Lucene search
K

113 matches found

OSV
OSV
added last week2 views

SUSE-SU-2026:2648-1 Security update for openssl-3

This update for openssl-3 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion bsc1266340. - CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption bsc1266341. - CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing...

8.8CVSS6.3AI score0.02719EPSS
Exploits0References27
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.6 views

SUSE SLES15 Security Update : openssl-3 (SUSE-SU-2026:2393-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2393-1 advisory. This update for openssl-3 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String...

9.1CVSS5.9AI score0.02719EPSS
Exploits0References28
SUSE Linux
SUSE Linux
added 2026/06/15 8:6 a.m.9 views

Security update for openssl-3

This update for openssl-3 fixes the following issues CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion bsc1266340. CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption bsc1266341. CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing...

8.2CVSS5.4AI score0.02719EPSS
Exploits0References36
OSV
OSV
added 2026/06/12 12:26 p.m.11 views

OESA-2026-2651 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: When an application drives an AES-OCB context through the public EVPCipher one-shot interface, the application-supplied...

7.5CVSS5.7AI score0.0032EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.10 views

RockyLinux 9 : openssl (RLSA-2026:25239)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:25239 advisory. openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing CVE-2026-7383 openssl: OpenSSL: Denial of Service due to...

9.1CVSS6.2AI score0.02719EPSS
Exploits0References31
OSV
OSV
added 2026/06/11 10:2 a.m.3 views

SUSE-SU-2026:22100-1 Security update for openssl-3

This update for openssl-3 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion bsc1266340. - CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption bsc1266341. - CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing...

9.1CVSS5.3AI score0.02719EPSS
Exploits0References19
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.83 views

RHEL 9 : openssl (RHSA-2026:25239)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25239 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

9.1CVSS6AI score0.02719EPSS
Exploits0References32
AlmaLinux
AlmaLinux
added 2026/06/11 12:0 a.m.6 views

Important: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing CVE-2026-73...

9.1CVSS5.8AI score0.02719EPSS
Exploits0References32
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-45445

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: When an application drives an AES-OCB context through the public EVPCipher one-shot interface, the application-supplied initialisation vector IV ...

7.5CVSS5.8AI score0.0032EPSS
Exploits0References2
OSV
OSV
added 2026/06/09 5:17 p.m.9 views

ALPINE-CVE-2026-45445

Issue summary: When an application drives an AES-OCB context through the public EVPCipher one-shot interface, the application-supplied initialisation vector IV is silently discarded. Impact summary: Every message encrypted under the same key uses the same effective nonce regardless of the IV...

7.5CVSS5.8AI score0.0032EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/09 4:3 p.m.7 views

CVE-2026-45445

Issue summary: When an application drives an AES-OCB context through the public EVPCipher one-shot interface, the application-supplied initialisation vector IV is silently discarded. Impact summary: Every message encrypted under the same key uses the same effective nonce regardless of the IV...

7.5CVSS5.7AI score0.0032EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/09 4:3 p.m.39 views

CVE-2026-45445 AES-OCB IV Ignored on EVP_Cipher() Path

Issue summary: When an application drives an AES-OCB context through the public EVPCipher one-shot interface, the application-supplied initialisation vector IV is silently discarded. Impact summary: Every message encrypted under the same key uses the same effective nonce regardless of the IV...

0.0032EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2026/06/09 4:3 p.m.46 views

CVE-2026-45445

Issue summary: When an application drives an AES-OCB context through the public EVPCipher one-shot interface, the application-supplied initialisation vector IV is silently discarded. Impact summary: Every message encrypted under the same key uses the same effective nonce regardless of the IV...

7.5CVSS5.8AI score0.0032EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.12 views

PT-2026-47842

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description When using the AES-OCB cipher with the one-shot EVP Cipher interface, the application-supplied initialisation vector IV is silently discarded. This causes every message encrypted with the sam...

7.5CVSS5.6AI score0.00513EPSS
Exploits0References120
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 9 : openssl-3.0.1-41.el9 (AXSA:2022-3964:07)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3964:07 advisory. openssl: crehash script allows command injection CVE-2022-1292 openssl: Signer certificate verification returns inaccurate response when using...

10CVSS7AI score0.95764EPSS
Exploits6References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-6221

Malicious code in bioql PyPI...

5.3CVSS6.4AI score0.04425EPSS
Exploits0References32
Tenable Nessus
Tenable Nessus
added 2024/07/23 12:0 a.m.23 views

Siemens SIMATIC and SCALANCE Products Inadequate Encryption Strength (CVE-2022-2097)

AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of 'in place' encryption...

8.8CVSS6.8AI score0.04425EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.33 views

RHEL 9 : ovmf (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openssl: AES OCB fails to encrypt some bytes CVE-2022-2097 - openssl: timing attack in RSA Decryption...

7.5CVSS8.4AI score0.16195EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2023/12/27 12:0 a.m.46 views

NewStart CGSL MAIN 6.02 : openssl Multiple Vulnerabilities (NS-SA-2023-0074)

The remote NewStart CGSL host, running version MAIN 6.02, has openssl packages installed that are affected by multiple vulnerabilities: - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not properly sanitise shell...

10CVSS7.4AI score0.95764EPSS
Exploits6References5
Tenable Nessus
Tenable Nessus
added 2023/10/30 12:0 a.m.44 views

Ubuntu 22.04 LTS : Node.js vulnerabilities (USN-6457-1)

The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6457-1 advisory. Tavis Ormandy discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted...

10CVSS7.6AI score0.95764EPSS
Exploits8References5
Rows per page
Query Builder