64 matches found
EUVD-2023-28074
Malicious code in bioql PyPI...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : rustup (SUSE-SU-2025:03298-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03298-1 advisory. - CVE-2024-12224: Fixed improper validation of unsafe equivalence in punycode bsc1243862 -...
SUSE-SU-2025:03306-1 Security update for sevctl
This update for sevctl fixes the following issues: - CVE-2024-12224: idna: Fixed improper validation of unsafe equivalence in punycode. bsc1243860 - CVE-2025-3416: openssl: Fixed use-after-free in Md::fetch and Cipher::fetch bsc1242618...
ALSA-2025:16046 Moderate: mysql:8.4 security update
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. Security Fixes: openssl: Timing side-channel in ECDSA signature computation CVE-2024-13176 mysql: mysqldump unspecified vulnerability CPU Apr 2025...
SUSE-SU-2025:02811-1 Security update for rust-keylime
This update for rust-keylime fixes the following issues: - Update to version 0.2.7+141: CVE-2025-58266: shlex: Fixed command injection bsc1247193 - Update to version 0.2.7+117: CVE-2023-26964: rust-keylime: hyper,h2: stream stacking when H2 processing HTTP2 RSTSTREAM frames bsc1210344...
CVE-2025-7394
In the OpenSSL compatibility layer implementation, the function RANDpoll was not behaving as expected and leading to the potential for predictable values returned from RANDbytes after fork is called. This can lead to weak or predictable random numbers generated in applications that are both using...
CVE-2025-5372 Libssh: incorrect return code handling in ssh_kdf() in libssh
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenl...
Security update for python-cryptography
This update for python-cryptography fixes the following issues: CVE-2025-3416: openssl: use-after-free in Md::fetch and Cipher::fetch when Some... value passed as properties argument to either function bsc1242631. Patch Instructions: To install this SUSE update use the SUSE recommended installati...
CVE-2025-4575
OpenSSL CVE-2025-4575 affects the x509 application in OpenSSL 3.5 (and related mentions in 3.0–3.4 are not affected). A copy-paste error during minor refactoring causes the -addreject option to mark a certificate as trusted for a use instead of rejecting it, meaning a certificate intended to be r...
Alibaba Cloud Linux 3 : 0227: openssl (ALINUX3-SA-2024:0227)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0227 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-5535: Issue summary: Calling the OpenSSL A...
CVE-2025-23253
NVIDIA NvContainer service for Windows contains a vulnerability in its usage of OpenSSL, where an attacker could exploit a hard-coded constant issue by copying a malicious DLL in a hard-coded path. A successful exploit of this vulnerability might lead to code execution, denial of service,...
CVE-2025-23253
CVE-2025-23253 affects NVIDIA NvContainer service for Windows, where a hard-coded path in OpenSSL usage could be exploited by copying a malicious DLL to a fixed path, potentially enabling code execution, DoS, privilege escalation, information disclosure, or data tampering. Affected product: NVIDI...
Siemens SCALANCE X-200RNA Switch Devices Resource Management Errors (CVE-2015-1792)
The dofreeupto function in crypto/cms/cmssmime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service infinite loop via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an...
Siemens SCALANCE X-200RNA Switch Devices Use After Free (CVE-2015-0209)
Use-after-free vulnerability in the d2iECPrivateKey function in crypto/ec/ecasn1.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow remote attackers to cause a denial of service memory corruption and application crash or possibly have...
Linux Distros Unpatched Vulnerability : CVE-2015-0286
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ASN1TYPEcmp function in crypto/asn1/atype.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly...
Linux Distros Unpatched Vulnerability : CVE-2014-3513
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory leak in d1srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service memory consumption via a...
Linux Distros Unpatched Vulnerability : CVE-2016-2109
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The asn1d2ireadbio function in crypto/asn1/ad2ifp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to...
Linux Distros Unpatched Vulnerability : CVE-2016-2105
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in the EVPEncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a deni...
Linux Distros Unpatched Vulnerability : CVE-2012-2110
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The asn1d2ireadbio function in crypto/asn1/ad2ifp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer...
Linux Distros Unpatched Vulnerability : CVE-2016-2842
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The doaproutch function in crypto/bio/bprint.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds,...