GHSA-V446-XWFM-X7MR vulnerabilities

Vulnerabilities for packages: openssl...

CLSA-2026-1779181743 pyOpenSSL: Fix of CVE-2026-27448

CVE-2026-27448: fix fail-open in settlsextservernamecallback when callback raises exception...

CVE-2026-37554

An issue was discovered in Vanetza V2X v26.02 allowing remote unauthorized attackers to cause a denial of service. The vulnerability exists in the GeoNetworking packet processing pipeline where OpenSSL exceptions from ECC point validation invalid compressed point, point not on curve are not...

ROS-20260420-73-0012

A vulnerability in the OpenSSL library's PKCS12 file format parsing code is related to insufficient checking for unusual or exceptional states. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

wolfSSL 安全漏洞

wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, aimed at developers working with embedded systems. wolfSSL has a security vulnerability that stems from an integer underflow issue during the parsing of X.509 certificates, which may le...

wolfSSL 安全漏洞

wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, aimed at developers working with embedded systems. wolfSSL has security vulnerabilities; these vulnerabilities stem from the lack of checks for hash digest size and OID. This could lead...

CLSA-2026-1773669005 compat-openssl11: Fix of CVE-2025-69419

CVE-2025-69419: fix heap buffer overflow in OPENSSLuni2utf8 via bmptoutf8...

CVE-2025-14406

Soda PDF Desktop Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Soda PDF Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system...

PDFsam Enhanced 代码问题漏洞

PDFsam Enhanced is a PDF editing and management tool from PDFsam, Inc. A code issue vulnerability exists in PDFsam Enhanced that stems from an OpenSSL configuration that loads configuration files from insecure locations, potentially resulting in local elevation of privilege...

EUVD-2019-14706

Malware in sbrugna...

EUVD-2019-14707

Malware in sbrugna...

CVE-2025-34203

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.1002 and Application versions prior to 20.0.2614 VA and SaaS deployments contain multiple Docker containers that include outdated, end-of-life, unsupported, or otherwise vulnerable third-party components examples:...

CVE-2025-34192

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.893 and Application versions prior to 20.0.2140 macOS/Linux client deployments are built against OpenSSL 1.0.2h-fips released May 2016, which has been end-of-life since 2019 and is no longer supported by the OpenSSL...

CVE-2025-42927

SAP NetWeaver AS Java application uses Adobe Document Service, installed with a vulnerable version of OpenSSL.Successful exploitation of known vulnerabilities in the outdated OpenSSL library would allow user with high system privileges to access and modify system information.This vulnerability ha...

UBUNTU-CVE-2025-27587

OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVPDigestSign API, and then using the private key to extract the K value nonce from the signatures. Next, based on the bit size of t...

The vulnerability in the x509_main function of the apps/x509.c module in the OpenSSL library allows a attacker to replace the trusted certificate.

The vulnerability of the x509main function in the apps/x509.c module of the OpenSSL library is related to errors in the certificate validation process. Exploiting this vulnerability could allow an attacker to replace the trusted certificate...

CVE-2019-5101

An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by...

CVE-2019-5102

An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by...

Picklescan Vulnerable to Exfiltration via DNS via linecache and ssl.get_server_certificate

Summary Picklescan does not detect malicious pickles that exfiltrate sensitive information via DNS after deserialization. Details picklescan’s blacklist can be bypassed to exfiltrate sensitive information like file contents, secrets, or credentials during model deserialization by leveraging...

CLSA-2024-1730801286 openssl: Fix of CVE-2024-5535

CVE-2024-5535: Validate provided client list in ssl/ssllib.c. Clarify SSLselectnextproto documentation...