11 matches found
OESA-2026-2508 qt6-qtbase security update
Qt is a software toolkit for developing applications. Security Fixes: An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network qtbase in Qt Qt Framework Unix allows a local attacker to load a rogue CA certificate as a trusted system authority via a crafted...
EulerOS 2.0 SP13 : glib-networking (EulerOS-SA-2026-1273)
According to the versions of the glib-networking package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : glib-networking's OpenSSL backend fails to properly check the return value of a call to BIOwrite, resulting in an out of bounds...
RHEL 9 : libssh (RHSA-2026:0430)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0430 advisory. libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: Invalid...
RHEL 9 : libssh (RHSA-2026:0428)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:0428 advisory. libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: Invalid...
CLSA-2025-1765231763 golang: Fix of 3 CVEs
Update to Go 1.22.9 - Remove CVE-2024-34155, CVE-2024-34156, and CVE-2024-34158 patches - Remove fix-standard-crypto-panic.patch no longer needed - Add disablestatictestspart1.patch and disablestatictestspart2.patch to disable OpenSSL backend for static builds - Add...
EUVD-2025-31120
Malicious code in bioql PyPI...
CVE-2025-60018
glib-networking's OpenSSL backend fails to properly check the return value of a call to BIOwrite, resulting in an out of bounds read...
CVE-2025-60019
The CVE pertains to glib-networking’s OpenSSL backend, where memory allocation return values are not properly checked. This can allow an out-of-memory condition to lead to writing to an invalid memory location. Several OSV advisories (OESA-2025-2832, 2831, 2830, 2399, 2398, 2397) explicitly docum...
Libssh: invalid return code for chacha20 poly1305 with openssl backend
...
curl: Inferior OCSP verification
Libcurl offers "OCSP stapling" via the CURLOPTSSLVERIFYSTATUS option. When set, libcurl verifies the OCSP response that a server responds with as part of the TLS handshake. It then aborts the TLS negotiation if something is wrong with the response. The same feature can be enabled with --cert-stat...
EulerOS 2.0 SP1 : curl (EulerOS-SA-2016-1074)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that the libcurl library did not prevent TLS session resumption when the client certificate had changed. An attacker could potentiall...