25 matches found
ROOT-OS-DEBIAN-11-CVE-2026-28387 CVE-2026-28387 in rootio-openssl - Patched by Root
Root has patched CVE-2026-28387 in the rootio-openssl package for Root:Debian:11. Multiple fixed versions available...
Astra Linux - уязвимость в php8.1, php7.3
The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817...
Security update for go1.25-openssl
This update for go1.25-openssl fixes the following issues: Update to go 1.25.8 bsc1244485, jscSLE-18320: CVE-2025-61732: cmd/cgo: discrepancy between Go and C/C++ comment parsing allows for C code smuggling bsc1257692. CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated sessio...
CLSA-2026-1771237525 Fix CVE(s): CVE-2025-69419
SECURITY UPDATE: check return code of UTF8putc - debian/patches/CVE-2025-69419.patch: add missing return code checks for UTF8putc in astrex.c and OPENSSLuni2utf8 in p12utl.c. - CVE-2025-69419...
Security update for go1.25-openssl
This update for go1.25-openssl fixes the following issues: Update to version 1.25.1, released 2025-09-03 bsc1244485. Security issues fixed: CVE-2025-47910: net/http: CrossOriginProtection insecure bypass patterns not limited to exact matches bsc1249141. Other issues fixed: go74822 cmd/go: "get...
Solaris 10 (sparc): 151912-25
SunOS 5.10: SunOS 5.10: OpenSSL 1.0.2 patch. Date this patch was last updated by Sun : Apr/14/25 %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include"compat.inc"; if description scriptid255269; scriptversion"1.1";...
SUSE SLES15 Security Update : go1.24-openssl (SUSE-SU-2025:02837-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02837-1 advisory. Updated to go1.24.6 released 2025-08-06 bsc1236217: - CVE-2025-4674: Fixed unexpected command execution in untrusted VCS...
BIT-LIBPHP-2024-2408 PHP is vulnerable to the Marvin Attack
The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817...
Oracle Linux 9 : keylime-agent-rust (ELSA-2025-7313)
The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-7313 advisory. 0.2.2-2 - Update openssl crate to version 0.10.70 to fix CVE-2025-24898 Tenable has extracted the preceding description block directly from the Oracle Linux...
SUSE CVE-2024-2408
The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817...
OESA-2024-2171 nodejs security update
Node.js is an open-source, cross-platform, JavaScript runtime environment, it executes JavaScript code outside of a browser. Security Fixes: Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to t...
Medium: php8.2
Issue Overview: The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/138...
Medium: php8.1
Issue Overview: The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/138...
CLSA-2024-1719925589 openssl: Fix of 2 CVEs
CVE-2022-1292: crehash: Do not use shell to invoke openssl to prevent command injection - CVE-2022-2068: crehash: Fix file operations to prevent command injection - Update expired smime certificates - Add testing using old certificates sha1 to have both types of certificates sha1, sha256 checked...
AZL-42616 CVE-2024-2408 affecting package php for versions less than 8.3.8-1
The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817...
AZL-42628 CVE-2024-2408 affecting package php for versions less than 8.1.29-1
The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817...
CVE-2024-0727 affecting package openssl for versions less than 1.1.1k-29
CVE-2024-0727 affecting package openssl for versions less than 1.1.1k-29. A patched version of the package is available...
Important: squid
Issue Overview: Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using --with-openssl are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a...
CVE-2022-2097 affecting package openssl 1.1.1k-12
CVE-2022-2097 affecting package openssl 1.1.1k-12. A patched version of the package is available...
Solaris 10 (x86) : 139501-02
SunOS 5.10x86: openssl patch. Date this patch was last updated by Sun : Feb/24/09 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc'; include'compat.inc'; if description...