These audit logs are local to the server VM and not controlled by SANnav, and are only visible ...

Plaintext security passwords are logged in the audit logs while executing openssl cmd (CVE-2025-4662)

Brocade SANnav before SANnav 2.4.0a logs plaintext passphrases in the Brocade SANnav host server audit logs while executing OpenSSL command using a passphrase from the command line or while providing the passphrase through a temporary file. These audit logs are the local server VM’s audit logs an...

DEBIAN-CVE-2025-4575

Issue summary: Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate. Impact summary: If a user intends to make a trusted certificate rejected for a particular use it will be instead marked as trusted for that use. A copy & paste...

SUSE-SU-2022:2182-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2022-1292: Fixed command injection in crehash bsc1199166. - CVE-2022-2068: Fixed more shell code injection issues in crehash. bsc1200550...

SUSE-SU-2022:2106-1 Security update for openssl-1_0_0

This update for openssl-100 fixes the following issues: - CVE-2022-1292: Fixed command injection in crehash bsc1199166...

Design/Logic Flaw

1 lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and 2 lib/backup/cli/utility.rb in the backupchecksum gem 3.0.23 for Ruby place credentials on the openssl command line, which allows local users to obtain sensitive information by listing the process...

CVE-2014-4993

1 lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and 2 lib/backup/cli/utility.rb in the backupchecksum gem 3.0.23 for Ruby place credentials on the openssl command line, which allows local users to obtain sensitive information by listing the process...

IBM Tivoli Workload Scheduler Distributed OpenSSL command line utility information disclosure vulnerability

IBM Tivoli Workload Scheduler Distributed is a suite of enterprise task scheduling software from IBM, USA. The software enables automated, scheduled control of workloads.OpenSSL command line utility is one of the command line utilities. An information disclosure vulnerability exists in the OpenSS...

FEI news router K1 information disclosure vulnerability

Reference source: FEI news mainstream router K1 loopholes and collect user information FEI news PSG1208K1is Fibonacci Telecommunications Company, the main push of a home router product, we through the analysis of a router firmware find there are a lot of problems. First, we use a firmware analysi...

MD5 vulnerable to collision attacks

Overview Weaknesses in the MD5 algorithm allow for collisions in output. As a result, attackers can generate cryptographic tokens or other data that illegitimately appear to be authentic. Description A secure cryptographic hash algorithm is one that generates a unique identifier of a fixed size...