13 matches found
Astra Linux - уязвимость в openssl
In addition to the crehash shell command injection identified in CVE-2022-1292, further instances where the crehash script fails to properly sanitize shell metacharacters to prevent command injection were discovered during code reviews. When CVE-2022-1292 was fixed, it wasn’t recognized that ther...
JLSEC-2026-229 In addition to the c_rehash shell command injection identified in CVE-2022-1292, further...
In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there...
JLSEC-2026-230 AES OCB fails to encrypt some bytes
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...
Oracle Linux 9 : openssl (ELSA-2026-1473)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-1473 advisory. - Fix CVE-2025-11187 CVE-2025-15467 CVE-2025-15468 CVE-2025-15469 CVE-2025-66199 CVE-2025-68160 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420...
EUVD-2019-10120
Malware in sbrugna...
PT-2023-4551
Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 41.0.3 Description The issue is related to the functions DH check, DH check ex, and EVP PKEY param check in the OpenSSL library. These functions can cause long delays when checking excessively long DH keys or...
CLSA-2022-1657816793 Fixed CVEs in openssl: CVE-2022-1292, CVE-2022-2068
CVE-2022-1292: crehash: Do not use shell to invoke openssl to prevent command injection - CVE-2022-2068: crehash: Fix file operations to prevent command injection - Update expired SCT certificates...
ALPINE-CVE-2022-2097
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption...
OPENSUSE-SU-2021:2327-1 Security update for nodejs12
This update for nodejs12 fixes the following issues: - update to 12.22.2: - CVE-2021-22918: Out of bounds read bsc1187973 - CVE-2021-23362: ssri Regular Expression Denial of Service and hosted-git-info bsc1187977 - CVE-2021-27290: Regular Expression Denial of Service bsc1187976 - CVE-2021-3450:...
Vulnerabilities fixed in OpenSSL
Two vulnerabilities have been fixed in OpenSSL. A malicious party could potentially exploit the vulnerability with reference CVE-2021-3449 potentially exploit it to cause a denial-of-service. To do this requires sending a specially prepared "renegotiation ClientHello" message needs to be sent fro...
openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey
In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...
SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2019:2055-1)
This update for nodejs8 fixes the following issues : Security issue fixed : CVE-2019-13173: Fixed a potential file overwrite via hardlink in fstream.DirWriter bsc1140290. Non-security issue fixed: Backported fixes for OpenSSL 1.1.1 from nodejs8 bsc1134209. Note that Tenable Network Security has...
SUSE-SU-2019:2055-1 Security update for nodejs8
This update for nodejs8 fixes the following issues: Security issue fixed: - CVE-2019-13173: Fixed a potential file overwrite via hardlink in fstream.DirWriter bsc1140290. Non-security issue fixed: - Backported fixes for OpenSSL 1.1.1 from nodejs8 bsc1134209...