10 matches found
MiracleLinux 8 : openssl-1.1.1k-16.el8_6 (AXSA:2026-792:09)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-792:09 advisory. openssl: Use After Free with SSLfreebuffers CVE-2024-4741 openssl: Heap Use-After-Free in OpenSSL PKCS7verify CVE-2026-45447 Tenable has extracted th...
Security update for snpguest
This update for snpguest fixes the following issues: CVE-2024-12224: idna: acceptance of Punycode labels that do not produce any non-ASCII output may lead to incorrect hostname comparisons and incorrect URL parsing bsc1243869. CVE-2025-3416: openssl: use-after-free in Md::fetch and Cipher::fetch...
SUSE SLES15 / openSUSE 15 Security Update : sevctl (SUSE-SU-2025:03307-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03307-1 advisory. - CVE-2024-12224: idna: Fixed improper validation of unsafe equivalence in punycode. bsc1243860 - CVE-2025-3416:...
SUSE-SU-2025:20783-1 Security update for sevctl
This update for sevctl fixes the following issues: - CVE-2025-3416: openssl: Fixed Use-After-Free in Md::fetch and Cipher::fetch bsc1242618 - CVE-2024-12224: idna: Fixed Punycode improper validation bsc1243860...
SUSE-SU-2025:20716-1 Security update for sevctl
This update for sevctl fixes the following issues: - CVE-2025-3416: openssl: Fixed Use-After-Free in Md::fetch and Cipher::fetch bsc1242618 - CVE-2024-12224: idna: Fixed Punycode labels not producing any non-ASCII when decode bsc1243860...
SUSE-SU-2025:02809-1 Security update for rust-keylime
This update for rust-keylime fixes the following issues: - Update to version 0.2.7+141: CVE-2025-58266: shlex: Fixed command injection bsc1247193 - Update to version 0.2.7+117: CVE-2023-26964: rust-keylime: hyper,h2: stream stacking when H2 processing HTTP2 RSTSTREAM frames bsc1210344...
curl: Use after free (or assert triggered) with failed allocations in openssl
Summary: summary of the vulnerability A heap use after free or assertion can be triggered if some allocations fail I am not sure you consider allocations failures to be part of security issues, and I am not sure the issue lies in curl or in openssl, but I still think you want something to be fixe...
SUSE-SU-2025:01662-1 Security update for python-cryptography
This update for python-cryptography fixes the following issues: - CVE-2025-3416: openssl: use-after-free in Md::fetch and Cipher::fetch when Some... value passed as properties argument to either function bsc1242631...
Security update for python-maturin
This update for python-maturin fixes the following issues: CVE-2025-3416: openssl: use-after-free in Md::fetch and Cipher::fetch when Some... value passed as properties argument to either function bsc1242631. CVE-2025-4574: crossbeam-channel: double-free leading to possible memory corruption in...
CVE-2025-24898 rust openssl ssl::select_next_proto use after free
rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than th...