Lucene search
K

54 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.7 views

SUSE SLES15 Security Update : openssl-3 (SUSE-SU-2026:2598-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2598-1 advisory. This update for openssl-3 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String...

8.8CVSS5.9AI score0.02719EPSS
Exploits0References25
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.7 views

SUSE SLES15: libopenssl-1_1-devel / libopenssl-1_1-devel-32bit / libopenssl1_1 / etc (SUSE-SU-2026:2614-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2614-1 advisory. - CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify bsc1266357. - CVE-2026-42766: Possible NULL Dereference in...

8.8CVSS7.2AI score0.02719EPSS
Exploits0References16
OSV
OSV
added 2026/06/24 9:2 a.m.2 views

SUSE-SU-2026:2614-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify bsc1266357. - CVE-2026-42766: Possible NULL Dereference in Password-Based CMS Decryption bsc1266349. - CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption bsc1266341....

8.8CVSS5.8AI score0.02719EPSS
Exploits0References11
OSV
OSV
added 2026/06/23 3:39 p.m.7 views

SUSE-SU-2026:2598-1 Security update for openssl-3

This update for openssl-3 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion bsc1266340. - CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption bsc1266341. - CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing...

8.8CVSS5.9AI score0.02719EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.7 views

Amazon Linux 2 : edk2, --advisory ALAS2-2026-3363 (ALAS-2026-3363)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3363 advisory. Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitiveelement whose content exceeds 2 gigabytes in length may cause a heap bufferover-read on 64-bit Unix and Unix-like...

8.8CVSS6.4AI score0.02719EPSS
Exploits0References12
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.21 views

Astra Linux – Vulnerability in Firefox

Parsing an indefinite SEQUENCE within an indefinite GROUP in ASN.1 could result in the parser accepting malformed ASN.1 syntax. This vulnerability affects Firefox versions earlier than 102...

9.8CVSS8.3AI score0.007EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2026/06/15 2:34 p.m.6 views

Security update for openssl-3

This update for openssl-3 fixes the following issues CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion bsc1266340. CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption bsc1266341. CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing...

8.2CVSS5.3AI score0.02719EPSS
Exploits0References32
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-34180

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer...

7.5CVSS5.7AI score0.00513EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2026/06/09 6:29 p.m.35 views

USN-8414-2: OpenSSL vulnerabilities

USN-8414-1 fixed several vulnerabilities in OpenSSL. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: Frank Buss discovered that OpenSSL had a heap buffer over-read in ASN.1 content parsing. An...

9.1CVSS6.1AI score0.02719EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/09 4:3 p.m.38 views

CVE-2026-34180 Heap Buffer Over-read in ASN.1 Content Parsing

Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer over-read on 64-bit Unix and Unix-like platforms. Impact summary: The heap buffer over-read may crash the application Denial of Service or to...

0.00513EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/16 10:4 p.m.61 views

CVE-2026-40253 openCryptoki: Memory safety vulnerabilities in BER/DER decoders in asn1.c

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. In versions 3.26.0 and below, the BER/DER decoding functions in the shared common library asn1.c accept a raw pointer but no buffer length parameter, and trust attacker-controlled BER length fields without validating them...

6.8CVSS0.0016EPSS
Exploits1References2
NVD
NVD
added 2026/04/10 4:17 a.m.4 views

CVE-2026-5188

An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name SAN extension of X.509 certificates. A malformed certificate can specify an entry length larger than the enclosing sequence, causing the internal length counter to wrap during parsing. This results in incorrect...

8.1CVSS0.00135EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/10 3:24 a.m.26 views

CVE-2026-5188 Integer underflow in X.509 SAN parsing in wolfSSL

An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name SAN extension of X.509 certificates. A malformed certificate can specify an entry length larger than the enclosing sequence, causing the internal length counter to wrap during parsing. This results in incorrect...

2.3CVSS0.00135EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.4 views

PT-2026-31861

Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name SAN extension of X.509 certificates. A malformed certificate can specify an entry length larger than the...

2.3CVSS5.8AI score0.00135EPSS
Exploits0References6
Hacker One
Hacker One
added 2026/03/20 7:14 a.m.10 views

curl: Function `do_pubkey()` can have out-of-bound read issue

Summary A 1-byte out-of-bounds heap read in dopubkey in lib/vtls/x509asn1.c. When parsing an RSA public key with a zero-length or all-zero modulus, the loop dereferences a pointer before checking bounds. Requires a non-OpenSSL TLS backend e.g., Mbed/Gnu. A certificate chain verification can trigg...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.5 views

Siemens SCALANCE and RUGGEDCOM Free of Memory not on the Heap (CVE-2024-6197)

libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort...

7.5CVSS6.8AI score0.04296EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.3 views

MiracleLinux 4 : nss-3.16.1-7.AXS4, nss-util-3.16.1-2.AXS4, nss-softokn-3.14.3-12.AXS4 (AXSA:2014-572:03)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2014-572:03 advisory. Description : Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server...

7.5CVSS7.1AI score0.1617EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

MiracleLinux 3 : nss-3.16.1-4.AXS3 (AXSA:2014-578:04)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2014-578:04 advisory. Description : Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server...

7.5CVSS7.1AI score0.1617EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/12/15 12:0 a.m.5 views

openSUSE 16 Security Update : go1.25 (openSUSE-SU-2025:20157-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025:20157-1 advisory. Update to go1.25.5. Security issues fixed: - CVE-2025-61729: crypto/x509: excessive resource consumption in printing error string for host...

7.5CVSS7.8AI score0.00626EPSS
Exploits2References45
Tenable Nessus
Tenable Nessus
added 2025/12/09 12:0 a.m.8 views

Amazon Linux 2023 : cni-plugins (ALAS2023-2025-1287)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1287 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL...

7.5CVSS7.3AI score0.00626EPSS
Exploits0References22
Rows per page
Query Builder